Windows Analysis Report https://onedrive.live.com/view.aspx?resid=DEE5B7E6B473EA8!297&wdo=2&authkey=!AJzT10c65dPX7EI

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://onedrive.live.com/view.aspx?resid=DEE5B7E6B473EA8!297&wdo=2&authkey=!AJzT10c65dPX7EI

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://onedrive.live.com/redir?resid=DEE5B7E6B473EA8%21297&authkey=%21AJzT10c65dPX7EI&page=View&wd=target%28Quick%20Notes.one%7Cdae4515d-1fad-4794-ba15-9ed30915b9e1%2FTableTops%20Unlimited%202021%7Cda5c4bfd-33bd-403e-a141-aa9e59f4f25d%2F%29	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://rollingproductions.co/form/vendor/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Source: https://rollingproductions.co/form/vendor/

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 18336.3.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Source: https://rollingproductions.co/form/vendor/

Matcher: Template: microsoft matched

Phishing site detected (based on image similarity)

Source: https://rollingproductions.co/form/vendor/

Matcher: Found strong image similarity, brand: Microsoft image: 18336.3.img.2.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Invalid 'forgot password' link found

Source: https://rollingproductions.co/form/vendor/	HTTP Parser: Invalid link: Forgot my password
Source: https://rollingproductions.co/form/vendor/	HTTP Parser: Invalid link: Forgot my password

Found iframes

Source: https://www.ttucorp.com/	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&co=aHR0cHM6Ly93d3cudHR1Y29ycC5jb206NDQz&hl=en&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=lh2pb45igvi
Source: https://www.ttucorp.com/	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&co=aHR0cHM6Ly93d3cudHR1Y29ycC5jb206NDQz&hl=en&v=kcXVPRWG7fMILHmzon0--fD3&size=invisible&cb=lh2pb45igvi

No HTML title found

Source: https://rollingproductions.co/form/vendor/	HTTP Parser: HTML title missing
Source: https://rollingproductions.co/form/vendor/	HTTP Parser: HTML title missing
Source: https://www.ttucorp.com/	HTTP Parser: HTML title missing
Source: https://www.ttucorp.com/	HTTP Parser: HTML title missing

HTML body contains low number of good links

Source: https://rollingproductions.co/form/vendor/	HTTP Parser: Number of links: 0
Source: https://rollingproductions.co/form/vendor/	HTTP Parser: Number of links: 0

META author tag missing

Source: https://rollingproductions.co/form/vendor/	HTTP Parser: No <meta name="author".. found
Source: https://rollingproductions.co/form/vendor/	HTTP Parser: No <meta name="author".. found
Source: https://www.ttucorp.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.ttucorp.com/	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://rollingproductions.co/form/vendor/	HTTP Parser: No <meta name="copyright".. found
Source: https://rollingproductions.co/form/vendor/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ttucorp.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ttucorp.com/	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49967 version: TLS 1.2

Networking:

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Found strings which match to known social media urls

Source: data_2.1.dr	String found in binary or memory: !function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t:e.fluidvids=t()}(this,function(){"use strict";function e(e){return new RegExp("^(https?:)?//(?:"+d.players.join("|")+").*$","i").test(e)}function t(e,t){return parseInt(e,10)/parseInt(t,10)*100+"%"}function i(i){if((e(i.src)||e(i.data))&&!i.getAttribute("data-fluidvids")){var n=document.createElement("div");i.parentNode.insertBefore(n,i),i.className+=(i.className?" ":"")+"fluidvids-item",i.setAttribute("data-fluidvids","loaded"),n.className+="fluidvids",n.style.paddingTop=t(i.height,i.width),n.appendChild(i)}}function n(){var e=document.createElement("div");e.innerHTML="<p>x</p><style>"+o+"</style>",r.appendChild(e.childNodes[1])}var d={selector:["iframe","object"],players:["www.youtube.com","player.vimeo.com"]},o=[".fluidvids {","width: 100%; max-width: 100%; position: relative;","}",".fluidvids-item {","position: absolute; top: 0px; left: 0px; width: 100%; height: 100%;","}"].join(""),r=document.head||document.getElementsByTagName("head")[0];return d.render=function(){for(var e=document.querySelectorAll(d.selector.join()),t=e.length;t--;)i(e[t])},d.init=function(e){for(var t in e)d[t]=e[t];d.render(),n()},d}); equals www.youtube.com (Youtube)
Source: data_2.1.dr	String found in binary or memory: !function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t:e.fluidvids=t()}(this,function(){"use strict";function e(e){return new RegExp("^(https?:)?//(?:"+d.players.join("|")+").*$","i").test(e)}function t(e,t){return parseInt(e,10)/parseInt(t,10)*100+"%"}function i(i){if((e(i.src)||e(i.data))&&!i.getAttribute("data-fluidvids")){var n=document.createElement("div");i.parentNode.insertBefore(n,i),i.className+=(i.className?" ":"")+"fluidvids-item",i.setAttribute("data-fluidvids","loaded"),n.className+="fluidvids",n.style.paddingTop=t(i.height,i.width),n.appendChild(i)}}function n(){var e=document.createElement("div");e.innerHTML="<p>x</p><style>"+o+"</style>",r.appendChild(e.childNodes[1])}var d={selector:["iframe","object"],players:["www.youtube.com","player.vimeo.com"]},o=[".fluidvids {","width: 100%; max-width: 100%; position: relative;","}",".fluidvids-item {","position: absolute; top: 0px; left: 0px; width: 100%; height: 100%;","}"].join(""),r=document.head||document.getElementsByTagName("head")[0];return d.render=function(){for(var e=document.querySelectorAll(d.selector.join()),t=e.length;t--;)i(e[t])},d.init=function(e){for(var t in e)d[t]=e[t];d.render(),n()},d});/*! waitForImages jQuery Plugin 2016-01-04 */ equals www.youtube.com (Youtube)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

URLs found in memory or binary data

Source: angular.js.0.dr	String found in binary or memory: http://angularjs.org
Source: data_3.1.dr	String found in binary or memory: http://api.jqueryui.com/accordion/
Source: data_2.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: data_3.1.dr	String found in binary or memory: http://api.jqueryui.com/jQuery.widget/
Source: data_3.1.dr	String found in binary or memory: http://api.jqueryui.com/tabs/
Source: data_2.1.dr	String found in binary or memory: http://bas2k.ru/
Source: data_3.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
Source: data_2.1.dr	String found in binary or memory: http://code.google.com/p/jquery-appear/
Source: data_3.1.dr	String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: data_3.1.dr	String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: data_3.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: data_3.1.dr	String found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
Source: data_3.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: data_3.1.dr	String found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0
Source: data_3.1.dr	String found in binary or memory: http://crls.pki.goog/gts1c3/QOvJ0N1sT2A.crl0
Source: data_3.1.dr	String found in binary or memory: http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
Source: data_3.1.dr	String found in binary or memory: http://crls.pki.goog/gts1c3/fVJxbV-Ktmk.crl0
Source: data_3.1.dr	String found in binary or memory: http://ejohn.org/
Source: angular.js.0.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: data_2.1.dr	String found in binary or memory: http://greensock.com
Source: data_2.1.dr	String found in binary or memory: http://greensock.com/standard-license
Source: data_3.1.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: data_2.1.dr	String found in binary or memory: http://jquery.org/license
Source: data_2.1.dr	String found in binary or memory: http://jqueryui.com
Source: data_3.1.dr	String found in binary or memory: http://keith-wood.name/countdown.html
Source: data_3.1.dr	String found in binary or memory: http://keith-wood.name/licence.html)
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: data_3.1.dr	String found in binary or memory: http://malsup.com/jquery/block/
Source: data_3.1.dr	String found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f
Source: data_3.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: data_3.1.dr	String found in binary or memory: http://ocsp.digicert.com0F
Source: data_3.1.dr	String found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: data_3.1.dr	String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: data_3.1.dr	String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: data_3.1.dr	String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: data_3.1.dr	String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: data_3.1.dr	String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0M
Source: data_3.1.dr	String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: data_1.1.dr	String found in binary or memory: http://themeforest.net/user/select-themes
Source: data_1.1.dr	String found in binary or memory: http://tonda.select-themes.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: data_3.1.dr	String found in binary or memory: http://ubilabs.net
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: data_3.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: data_3.1.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-3.0.html
Source: data_2.1.dr, data_3.1.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: data_2.1.dr	String found in binary or memory: http://www.ianlunn.co.uk/
Source: data_2.1.dr	String found in binary or memory: http://www.ianlunn.co.uk/plugins/jquery-parallax/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: data_3.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: data_2.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Current Session.0.dr	String found in binary or memory: http://www.ttucorp.com/
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=5lcaos6DejOUWSZB49%2BiWw6mbvhJlOAwo6itDCkFHlpQ1jyOeg7qVwloX
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.icoSEG
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343
Source: data_1.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, manifest.json3.0.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: data_1.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js
Source: data_1.1.dr	String found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-GB&wrapperId=suites
Source: data_2.1.dr	String found in binary or memory: https://api.w.org/
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, manifest.json3.0.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://apis.google.com/
Source: mirroring_common.js.0.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: data_1.1.dr	String found in binary or memory: https://apis.google.com/js/platform.js
Source: data_1.1.dr	String found in binary or memory: https://apis.google.com/js/platform.js1
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161470241023_App_Scripts/Feedback/latest/Intl/en-gb/offi
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161470241023_App_Scripts/Feedback/latest/officebrowserfe
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161470241023_App_Scripts/wacairspaceanimationlibrary.js
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161470241023_resources/2057/progress.gif
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161470241023_resources/2057/wapsw.png?b=1601470241023
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.js
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.jsg
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h634B081C8DD46209_App_Scripts/2057/CommonIntl.js
Source: data_1.1.dr	String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h634B081C8DD46209_App_Scripts/2057/CommonIntl.js5
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/OneNoteSimplified.Wac.TellMeM
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/onenote-intl-mlr.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/onenote-intl-mlr.min.jsf
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/onenote-navpane-strings.min.j
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/onenote-ribbon-intl.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/onenote-ribbon-sprite-lazy.mi
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/osfruntime_strings.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/2057/osfruntime_strings.jsU
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/OfficeExtension.WacRuntime.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/OneNote.box4.dll2.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/OneNoteSimplified.Wac.TellMeSugges
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/appChrome.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/appChromeLazy.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/appIconsLazy.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/common.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/common50.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/common50.min.jsqu
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/navigation.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/navigation.min.jsj1
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/onenoteloadingspinner.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/onenoteloadingspinner.min.jsW
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreolazy.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreolazy.min.jsB
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreonavpane.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreonotebookpane.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreonotebookpane.min.jsN
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/oreosearchpane.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/osfruntime_ono.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/otelFullNext.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/suiteux-shell/js/suiteux.shell.con
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/suiteux-shell/js/suiteux.shell.cor
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/suiteux-shell/js/suiteux.shell.plu
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/suiteux-shell/strings/en-gb/shells
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/uiFabricLazy.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_App_Scripts/uiSlice20.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/Meetings_manifest.xml
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/Meetings_manifest.xml3
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/agavedefaulticon96x96.png
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/agavedefaulticon96x96.pngh
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/m2/ColumnSelect.cur
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/m2/ColumnSelect.cur7
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/m2/box42.png
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/m2/box43.png
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/m2/one.png
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/moe_status_icons.png
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/moeerrorux.css
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161470241023_resources/2057/progress.gif
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h02D2855C8A5417CD_resources/2057/Blank10x10.gif
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h02D2855C8A5417CD_resources/2057/Blank10x10.gifo;A
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h06FE78141D1F3A43_App_Scripts/Compat.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h1E02DD236AA1095D_App_Scripts/common.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h1EC49C7120425D0F_App_Scripts/2057/Box4Intl.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h3970ED1F2F0DE5B9_App_Scripts/OneNote.box4.dll1.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h47F4322F99F46093_App_Scripts/2057/WoncaIntl.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h47F4322F99F46093_App_Scripts/2057/WoncaIntl.jsWi2M
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h6D0E0E4D4B7CC565_resources/2057/OneNote.Refresh.css
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h6D0E0E4D4B7CC565_resources/2057/OneNote.Refresh.cssH
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h816A0F42A2BF4732_resources/2057/EditSurface.css
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h816A0F42A2BF4732_resources/2057/EditSurface.cssn
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h89EDB66D2A189EF4_App_Scripts/fonts/sharedheaderplaceholder
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h8B4ECD32C72DCD7C_App_Scripts/OneNote.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h8B4ECD32C72DCD7C_App_Scripts/OneNote.js#
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h8F800AEB9D180D26_App_Scripts/healthOffline.worker.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h8F800AEB9D180D26_App_Scripts/healthOffline.worker.min.jsGI
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h9B7802DB24B7D3FB_App_Scripts/2057/OneNoteIntl.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js=k
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hE5571A84E628B051_App_Scripts/wacBoot.min.js
Source: data_1.1.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hFC91EC898F55B8F2_App_Scripts/onenoteSync.min.js
Source: 000003.log6.0.dr	String found in binary or memory: https://c1-onenote-15.cdn.office.net:443/o/s/161470241023_
Source: data_1.1.dr	String found in binary or memory: https://c2-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: data_1.1.dr	String found in binary or memory: https://c2-onenote-15.cdn.office.net/o/s/h19E7C1840088466A_App_Scripts/onenote-boot.min.js
Source: data_1.1.dr	String found in binary or memory: https://c2-onenote-15.cdn.office.net/o/s/h19E7C1840088466A_App_Scripts/onenote-boot.min.jsGIF89a
Source: mirroring_common.js.0.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/BrowserUls.js
Source: data_1.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/BrowserUls.jsGIF89a
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/CommonDiagnostics.js
Source: data_1.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/CommonDiagnostics.jsx
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/ExternalResources/js-cookie.js
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/Instrumentation.js
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/LearningTools/LearningTools.js
Source: data_1.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/LearningTools/LearningTools.jsv
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/aria-web-telemetry-2.9.0.min.js
Source: data_1.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/aria-web-telemetry-2.9.0.min.js%
Source: data_1.1.dr, data_2.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/pickadate.min.js
Source: data_1.1.dr	String found in binary or memory: https://cdn.onenote.net/officeaddins/161470230350_Scripts/pickadate.min.js4
Source: Network Action Predictor.0.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: data_1.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.dr, manifest.json3.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: data_1.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js
Source: data_1.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js?hash=a3524221fb455028a2e01f0833955374
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIUCXUszW06HQgPEgk
Source: data_1.1.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCU7H5x14rgQNEgk
Source: data_1.1.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCW9RaD-ljAa9Egk
Source: data_1.1.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIqCUMt63w4MkDvEgk
Source: manifest.json3.0.dr	String found in binary or memory: https://content.googleapis.com
Source: 000003.log6.0.dr	String found in binary or memory: https://content.growth.office.net/mirrored/resources/programmablesurfaces/prod/officewebsurfaces.cor
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_2.1.dr, data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: data_2.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themescross-origin-resource-policy:cross-origincross-origin-open
Source: data_2.1.dr, data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha
Source: data_2.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/recaptchaCross-Origin-Resource-Policy:
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/recaptchacross-origin-resource-policy:cross-origincross-origin-opener
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/recaptcha
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/recaptchaX
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/recaptcha_
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190430033309/ttu-logo-large-new.png
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190502234305/footer-cards.png
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190502234305/footer-cards.png8
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503044755/INT2969_WEBSITEIMAGES_21-192
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503053253/INT2969_WEBSITEIMAGES_24-630
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503053847/INT2969_WEBSITEIMAGES_25-630
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503054332/INT2969_WEBSITEIMAGES_26-630
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503060452/INT2969_WEBSITEIMAGES_23-630
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503060929/INT2969_WEBSITEIMAGES_22-630
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503082942/INT2969_WEBSITEIMAGES_19-189
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503083144/INT2969_WEBSITEIMAGES_20-189
Source: data_1.1.dr	String found in binary or memory: https://d3v4i80726wzko.cloudfront.net/wp-content/uploads/20190503083202/INT2969_WEBSITEIMAGES_1890x1
Source: data_3.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: d4530721-f181-4df1-a2c6-ed1a3f15b0c8.tmp.1.dr, 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 006a602e-5399-4480-908f-6b1157b1b6f8.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr	String found in binary or memory: https://docs.google.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: manifest.json3.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: data_1.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%7COpen
Source: data_1.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Poppins:500%7COpen
Source: manifest.json3.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z11lFc-K.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z11lFc-K.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2)
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z11lFc-K.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2)
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJbecmNE.woff2)
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2%a
Source: manifest.json3.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: data_3.1.dr	String found in binary or memory: https://github.com/Prinzhorn/skrollr
Source: data_3.1.dr	String found in binary or memory: https://github.com/alvarotrigo/multiscroll.js
Source: material_css_min.css.0.dr	String found in binary or memory: https://github.com/angular/material
Source: data_2.1.dr	String found in binary or memory: https://github.com/bas2k/jquery.appear/
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: data_3.1.dr	String found in binary or memory: https://github.com/imakewebthings/jquery-waypoints/blob/master/licenses.txt
Source: data_2.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: data_2.1.dr	String found in binary or memory: https://github.com/toddmotto/fluidvids
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json3.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_3.1.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1636384757&rver=7.3.6962.0&wp=MBI_SSL&wre
Source: mirroring_common.js.0.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: 000003.log6.0.dr	String found in binary or memory: https://onedrive.live.com
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.com/
Source: data_1.1.dr	String found in binary or memory: https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0
Source: data_1.1.dr	String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-GB&group=GroupFolders&v=19.773.0927.2003&
Source: data_1.1.dr	String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-GB&group=Office&v=19.773.0927.2003&useReq
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.com/redir?resid=DEE5B7E6B473EA8%21297&authkey=%21AJzT10c65dPX7EI&page=View&wd=
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.com/view.aspx?resid=DEE5B7E6B473EA8
Source: data_3.1.dr	String found in binary or memory: https://onedrive.live.comX-Content-Type-Options:
Source: Current Session.0.dr	String found in binary or memory: https://onedrive.live.comh
Source: 000003.log6.0.dr	String found in binary or memory: https://onenote.officeapps.live.com
Source: QuotaManager.0.dr, index.txt.tmp.0.dr	String found in binary or memory: https://onenote.officeapps.live.com/
Source: QuotaManager.0.dr	String found in binary or memory: https://onenote.officeapps.live.com//.
Source: data_1.1.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/AddinServiceHandler.ashx?action=laststoreupdate&app=4&lc=EN-GB
Source: data_1.1.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/AppSettingsHandler.ashx?app=OneNote&usid=bbb5aa22-1a67-4a19-93
Source: data_1.1.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/App_Scripts/Acl/Acl1033.js
Source: data_1.1.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/GetImage.ashx?&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fw
Source: Current Session.0.dr	String found in binary or memory: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-GB&rs=en-US&hid=G%2BisbB6Yckeez
Source: data_2.1.dr, data_3.1.dr	String found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Headers:
Source: data_3.1.dr	String found in binary or memory: https://onenote.officeapps.live.comAccess-Control-Allow-Methods:
Source: data_1.1.dr	String found in binary or memory: https://p.sfx.ms//storage/aria-2.5.0.min.js
Source: data_1.1.dr	String found in binary or memory: https://p.sfx.ms/is/invis.gif
Source: data_1.1.dr	String found in binary or memory: https://p.sfx.ms/is/invis.gifb
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: data_3.1.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://rollingproductions.co/
Source: Current Session.0.dr, data_1.1.dr	String found in binary or memory: https://rollingproductions.co/form/vendor/
Source: data_1.1.dr	String found in binary or memory: https://rollingproductions.co/form/vendor/GIF89a
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.1.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootInfo/consumer/OneShell/en-gb
Source: data_1.1.dr	String found in binary or memory: https://shell.cdn.office.net/api/ShellBootInfo/consumer/OneShell/en-gbJ
Source: Current Session.0.dr, data_1.1.dr	String found in binary or memory: https://skyapi.onedrive.live.com/api/proxy?v=3
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filesbucket3
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss1-11
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss2-78
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//maincss-3d63
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/jquery-1.7.2-
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac0-efa56458
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac1-cdc297b4
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac2-bf8b3319
Source: data_1.1.dr	String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac_s_office-
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: data_1.1.dr	String found in binary or memory: https://ssl.google-analytics.com/ga.js
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr	String found in binary or memory: https://stats.g.doubleclick.net
Source: data_1.1.dr	String found in binary or memory: https://storage.live.com/mydata/myprofile/expressionprofile/profilephoto:UserTileStatic
Source: messages.json15.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json15.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_2.1.dr	String found in binary or memory: https://ttucorp.com/
Source: 000003.log5.0.dr	String found in binary or memory: https://ttucorp.com/cart/
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.4L
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24%
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/js/jquery.easing.min.js?ver=1.4.1
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/js/jquery.fancybox.min.js?ver=1.3.24
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/js/jquery.fancybox.min.js?ver=1.3.24I
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min.js?ver=3.1.13
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min.js?ver=3.1.13z
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.7
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.7)
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/lib/prettyphoto/js/jquery.prettyPhoto.min.
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/js_composer/assets/lib/waypoints/waypoints.min.js?ver=5.7
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3V
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.la
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.na
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.pa
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.sl
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.j
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/countdown/assets/js/plugins/jquery.coun
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/counter/assets/js/plugins/absoluteCount
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/counter/assets/js/plugins/counter.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/custom-font/assets/js/plugins/typed.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/full-screen-sections/assets/js/plugins/
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/pie-chart/assets/js/plugins/easypiechar
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-core/shortcodes/vertical-split-slider/assets/js/plugins
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-membership/assets/css/membership-responsive.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-membership/assets/css/membership.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/tonda-membership/assets/js/membership.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woochimp/assets/css/skins/woochimp_skin_2.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woochimp/assets/css/style.css?ver=1.4.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woochimp/assets/js/woochimp-frontend.js?ver=1.4.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woochimp/assets/js/woochimp-frontend.js?ver=1.4.3dJ
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce-gateway-authorize-net-aim/assets/js/frontend/wc-a
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce-gateway-authorize-net-aim/lib/skyverge/woocommerc
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/css/prettyPhoto.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?v
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.7.0
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.7.
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/single-product.min.js?ver=3.7.
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.7.0
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.7.0-Z
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ve
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/jquery-payment/jquery.payment.min.js?ve
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?v
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js?ver=4.0.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js?ver=4.0.3c
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-quick-view/assets/css/yith-quick-view.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-quick-view/assets/css/yith-quick-view.cssA
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-quick-view/assets/js/frontend.min.js?ver=1.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css/font-awesome.min.css?ver
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=2.2.13
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=2.2.136t
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?v
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.js?ver=2
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda-child/style.css?c=2
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/elegant-icons/fonts/ElegantIcons.woff
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/elegant-icons/style.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/font-awesome/css/font-awesome.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/font-awesome/fonts/fontawesome-webfont.woff2?
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/ion-icons/css/ionicons.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/ion-icons/fonts/ionicons.ttf?v=2.0.0
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/ion-icons/fonts/ionicons.ttf?v=2.0.0P
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/linear-icons/fonts/Linearicons-Free.woff2?w11
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/linear-icons/style.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/linear-icons/style.css&
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/modules-responsive.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/modules-responsive.min.cssg)#
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/modules.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/style_dynamic_responsive.css?ver=1557889903
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/woocommerce-responsive.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/css/woocommerce.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules.min.jss
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/ScrollToPlugin.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/fluidvids.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.appear.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.easing.1.3.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.geocomplete.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.geocomplete.min.jsz
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.plugin.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.waitforimages.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/jquery.waitforimages.jspr
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/modernizr.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/owl.carousel.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/packery-mode.pkgd.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/parallax.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/assets/js/modules/plugins/perfect-scrollbar.jquery.min.j
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/themes/tonda/style.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-content/uploads/js_composer/js_composer_front_custom.css?ver=5.7
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/css/dist/block-library/style.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/css/dist/block-library/style.min.css/
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/hoverIntent.min.js?ver=1.8.1
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/accordion.min.js?ver=1.11.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/accordion.min.js?ver=1.11.4D
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4WEM
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js/
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1X
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/wp-mediaelement.min.css
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/wp-mediaelement.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/mediaelement/wp-mediaelement.min.jszD
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/underscore.min.js?ver=1.8.3
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/wp-embed.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/wp-emoji-release.min.js
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/wp-emoji-release.min.js7
Source: data_1.1.dr	String found in binary or memory: https://ttucorp.com/wp-includes/js/wp-util.min.js
Source: data_2.1.dr	String found in binary or memory: https://ttucorp.com/wp-json/
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: data_3.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: 000003.log6.0.dr	String found in binary or memory: https://www.google.com
Source: 000003.log5.0.dr, manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: data_1.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&ver=3.0
Source: data_1.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&ver=3.0U
Source: data_1.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: Current Session.0.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&co=aHR0
Source: data_1.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=kcXVPRWG7fMILHmzon0--fD3
Source: data_1.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=kcXVPRWG7fMILHmzon0--fD3I
Source: feedback_script.js.0.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json3.0.dr	String found in binary or memory: https://www.google.com;
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json3.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 1a42d105-4e84-4af2-8d75-016bbc07589a.tmp.1.dr, 66e5e969-f6ad-4881-92a5-340c37bbb063.tmp.1.dr, c227e6f5-3b97-4718-8691-ce563c9a5ecb.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: data_1.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
Source: data_1.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.pngR4
Source: data_1.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/recaptcha__en.js
Source: data_1.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/styles__ltr.css
Source: data_1.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/kcXVPRWG7fMILHmzon0--fD3/styles__ltr.cssFZ=
Source: manifest.json3.0.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log6.0.dr	String found in binary or memory: https://www.onenote.com
Source: 000003.log5.0.dr	String found in binary or memory: https://www.onenote.com/
Source: Current Session.0.dr, data_1.1.dr	String found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=
Source: 000003.log6.0.dr	String found in binary or memory: https://www.ttucorp.com
Source: 000003.log5.0.dr, Network Action Predictor.0.dr, Current Session.0.dr, data_1.1.dr	String found in binary or memory: https://www.ttucorp.com/
Source: Current Session.0.dr	String found in binary or memory: https://www.ttucorp.com/;
Source: Current Session.0.dr	String found in binary or memory: https://www.ttucorp.com/;Cookware
Source: data_1.1.dr	String found in binary or memory: https://www.ttucorp.com/Cache-Control:
Source: data_1.1.dr	String found in binary or memory: https://www.ttucorp.com/favicon.ico
Source: Current Session.0.dr	String found in binary or memory: https://www.ttucorp.comh

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: onedrive.live.com

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: xid=92c5d3f5-4dab-431d-ac2d-49ff1b723d0c&&RDE42AAC9406C1&360; wla42=; mkt=en-GB; xidseq=2; E=P:9PpIGsui2Yg=:/HqGcPEsqp6mkZPK1MY5j8ynGfqqaVPz9fCx5Nr3py0=:F
Source: global traffic	HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1636384756853 HTTP/1.1Host: storage.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: xid=92c5d3f5-4dab-431d-ac2d-49ff1b723d0c&&RDE42AAC9406C1&360; wla42=; mkt=en-GB; xidseq=2; E=P:9PpIGsui2Yg=:/HqGcPEsqp6mkZPK1MY5j8ynGfqqaVPz9fCx5Nr3py0=:F; BP=l=SDX.Skydrive&FR=&ST=; MUID=385D304C7CDC6CC203EB20A578DC684B
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /form/vendor/ HTTP/1.1Host: rollingproductions.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://rollingproductions.coUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rollingproductions.co/form/vendor/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: aadcdn.msftauth.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.ttucorp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.3.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver=1.2.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=2.2.13 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /js/platform.js HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-membership/assets/css/membership.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-membership/assets/css/membership-responsive.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woochimp/assets/css/style.css?ver=1.4.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woochimp/assets/css/skins/woochimp_skin_2.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-quick-view/assets/css/yith-quick-view.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/style.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda-child/style.css?c=2 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/modules.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/font-awesome/css/font-awesome.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/elegant-icons/style.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/ion-icons/css/ionicons.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/linear-icons/style.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/woocommerce.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/modules-responsive.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/woocommerce-responsive.min.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/style_dynamic_responsive.css?ver=1557889903 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-gateway-authorize-net-aim/lib/skyverge/woocommerce/payment-gateway/assets/css/frontend/sv-wc-payment-gateway-payment-form.min.css?ver=4.7.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/js_composer/js_composer_front_custom.css?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woochimp/assets/js/woochimp-frontend.js?ver=1.4.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/css/prettyPhoto.css HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?ver=1.2.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.js?ver=2.2.13 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=6LdB1ugUAAAAAB1Et-FDaYGbmKyWVLMkviNHi7e2&ver=3.0 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: NID=511=DdSfkc4QMrhf0GjEejHgnstUTg2c-YneRr_wXzIeGcJXsOG5dl3mDq9OX2givnhc-2EvnZFJhQwNRyU3qQUBc-7kARK8daIfWoyPKBbjG4udgW-6Yw1qlyg_rOTCRWe8Fp-oXCxxh0EutkW3UnBAI4eZ0VNA-gj-J-OwOJQsM9A
Source: global traffic	HTTP traffic detected: GET /s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%7COpen+Sans%3A300%2C400%2C500%2C600&subset=latin-ext&ver=1.0.0Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190430033309/ttu-logo-large-new.png HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503082942/INT2969_WEBSITEIMAGES_19-1890x1100.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503083202/INT2969_WEBSITEIMAGES_1890x1100.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/linear-icons/fonts/Linearicons-Free.woff2?w118d HTTP/1.1Host: ttucorp.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ttucorp.com/wp-content/themes/tonda/assets/css/linear-icons/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ttucorp.com/wp-content/themes/tonda/assets/css/font-awesome/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/elegant-icons/fonts/ElegantIcons.woff HTTP/1.1Host: ttucorp.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ttucorp.com/wp-content/themes/tonda/assets/css/elegant-icons/style.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/css/ion-icons/fonts/ionicons.ttf?v=2.0.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ttucorp.com/wp-content/themes/tonda/assets/css/ion-icons/css/ionicons.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%7COpen+Sans%3A300%2C400%2C500%2C600&subset=latin-ext&ver=1.0.0Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503083144/INT2969_WEBSITEIMAGES_20-1890x1100.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503060929/INT2969_WEBSITEIMAGES_22-630x375.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%7COpen+Sans%3A300%2C400%2C500%2C600&subset=latin-ext&ver=1.0.0Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503060452/INT2969_WEBSITEIMAGES_23-630x3751.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503054332/INT2969_WEBSITEIMAGES_26-630x375.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503053253/INT2969_WEBSITEIMAGES_24-630x375.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ga.js HTTP/1.1Host: ssl.google-analytics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/underscore.min.js?ver=1.8.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-7528776-1&cid=2067470840.1636384772&jid=1552750421&_v=5.7.2&z=115544500 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503053847/INT2969_WEBSITEIMAGES_25-630x375.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-membership/assets/js/membership.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190502234305/footer-cards.png HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/yith-woocommerce-quick-view/assets/js/frontend.min.js?ver=1.3.13 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/accordion.min.js?ver=1.11.4 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/mediaelement/wp-mediaelement.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/jquery.appear.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/modernizr.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/hoverIntent.min.js?ver=1.8.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/jquery.plugin.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/owl.carousel.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/waypoints/waypoints.min.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/fluidvids.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /en_US/sdk.js HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /en_US/sdk.js?hash=a3524221fb455028a2e01f0833955374 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveOrigin: https://www.ttucorp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/prettyphoto/js/jquery.prettyPhoto.min.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/perfect-scrollbar.jquery.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/ScrollToPlugin.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/parallax.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/jquery.waitforimages.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/jquery.easing.1.3.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/packery-mode.pkgd.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/tonda/assets/js/modules/plugins/jquery.geocomplete.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/countdown/assets/js/plugins/jquery.countdown.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/counter/assets/js/plugins/counter.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/counter/assets/js/plugins/absoluteCounter.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/custom-font/assets/js/plugins/typed.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/full-screen-sections/assets/js/plugins/jquery.fullPage.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/pie-chart/assets/js/plugins/easypiechart.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/tonda-core/shortcodes/vertical-split-slider/assets/js/plugins/jquery.multiscroll.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/select2/select2.full.min.js?ver=4.0.3 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/jquery-payment/jquery.payment.min.js?ver=3.0.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-gateway-authorize-net-aim/lib/skyverge/woocommerce/payment-gateway/assets/js/frontend/sv-wc-payment-gateway-payment-form.min.js?ver=4.7.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce-gateway-authorize-net-aim/assets/js/frontend/wc-authorize-net-aim.min.js?ver=3.12.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-fancybox/js/jquery.fancybox.min.js?ver=1.3.24 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-fancybox/js/jquery.easing.min.js?ver=1.4.1 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min.js?ver=3.1.13 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-embed.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer/assets/lib/bower/skrollr/dist/skrollr.min.js?ver=5.7 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-util.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=3.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/single-product.min.js?ver=3.7.0 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.slideanims.min.js?version=5.4.8 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.layeranimation.min.js?version=5.4.8 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.navigation.min.js?version=5.4.8 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/public/assets/js/extensions/revolution.extension.parallax.min.js?version=5.4.8 HTTP/1.1Host: ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/20190503044755/INT2969_WEBSITEIMAGES_21-1920x1100.jpg HTTP/1.1Host: d3v4i80726wzko.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.ttucorp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ttucorp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: __utma=69133268.2067470840.1636384772.1636384772.1636384772.1; __utmc=69133268; __utmz=69133268.1636384772.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=69133268.|1=logged-in=no=1; __utmt=1; __utmb=69133268.1.10.1636384772
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.ttucorp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49967 version: TLS 1.2

System Summary:

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://onedrive.live.com/view.aspx?resid=DEE5B7E6B473EA8!297&wdo=2&authkey=!AJzT10c65dPX7EI
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,8635849486097007892,2611066637864603376,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,8635849486097007892,2611066637864603376,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found detection on Joe Sandbox Cloud Basic with higher score

Source: https://onedrive.live.com/view.aspx?resid=DEE5B7E6B473EA8!297&wdo=2&authkey=!AJzT10c65dPX7EI

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61893FE4-1B08.pma

Jump to behavior

Creates temporary files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\1bd54b7a-3f3f-4e37-b61c-8f8f24402269.tmp

Jump to behavior

Classification label

Source: classification engine

Classification label: mal80.phis.win@33/269@30/19

SQL strings found in memory and binary data

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected