Windows Analysis Report
ATT60255.HTM

Overview

General Information

Sample name:	ATT60255.HTM
Analysis ID:	1500134
MD5:	45a5630a8866c09a1ebbf976cd4063b8
SHA1:	016e3ac60bbc732a6ec220b9e9e61b07e5efda76
SHA256:	4fbc40af35b1a3e69cf0adf2bf86a06d750babffcbce39650dbded3e11de0433
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

HTML file submission requesting Cloudflare captcha challenge

Yara detected HtmlPhish10

HTML IFrame injector detected

HTML Script injector detected

HTML file submission containing password form

HTML page contains suspicious base64 encoded javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://kpl2.r04ar2.com/ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/90e3UQoFnPZnefHhdNMQPyz73	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/90BLxVXhpRTD45c1Cvst53	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/12HMveiyHPabpIUo8913	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/12Vj5xeItpngol5p78GsRYKIFop50	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/xy7B16Rpqjcafef30	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/rsudZieQRPg934N9fbuv40	Avira URL Cloud: Label: phishing
Source: https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/eflbaMIh8KvYQ56Fw0I2qKmn100	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/45lL7KipMN4YrD89WlFkKCVxy70	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au	Avira URL Cloud: Label: phishing
Source: https://nse.idwp.ru/srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40	Avira URL Cloud: Label: malware
Source: https://kpl2.r04ar2.com/apsDh9aBaVhYjUySTyaOt7dEJs5t	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb	Avira URL Cloud: Label: phishing
Source: https://wox.dultzman.ru/yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.6.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: New IFrame, src: https://href.li/?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://code.jquery.com/jquery-3.6.0.min.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://code.jquery.com/jquery-3.6.0.min.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

HTML page contains suspicious base64 encoded javascript

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Base64 decoded: <script>

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	Matcher: Template: microsoft matched
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	Matcher: Template: microsoft matched

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW

HTTP Parser: var websitenames = ["godaddy", "okta"];var capnum = 1;var appnum = 1;var view = "";var pagelinkval = "vx4ff";var emailcheck = "natasha.hammond@lchs.com.au";var webname = "rtrim(/web8/, '/')";var urlo = "lvytc1gayeghfhs4njumnmax70plgnrgw39kizb";var gdf = "ijq0gxuthn3eysabiuvx9qo9lb6ksy0fmmudab120";var odf = "ijtjphirgnsek0kkai7qthcoj6na6uvtquurwjypp30cyucd650";var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";let useragent = navigator.useragent;let browsername;let userip;let usercountry;var errorcodeexecuted = false;if(useragent.match(/chrome|chromium|crios/i)){ browsername = "chrome";} else if(useragent.match(/firefox|fxios/i)){ browsername = "firefox";} else if(useragent.match(/safari/i)){ browsername = "safari";} else if(useragent.match(/opr\//i)){ browsername = "opera";} else if(useragent.match(/edg/i)){ browsername = "edge";} else{ browsername="no browser detection";}function encryptdata(data) { const key = cryptoj...

HTML body contains password input but no form action

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: ATT60255.HTM

HTTP Parser: Base64 decoded: https://href.li/?https://KPL2.r04ar2.com/KPL2/

HTML title does not match URL

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Title: mIquPOSkDYMvm3Vd does not match URL

Invalid T&C link found

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Privacy & cookies

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: <input type="password" .../> found

Source: ATT60255.HTM	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49887 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:65237 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.26.1.100 104.26.1.100
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: FASTLYUS FASTLYUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: href.liConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC HTTP/1.1Host: wox.dultzman.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://kpl2.r04ar2.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC HTTP/1.1Host: wox.dultzman.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8b9f6497ee820fa4/1724796641793/1d41b0915d96664d4c421588daa101f93a8179105dc076a56dbf01d319f547c8/wIkiMbIg4-l0Z4N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oOFFLGOpXKGaktU&MD=FTxB8uzd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.auAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilg5dHZRdjE0RXpLUlBWc3Z4RmlLZGc9PSIsInZhbHVlIjoiUkNqelFSckNwampGVlJkTHZZa2M4alBPSDEzenJhNUFGZmxQQ3hsRFJDalJ6UmlSL1d0ZkJvdUdlVjJ6U2ltRnBKQ0RRcW9zdTVpSmVSeHlVSHJOMmhONkpRSHI4WXhJRkhMamhqSGtSWWZ5Z01tY205VStIQmN2MWFsSlROekoiLCJtYWMiOiJiYjFjMTMzZDY3MzIwYWJhNGQ2NzlhZDk1Zjg1ODdhNmRmZWQ2MjU0ZWYwYjAyM2NhYThjODk5MjNlZDA5MTI2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InFITXRydUdscmhaaEp2cXhYbEZXNUE9PSIsInZhbHVlIjoiNnJaR2I0Sk5IeEVLWW5aSWFVMGc0TFJ1L1JzWHdraVFxOFIrb1BQOGN6RytQS0lhMk5kNTBkakJKdHJ1bUI2UldoNnFhajJqQk1RVktSWWxhaTJvYSs3WU5GSHNid3dpTjQyZEY4WWhWVXl1WGdYWEpoOHU2UDZ5T25DR1pjeUQiLCJtYWMiOiI0OWRmMTA1NmQ5ZTI4M2ZhZDgwOTZjMjdlZjU4ZDZjMWQxYTI5NDE4ZGE4ZDRiNTQxZmY5M2JkYWYwMzRiMTYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /apsDh9aBaVhYjUySTyaOt7dEJs5t HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilg5dHZRdjE0RXpLUlBWc3Z4RmlLZGc9PSIsInZhbHVlIjoiUkNqelFSckNwampGVlJkTHZZa2M4alBPSDEzenJhNUFGZmxQQ3hsRFJDalJ6UmlSL1d0ZkJvdUdlVjJ6U2ltRnBKQ0RRcW9zdTVpSmVSeHlVSHJOMmhONkpRSHI4WXhJRkhMamhqSGtSWWZ5Z01tY205VStIQmN2MWFsSlROekoiLCJtYWMiOiJiYjFjMTMzZDY3MzIwYWJhNGQ2NzlhZDk1Zjg1ODdhNmRmZWQ2MjU0ZWYwYjAyM2NhYThjODk5MjNlZDA5MTI2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InFITXRydUdscmhaaEp2cXhYbEZXNUE9PSIsInZhbHVlIjoiNnJaR2I0Sk5IeEVLWW5aSWFVMGc0TFJ1L1JzWHdraVFxOFIrb1BQOGN6RytQS0lhMk5kNTBkakJKdHJ1bUI2UldoNnFhajJqQk1RVktSWWxhaTJvYSs3WU5GSHNid3dpTjQyZEY4WWhWVXl1WGdYWEpoOHU2UDZ5T25DR1pjeUQiLCJtYWMiOiI0OWRmMTA1NmQ5ZTI4M2ZhZDgwOTZjMjdlZjU4ZDZjMWQxYTI5NDE4ZGE4ZDRiNTQxZmY5M2JkYWYwMzRiMTYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.auAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImVBdVp1aGc1THQzSVd3TlMzMENXZkE9PSIsInZhbHVlIjoia0pRdkVGUlVUdVRSZi9RYjZic29scm1RNFlUUEg2V2FraXRYQ0ppSGhCT0pLSS81QXVIZlN4dENoMHk5dzJqSVdqTjRrSlE3U0Q2cWVTdGw1eUdTc3JXUnB5OTk3TWFMN0RMRTlHem9jR3NvU05FSXFrbHRZaURVUWhlaTJKLzAiLCJtYWMiOiIxZGFhMzc3ZGYxOGI3N2QxOTA5MzNlM2EyYzkzOGNkOWJiOGE2ZmZmNzg3N2U3ZjVhNDFjN2E0ODk1MWMwMjQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImYrMWdKT1puUkVyRUVNM09uUWJpelE9PSIsInZhbHVlIjoiSWpaSFRkR1lqM2h0b2xIbHllNXRvRkVDMjZSaDRoWDMwd0tSRlFVTFdveitCTHhBR3N3OXhrVDBTNkxqME5NYm5iWjE0dnNUSzlJTnUvUFlMSTA5cFpycEJ4eU03dWFsUTVNdVZTbGZ0ajl2QWt3TUlMeDIwckpUMHk4a2M3VVUiLCJtYWMiOiI4ODI2OTZiOTlhNzk3OTQyYzlhZmMyODY0ZWJkMzgyOTJlMTFmMTNmNDE2NDg2YTRiMmFjMWI2ZTA2YzExZDhiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /12HMveiyHPabpIUo8913 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /xy7B16Rpqjcafef30 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsudZieQRPg934N9fbuv40 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /12Vj5xeItpngol5p78GsRYKIFop50 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /90BLxVXhpRTD45c1Cvst53 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /45lL7KipMN4YrD89WlFkKCVxy70 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240827%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240827T221107Z&X-Amz-Expires=300&X-Amz-Signature=af9a21034bb5e7fe65ef996d782a724b97119aa5e47467ec39a4e165ad0b1acb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2925284&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /90e3UQoFnPZnefHhdNMQPyz73 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /eflbaMIh8KvYQ56Fw0I2qKmn100 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240827%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240827T221107Z&X-Amz-Expires=300&X-Amz-Signature=af9a21034bb5e7fe65ef996d782a724b97119aa5e47467ec39a4e165ad0b1acb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2925284&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /klzLXAGm0iHdZcT6MtYiHXXpKNbL5RnuklNxCudj1JkeYERYfD8sQ8Od4hrM5uv220 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://kpl2.r04ar2.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij377WZrFm7O0tKWNzYEiyzXpPX0VqNgscNBwZI56164 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klzLXAGm0iHdZcT6MtYiHXXpKNbL5RnuklNxCudj1JkeYERYfD8sQ8Od4hrM5uv220 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij377WZrFm7O0tKWNzYEiyzXpPX0VqNgscNBwZI56164 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /staE25xquFIms1ubbV5xl8DLBnj3Wsk45GqF2Do244R3qvQUFMkQXp58H3Gfgh260 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40 HTTP/1.1Host: nse.idwp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /staE25xquFIms1ubbV5xl8DLBnj3Wsk45GqF2Do244R3qvQUFMkQXp58H3Gfgh260 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkI2T2dDNUQwOGtjZHgvV280cmFSMWc9PSIsInZhbHVlIjoibWFlWmRtNmxjclMwODU2cUkxVnBvZk5kZnhUc2dkMHlYN2hHUkRDYVVNWi9YL0pOQ095UG9zb3djaFdGcEg0NDlwS3VCU05wZ29IL2VoWGJYdWFDVEN1WjdONzB2NmFvZ2R3cG1ucGo2OHFJZGpYOGNGNm84TDkwYWw1OE9yTFMiLCJtYWMiOiIxMGExNzUyOTMxMWU3OThlNzUwZTNkZDVmNTEzYzY5MTc0MTM1MzM4YWUyMGVkN2I4MTg0NWViOWQ2MWQ2Y2U1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlRVZHZjVDlIL2c3dGRvVmV1K29oY1E9PSIsInZhbHVlIjoic1k1NWhINGJ4QnFrRW5HVDZzK0UzZTdvZlNITm1PNXpnNG1ZSEw2RTdJdXpjWm9XbVNsM21mNnowcEhoZUlobUlxMWFEUVNONGtseTZzVkdPb0g4dnZmeU85WGhlVWRvZVgwRmZycXZwbTdlejJIdjlsWk4zYmZrRHAwWCt1MkIiLCJtYWMiOiI5NTg3ZDMyOWI5NTY5Mzk4OThlNmY1NDk0ZjFjMjdmZGJmNTY4MjdjMTNmNzU4NmIxODBmNmM5MGQ5NWViY2UzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oOFFLGOpXKGaktU&MD=FTxB8uzd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: href.li
Source: global traffic	DNS traffic detected: DNS query: kpl2.r04ar2.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: wox.dultzman.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: get.geojs.io
Source: global traffic	DNS traffic detected: DNS query: nse.idwp.ru

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2714sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: ec492f91dc9d6a6sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:10:45 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: jaKlFK3BepuLI+voImRbyOVd/bNVJiaaIpI=$QGcQQo53PKtghY9qcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9f64b7f8c7333c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:10:50 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: uxjpHow3BxLijl2KIWMVfS7+6246QAjJtVk=$NfLhMSEhW/h3aItycache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9f64d74e3e4251-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: J1ZLfQTWm5Lqs5iuued80agSYRZWsObUFag=$roiI11/oz/7QOj4EServer: cloudflareCF-RAY: 8b9f6523c95443ac-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B3Hwfm5URa0VIteODWMU8DrfSEvhq2TVdS8YuOi20LAechWtbpiyhuqmicuzV2Bgmk6g52Ft91M1q3K0Ga0TX76s19zPo9ucrgRAgL%2FcN5%2BeBG%2F84dvq1celzyB%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f65323f758c3f-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lm9UcMp9dJB3hFYO%2FGnnyiFDjvAPI%2Finfh1SgxU0wFgstOLNZ1tiduxrT78XsIlcVJ%2BTqjpztrSO4thClphqyCKNj540B5RtgWNmcYbBEBrL1Gm00Nu5EFEO6FWKpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f655b1eb27d18-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sIxc%2BZUUEOrNpQDWB9EM7I7KmFejegSrUZkqAmRHFxitgwVo5ALHeTjQ8lJXvTyvY0hx3XK79w4PAfrQpGB%2FeUnI%2BYYGnE14edccKFBWCZEFC1LyJAV9TiVnbge89w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f6578fa270c9e-EWR

Source: chromecache_170.2.dr, chromecache_195.2.dr	String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_173.2.dr	String found in binary or memory: https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond
Source: ATT60255.HTM	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_170.2.dr, chromecache_195.2.dr	String found in binary or memory: https://github.com/fent)
Source: chromecache_183.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_183.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_212.2.dr, chromecache_165.2.dr, chromecache_189.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.
Source: chromecache_212.2.dr, chromecache_189.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49887 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.evad.winHTM@33/98@52/27

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT60255.HTM"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Data Obfuscation

HTML file submission requesting Cloudflare captcha challenge

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.67.3	nse.idwp.ru	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.26.1.100	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	true
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
18.245.31.5	unknown	United States	16509	AMAZON-02US	false
185.199.109.133	unknown	Netherlands	54113	FASTLYUS	false
13.227.219.40	d2vgu95hoyrpkh.cloudfront.net	United States	16509	AMAZON-02US	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
185.199.110.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
65.9.86.56	unknown	United States	16509	AMAZON-02US	false
13.33.187.68	d19d360lklgih4.cloudfront.net	United States	16509	AMAZON-02US	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
192.0.78.26	href.li	United States	2635	AUTOMATTICUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	wox.dultzman.ru	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	kpl2.r04ar2.com	European Union	13335	CLOUDFLARENETUS	false
172.67.70.233	get.geojs.io	United States	13335	CLOUDFLARENETUS	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.6
192.168.2.5

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
nse.idwp.ru	104.21.67.3	true
wox.dultzman.ru	188.114.97.3	true
github.com	140.82.121.3	true
href.li	192.0.78.26	true
kpl2.r04ar2.com	188.114.96.3	true
code.jquery.com	151.101.130.137	true
d2vgu95hoyrpkh.cloudfront.net	13.227.219.40	true
cdnjs.cloudflare.com	104.17.25.14	true
challenges.cloudflare.com	104.18.94.41	true
get.geojs.io	172.67.70.233	true
www.google.com	172.217.16.132	true
d19d360lklgih4.cloudfront.net	13.33.187.68	true
objects.githubusercontent.com	185.199.110.133	true
cdn.socket.io	unknown	unknown
ok4static.oktacdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/90BLxVXhpRTD45c1Cvst53	false	Avira URL Cloud: phishing	unknown
https://code.jquery.com/jquery-3.6.0.min.js	true	URL Reputation: safe	unknown
https://kpl2.r04ar2.com/90e3UQoFnPZnefHhdNMQPyz73	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122	false	Avira URL Cloud: phishing	unknown
file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	true	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136	false	Avira URL Cloud: phishing	unknown
https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/12HMveiyHPabpIUo8913	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/12Vj5xeItpngol5p78GsRYKIFop50	false	Avira URL Cloud: phishing	unknown
https://www.google.com/recaptcha/api.js	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/xy7B16Rpqjcafef30	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://href.li/?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/rsudZieQRPg934N9fbuv40	false	Avira URL Cloud: phishing	unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false	Avira URL Cloud: safe	unknown
https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/45lL7KipMN4YrD89WlFkKCVxy70	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW	true	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/eflbaMIh8KvYQ56Fw0I2qKmn100	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=sIxc%2BZUUEOrNpQDWB9EM7I7KmFejegSrUZkqAmRHFxitgwVo5ALHeTjQ8lJXvTyvY0hx3XK79w4PAfrQpGB%2FeUnI%2BYYGnE14edccKFBWCZEFC1LyJAV9TiVnbge89w%3D%3D	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=M%2B3Hwfm5URa0VIteODWMU8DrfSEvhq2TVdS8YuOi20LAechWtbpiyhuqmicuzV2Bgmk6g52Ft91M1q3K0Ga0TX76s19zPo9ucrgRAgL%2FcN5%2BeBG%2F84dvq1celzyB%2Bw%3D%3D	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8b9f6497ee820fa4/1724796641793/1d41b0915d96664d4c421588daa101f93a8179105dc076a56dbf01d319f547c8/wIkiMbIg4-l0Z4N	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
https://nse.idwp.ru/srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40	false	Avira URL Cloud: malware	unknown
https://cdn.socket.io/4.6.0/socket.io.min.js	false	URL Reputation: safe	unknown
https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239	false	Avira URL Cloud: phishing	unknown
https://get.geojs.io/v1/ip/geo.json	false	Avira URL Cloud: safe	unknown
https://kpl2.r04ar2.com/apsDh9aBaVhYjUySTyaOt7dEJs5t	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193	false	Avira URL Cloud: phishing	unknown
https://kpl2.r04ar2.com/lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb	false	Avira URL Cloud: phishing	unknown
https://wox.dultzman.ru/yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC	false	Avira URL Cloud: malware	unknown

AV Detection

Antivirus detection for URL or domain

Source: https://kpl2.r04ar2.com/ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/90e3UQoFnPZnefHhdNMQPyz73	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/90BLxVXhpRTD45c1Cvst53	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/12HMveiyHPabpIUo8913	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/12Vj5xeItpngol5p78GsRYKIFop50	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/xy7B16Rpqjcafef30	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/rsudZieQRPg934N9fbuv40	Avira URL Cloud: Label: phishing
Source: https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/eflbaMIh8KvYQ56Fw0I2qKmn100	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/45lL7KipMN4YrD89WlFkKCVxy70	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au	Avira URL Cloud: Label: phishing
Source: https://nse.idwp.ru/srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40	Avira URL Cloud: Label: malware
Source: https://kpl2.r04ar2.com/apsDh9aBaVhYjUySTyaOt7dEJs5t	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193	Avira URL Cloud: Label: phishing
Source: https://kpl2.r04ar2.com/lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb	Avira URL Cloud: Label: phishing
Source: https://wox.dultzman.ru/yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.6.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: New IFrame, src: https://href.li/?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://code.jquery.com/jquery-3.6.0.min.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://code.jquery.com/jquery-3.6.0.min.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: New script, src: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

HTML page contains suspicious base64 encoded javascript

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Base64 decoded: <script>

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	Matcher: Template: microsoft matched
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	Matcher: Template: microsoft matched

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW

HTML body contains password input but no form action

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: ATT60255.HTM

HTTP Parser: Base64 decoded: https://href.li/?https://KPL2.r04ar2.com/KPL2/

HTML title does not match URL

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Title: mIquPOSkDYMvm3Vd does not match URL

Invalid T&C link found

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: Invalid link: Privacy & cookies

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: <input type="password" .../> found

Source: ATT60255.HTM	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49887 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:65237 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.26.1.100 104.26.1.100
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: FASTLYUS FASTLYUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: href.liConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC HTTP/1.1Host: wox.dultzman.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://kpl2.r04ar2.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yujumitzgvwdmelzinmewQxtLOYJNEVXSSDHIHSVCETCIEVPNERHTXNUMDDPXUKLBBLLJCZAYXXBKOEQPMAUCC HTTP/1.1Host: wox.dultzman.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9f6497ee820fa4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8b9f6497ee820fa4/1724796641793/1d41b0915d96664d4c421588daa101f93a8179105dc076a56dbf01d319f547c8/wIkiMbIg4-l0Z4N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oOFFLGOpXKGaktU&MD=FTxB8uzd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/idxkc/0x4AAAAAAAhuDbq9Zssi-YOu/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9f6497ee820fa4/1724796641795/JJoPtCsZIVs8EyO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1155709742:1724793999:jZYsAJ5BQ_g2p6ZQyC6e2YcpgeQ98hmygX8r-9lG55k/8b9f6497ee820fa4/ec492f91dc9d6a6 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KPL2/?em=natasha.hammond@lchs.com.au HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.auAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilg5dHZRdjE0RXpLUlBWc3Z4RmlLZGc9PSIsInZhbHVlIjoiUkNqelFSckNwampGVlJkTHZZa2M4alBPSDEzenJhNUFGZmxQQ3hsRFJDalJ6UmlSL1d0ZkJvdUdlVjJ6U2ltRnBKQ0RRcW9zdTVpSmVSeHlVSHJOMmhONkpRSHI4WXhJRkhMamhqSGtSWWZ5Z01tY205VStIQmN2MWFsSlROekoiLCJtYWMiOiJiYjFjMTMzZDY3MzIwYWJhNGQ2NzlhZDk1Zjg1ODdhNmRmZWQ2MjU0ZWYwYjAyM2NhYThjODk5MjNlZDA5MTI2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InFITXRydUdscmhaaEp2cXhYbEZXNUE9PSIsInZhbHVlIjoiNnJaR2I0Sk5IeEVLWW5aSWFVMGc0TFJ1L1JzWHdraVFxOFIrb1BQOGN6RytQS0lhMk5kNTBkakJKdHJ1bUI2UldoNnFhajJqQk1RVktSWWxhaTJvYSs3WU5GSHNid3dpTjQyZEY4WWhWVXl1WGdYWEpoOHU2UDZ5T25DR1pjeUQiLCJtYWMiOiI0OWRmMTA1NmQ5ZTI4M2ZhZDgwOTZjMjdlZjU4ZDZjMWQxYTI5NDE4ZGE4ZDRiNTQxZmY5M2JkYWYwMzRiMTYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /apsDh9aBaVhYjUySTyaOt7dEJs5t HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilg5dHZRdjE0RXpLUlBWc3Z4RmlLZGc9PSIsInZhbHVlIjoiUkNqelFSckNwampGVlJkTHZZa2M4alBPSDEzenJhNUFGZmxQQ3hsRFJDalJ6UmlSL1d0ZkJvdUdlVjJ6U2ltRnBKQ0RRcW9zdTVpSmVSeHlVSHJOMmhONkpRSHI4WXhJRkhMamhqSGtSWWZ5Z01tY205VStIQmN2MWFsSlROekoiLCJtYWMiOiJiYjFjMTMzZDY3MzIwYWJhNGQ2NzlhZDk1Zjg1ODdhNmRmZWQ2MjU0ZWYwYjAyM2NhYThjODk5MjNlZDA5MTI2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InFITXRydUdscmhaaEp2cXhYbEZXNUE9PSIsInZhbHVlIjoiNnJaR2I0Sk5IeEVLWW5aSWFVMGc0TFJ1L1JzWHdraVFxOFIrb1BQOGN6RytQS0lhMk5kNTBkakJKdHJ1bUI2UldoNnFhajJqQk1RVktSWWxhaTJvYSs3WU5GSHNid3dpTjQyZEY4WWhWVXl1WGdYWEpoOHU2UDZ5T25DR1pjeUQiLCJtYWMiOiI0OWRmMTA1NmQ5ZTI4M2ZhZDgwOTZjMjdlZjU4ZDZjMWQxYTI5NDE4ZGE4ZDRiNTQxZmY5M2JkYWYwMzRiMTYyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQW HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://kpl2.r04ar2.com/KPL2/?em=natasha.hammond@lchs.com.auAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImVBdVp1aGc1THQzSVd3TlMzMENXZkE9PSIsInZhbHVlIjoia0pRdkVGUlVUdVRSZi9RYjZic29scm1RNFlUUEg2V2FraXRYQ0ppSGhCT0pLSS81QXVIZlN4dENoMHk5dzJqSVdqTjRrSlE3U0Q2cWVTdGw1eUdTc3JXUnB5OTk3TWFMN0RMRTlHem9jR3NvU05FSXFrbHRZaURVUWhlaTJKLzAiLCJtYWMiOiIxZGFhMzc3ZGYxOGI3N2QxOTA5MzNlM2EyYzkzOGNkOWJiOGE2ZmZmNzg3N2U3ZjVhNDFjN2E0ODk1MWMwMjQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImYrMWdKT1puUkVyRUVNM09uUWJpelE9PSIsInZhbHVlIjoiSWpaSFRkR1lqM2h0b2xIbHllNXRvRkVDMjZSaDRoWDMwd0tSRlFVTFdveitCTHhBR3N3OXhrVDBTNkxqME5NYm5iWjE0dnNUSzlJTnUvUFlMSTA5cFpycEJ4eU03dWFsUTVNdVZTbGZ0ajl2QWt3TUlMeDIwckpUMHk4a2M3VVUiLCJtYWMiOiI4ODI2OTZiOTlhNzk3OTQyYzlhZmMyODY0ZWJkMzgyOTJlMTFmMTNmNDE2NDg2YTRiMmFjMWI2ZTA2YzExZDhiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /12HMveiyHPabpIUo8913 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /xy7B16Rpqjcafef30 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsudZieQRPg934N9fbuv40 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /12Vj5xeItpngol5p78GsRYKIFop50 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /90BLxVXhpRTD45c1Cvst53 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /45lL7KipMN4YrD89WlFkKCVxy70 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240827%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240827T221107Z&X-Amz-Expires=300&X-Amz-Signature=af9a21034bb5e7fe65ef996d782a724b97119aa5e47467ec39a4e165ad0b1acb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2925284&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /90e3UQoFnPZnefHhdNMQPyz73 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /eflbaMIh8KvYQ56Fw0I2qKmn100 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://kpl2.r04ar2.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240827%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240827T221107Z&X-Amz-Expires=300&X-Amz-Signature=af9a21034bb5e7fe65ef996d782a724b97119aa5e47467ec39a4e165ad0b1acb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2925284&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /klzLXAGm0iHdZcT6MtYiHXXpKNbL5RnuklNxCudj1JkeYERYfD8sQ8Od4hrM5uv220 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34u2dqhNgiTTAmhQJRfAlijwjGO22rrieg8N89109 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImN5ZU9uWjB5Qmc5emRSZFlYRWpOUkE9PSIsInZhbHVlIjoiZk1ybHNzQS94ZkV4SXZQVXVldmNNU1BUNlFHMmc4Q0Z1TU9uM08wNC83T28rNVJZRGJkNUtXNmhhRHJuUWRlcTlsR0Q3ZWpxZDk4YjlSRzlVSk51dHVqem5McU9yM3R1WVRtdlR6eFZKT3lGKzdSYy9LNXBRcWtYVHpJK3F5eWgiLCJtYWMiOiIwNGZkZTkxOGViNzk0OGU1NjQ0NjBiNzM2NmRkYmE3Nzk3Yzc4YzdlMDQxMTEzOGQzMWYwMzQzM2FhYTY3ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFmdmdnSE5ONjZBY0JyYjVSVlJ5bmc9PSIsInZhbHVlIjoiS3dpdDVZZEVzOHloalY5dWFqZGxvSEkrMnhRMW85dG1VUExKYjJZQURCdURlR1FRa0Yrdk5iMVJNSmx0SjdCaXFxWDJVMjF0dTdneWgySFBCSm1nWjliUXU1SG53UWp1WHdHQ3YrMVlUSjZId0tGWllVa2NsMTY0NzBhM3lHT1kiLCJtYWMiOiI0YjIxOWZhMTBkZTFhMmNlNWJlMGVhNTRjNGY1MmE2MGI4ZDJjMGI5YTM5ZGQ5ZDBkOGYxMGJkNGM3Mjc2NWY4IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://kpl2.r04ar2.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij377WZrFm7O0tKWNzYEiyzXpPX0VqNgscNBwZI56164 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klzLXAGm0iHdZcT6MtYiHXXpKNbL5RnuklNxCudj1JkeYERYfD8sQ8Od4hrM5uv220 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijnd8sg6QezUuY8NkwAQx6Mva2UqiWIRuKitmhbhPvV0dW8953IaxnO5zyk4DAWXKxNh96jT7SddDXEWlab230 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wxHVaG32Jkcs0chiqe2Yu17gtGastmDvkLvL2DuF334122 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opKLYDT4iSj1EzadhEhDpI1lluB1YhaGl3mnNYoW0cvfRvYM2rnq8TyFW67136 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzv6APvxjrgntZxQ45HdaVBv4bb9NWKLthursnlZg6hH9j5QVqA9pJa5M90173 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij377WZrFm7O0tKWNzYEiyzXpPX0VqNgscNBwZI56164 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnYZrvj92fDlYVB6kIIxHwk2kldgIYDnxxWUlq6qF78141 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opiCvib1OfbhHAtLAPQFkZJXG9XLLMrDTuv80Ycdhp7wkulvQ9LZaUjk5Jb8fief193 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /staE25xquFIms1ubbV5xl8DLBnj3Wsk45GqF2Do244R3qvQUFMkQXp58H3Gfgh260 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kpl2.r04ar2.com/DSJKBRRSHVQKQNAYPHULNIARMPWNRQ72apgg8emy45ecxep2ox1c2zsodu5g?xltqgngmggtbsusyffglroeuadacufhsz3353779624593154474507208783787GEQB3HVF5MU7QFRI5NQBGGHV97QLOLQWAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /srsldqgbwnlyknaiuilfjcyqoKGYnePGFJAVJGZCNGFCUJYLNOCYUZRFYFVSVVQBpqvHhnoPyzuWRNahuv40 HTTP/1.1Host: nse.idwp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /opGHJkGaKvnTmNyFMzfZnzJcWrEqLJbZTjGMiH6wVdpvwstZXuhyaUJEfnge69Z5HGqTwYsoleWcuQeXcd239 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ghNzQHRb9jvqvVbqkpfSFV6klWOhd48QqGY5YO1FOv4o4ZFC6Ief204 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /staE25xquFIms1ubbV5xl8DLBnj3Wsk45GqF2Do244R3qvQUFMkQXp58H3Gfgh260 HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InhvR0UvcTR1aC8xcE94L2JQc2J2cEE9PSIsInZhbHVlIjoicFBBVEdFVW55Q2ZJSXVvYW1yVmRHa0c4cHFVOHFRTG91WXhLU0hudjJydzhrdHBlOWx6NzZuVlpUcEYvaC9McGM1eElHckpOZVhYUHVYVXZVd2RtTVJBWTBieG5rczhRT01lUkVjQTBab2MvRkRXbTdxOWhNYUJJZ21MVmcxSjYiLCJtYWMiOiI3ZTE3OGRmMzY2YmJiNTExZGY4MzhmNjM0N2NhMTg4MTNlNDQ3NTg5OThhMjI4MTk3MzMxNmVkNzM2YmJjNjlhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjFzbklhcGVmMGkrMk5HY1J1ak1kWEE9PSIsInZhbHVlIjoid2E5LzVESVU3dmdwcGNpM3ZHZEhlUFBIOUZKbjBWZURwOGNKVmJJQXBwbUNaSnUyZHZucEE5VVQ2UlI4bGwrODdDNEZOaHZDTUk3NUQxRE1nK2tkVjRURk1ZL0F3U1Q1N3hSY0g1YUViZFBSZVhvc0xmOUNsb1dGNG1hdnQ2ejIiLCJtYWMiOiJmMjNjODI5N2YwMzVlMzQ1Mjg2ZGNlOGQ4ZjYzNTFjNTZiZjU3YjNlZmQzOTkwMGVkMGNjOTI4ZDlmYTUwMmQ5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /lvytc1gAYeGHFHs4NJuMNMax70PlgNRGw39kizb HTTP/1.1Host: kpl2.r04ar2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkI2T2dDNUQwOGtjZHgvV280cmFSMWc9PSIsInZhbHVlIjoibWFlWmRtNmxjclMwODU2cUkxVnBvZk5kZnhUc2dkMHlYN2hHUkRDYVVNWi9YL0pOQ095UG9zb3djaFdGcEg0NDlwS3VCU05wZ29IL2VoWGJYdWFDVEN1WjdONzB2NmFvZ2R3cG1ucGo2OHFJZGpYOGNGNm84TDkwYWw1OE9yTFMiLCJtYWMiOiIxMGExNzUyOTMxMWU3OThlNzUwZTNkZDVmNTEzYzY5MTc0MTM1MzM4YWUyMGVkN2I4MTg0NWViOWQ2MWQ2Y2U1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlRVZHZjVDlIL2c3dGRvVmV1K29oY1E9PSIsInZhbHVlIjoic1k1NWhINGJ4QnFrRW5HVDZzK0UzZTdvZlNITm1PNXpnNG1ZSEw2RTdJdXpjWm9XbVNsM21mNnowcEhoZUlobUlxMWFEUVNONGtseTZzVkdPb0g4dnZmeU85WGhlVWRvZVgwRmZycXZwbTdlejJIdjlsWk4zYmZrRHAwWCt1MkIiLCJtYWMiOiI5NTg3ZDMyOWI5NTY5Mzk4OThlNmY1NDk0ZjFjMjdmZGJmNTY4MjdjMTNmNzU4NmIxODBmNmM5MGQ5NWViY2UzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oOFFLGOpXKGaktU&MD=FTxB8uzd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: href.li
Source: global traffic	DNS traffic detected: DNS query: kpl2.r04ar2.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: wox.dultzman.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: get.geojs.io
Source: global traffic	DNS traffic detected: DNS query: nse.idwp.ru

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:10:45 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: jaKlFK3BepuLI+voImRbyOVd/bNVJiaaIpI=$QGcQQo53PKtghY9qcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9f64b7f8c7333c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:10:50 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: uxjpHow3BxLijl2KIWMVfS7+6246QAjJtVk=$NfLhMSEhW/h3aItycache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9f64d74e3e4251-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: J1ZLfQTWm5Lqs5iuued80agSYRZWsObUFag=$roiI11/oz/7QOj4EServer: cloudflareCF-RAY: 8b9f6523c95443ac-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B3Hwfm5URa0VIteODWMU8DrfSEvhq2TVdS8YuOi20LAechWtbpiyhuqmicuzV2Bgmk6g52Ft91M1q3K0Ga0TX76s19zPo9ucrgRAgL%2FcN5%2BeBG%2F84dvq1celzyB%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f65323f758c3f-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lm9UcMp9dJB3hFYO%2FGnnyiFDjvAPI%2Finfh1SgxU0wFgstOLNZ1tiduxrT78XsIlcVJ%2BTqjpztrSO4thClphqyCKNj540B5RtgWNmcYbBEBrL1Gm00Nu5EFEO6FWKpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f655b1eb27d18-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:11:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sIxc%2BZUUEOrNpQDWB9EM7I7KmFejegSrUZkqAmRHFxitgwVo5ALHeTjQ8lJXvTyvY0hx3XK79w4PAfrQpGB%2FeUnI%2BYYGnE14edccKFBWCZEFC1LyJAV9TiVnbge89w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 8b9f6578fa270c9e-EWR

Source: chromecache_170.2.dr, chromecache_195.2.dr	String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_173.2.dr	String found in binary or memory: https://KPL2.r04ar2.com/KPL2/?em=natasha.hammond
Source: ATT60255.HTM	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_170.2.dr, chromecache_195.2.dr	String found in binary or memory: https://github.com/fent)
Source: chromecache_183.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_183.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_212.2.dr, chromecache_165.2.dr, chromecache_189.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_165.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.
Source: chromecache_212.2.dr, chromecache_189.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49887 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.evad.winHTM@33/98@52/27

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT60255.HTM"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2320,i,10043383887662201719,1952149342407670854,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Data Obfuscation

HTML file submission requesting Cloudflare captcha challenge

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

HTTP Parser: file:///C:/Users/user/Desktop/ATT60255.HTM#?em=natasha.hammond@lchs.com.au

ID:	1500134
Product:	CloudBasic
Start time:	00:09:35
Start date:	28.08.2024
Sample:	ATT60255.HTM
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	45a5630a8866c09a1ebbf976cd4063b8
SHA1:	016e3ac60bbc732a6ec220b9e9e61b07e5efda76
SHA256:	4fbc40af35b1a3e69cf0adf2bf86a06d750babffcbce39650dbded3e11de0433
Filetype:	Scalable Vector Graphics (18501/1) 31.09%

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 159	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 160	ASCII text, with very long lines (45667)	80F5B8C6A9EEAC15DE93E5A112036A06	F7174635137D37581B11937FC90E9CB325077BCE	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
Chrome Cache Entry: 161	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 162	ASCII text, with CRLF line terminators	94C952E68CD89B529170B6B82C994BBE	822F28855D88DA679AF6E8A437316D72433965D4	5A55CE5E458408B483A2B08C45444E987124FD0857D68F12C9A2EAE76BB8A8C4
Chrome Cache Entry: 163	SVG Scalable Vector Graphics image	FE87496CC7A44412F7893A72099C120A	A0C1458C08A815DF63D3CB0406D60BE6607CA699	55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
Chrome Cache Entry: 164	HTML document, ASCII text, with very long lines (65209), with CRLF line terminators	F7D0CCA2EA2B9B3853E6E45AF072B628	754EE6031455FA14C1D43D083C975EAAD721BC0C	6C6C99C0E8B135AB8E7353E741F7F1113F691D0855FA6B5D24F4134DEA127EFB
Chrome Cache Entry: 165	data	70306D36CE9DBCBD8E5D1C9913A5210F	04949AD636F8CD09BF91059BC4AAF1973C92A15F	1425B3DC4E809E5488AAE10E2EB2511F652C6A9C3845C98C3FE69F07FE0C9E2B
Chrome Cache Entry: 166	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 167	PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced	DB783743CD246FF4D77F4A3694285989	B9466716904457641B7831868B47162D8D378D41	5913B1EC0FC58AB2BEC576804B9E9B566A584EA3D21A1BF74A7B40051A447FDC
Chrome Cache Entry: 168	ASCII text, with no line terminators	D90F02F133E7B82AF89B3E58526AC459	F1D6D47EFE0D920F5BC5024E813554BD2F8A1650	FCF0826E3EA7D24F6C73417BFF62AD84191ECC837DBFB10E60A2547580C3C14D
Chrome Cache Entry: 169	Web Open Font Format (Version 2), TrueType, length 28584, version 1.66	17081510F3A6F2F619EC8C6F244523C7	87F34B2A1532C50F2A424C345D03FE028DB35635	2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
Chrome Cache Entry: 170	ASCII text, with very long lines (10017)	6C20A2BE8BA900BC0A7118893A2B1072	FF7766FDE1F33882C6E1C481CEED6F6588EA764C	B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
Chrome Cache Entry: 171	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 172	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 173	HTML document, ASCII text	D1D553B297EB4AD5253CBFBD0D36118E	12D19C210A60CDD945FF0B6B3A411ADA65518C69	DBB566525226F6268A2FAA76B40B9BF2CE8ED486AD19F44696412FD8755440FA
Chrome Cache Entry: 174	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 175	PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced	66F395DDE20DA7B6FBA5F1F2D62F9461	AA5C21902D0CF6D5E6B78959094B34931DA2CDC1	B11A15B13B2E2764881D01331D65E1452369FBE967751495200A8D9669852EC2
Chrome Cache Entry: 176	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 177	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	839CB0F55C3D2D5C2F740BDA95CB2878	93F6FA3A2DA8B7184D4B5C5F2065872793370C2E	40ECB8832F6A9A8AAA0CC6E1287E867A4FCA38433D091D86C6CAB1F28FBAB652
Chrome Cache Entry: 178	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators	336F8E7CD2791AF27D8911E7DECCF318	42BFB03B6043FB5F5868E798881ED74CEE91C83D	74DDD3E51C84AD6BD46A0BCB98C22278DD3A7C1B5D82D4EE1A47154609485837
Chrome Cache Entry: 179	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced	333EE830E5AB72C41DD9126A27B4D878	12D8D66EBB3076F3D6069E133C3212F97C8774E1	8702292CBC365E9F0488143E2B309B85EFE09C61FD2E0A2E21C53735A309313C
Chrome Cache Entry: 180	ASCII text, with very long lines (23638), with CRLF line terminators	3CC6A150355B61433C4C2E0D98694A96	69E5DAA7231172F90D3CE17E8DBAA5B5D8AF5FC3	0C802C37871F458B278E8FC129D119E05C4A5CFE8A679BFA66263C94F4BFEC4F
Chrome Cache Entry: 181	PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced	210433A8774859368F3A7B86D125A2A7	408BACDDC39F12CAD285579C102FE4A629862D88	9C6ADDFC339CE1C1D262290AB4CC2DE8D38D4B54B11A8E85AFD44FBB0ACC2561
Chrome Cache Entry: 182	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 183	data	70306D36CE9DBCBD8E5D1C9913A5210F	04949AD636F8CD09BF91059BC4AAF1973C92A15F	1425B3DC4E809E5488AAE10E2EB2511F652C6A9C3845C98C3FE69F07FE0C9E2B
Chrome Cache Entry: 184	SVG Scalable Vector Graphics image	B59C16CA9BF156438A8A96D45E33DB64	4E51B7D3477414B220F688ADABD76D3AE6472EE3	A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
Chrome Cache Entry: 185	ASCII text, with very long lines (45667)	80F5B8C6A9EEAC15DE93E5A112036A06	F7174635137D37581B11937FC90E9CB325077BCE	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
Chrome Cache Entry: 186	ASCII text, with very long lines (10450)	E0D37A504604EF874BAD26435D62011F	4301F0D2B729AE22ADECE657D79ECCAA25F429B1	C39FF65E2A102E644EB0BF2E31D2BAD3D18F7AFB25B3B9BA7A4D46263A711179
Chrome Cache Entry: 187	very short file (no magic)	CFCD208495D565EF66E7DFF9F98764DA	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
Chrome Cache Entry: 188	SVG Scalable Vector Graphics image	40EB39126300B56BF66C20EE75B54093	83678D94097257EB474713DEC49E8094F49D2E2A	765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
Chrome Cache Entry: 189	ASCII text, with very long lines (1434), with no line terminators	CE3E019BC27E936BD1AACDB64B25A06D	30FFA6E52416FF966EC2DD32922AA14C18C4039B	EE18FA1ADA74C5D3261424BCC1C4F077510C31A06BEE0FF6742F180ED14C57D8
Chrome Cache Entry: 190	Web Open Font Format, TrueType, length 36696, version 1.0	A69E9AB8AFDD7486EC0749C551051FF2	C34E6AA327B536FB48D1FE03577A47C7EE2231B8	FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
Chrome Cache Entry: 191	SVG Scalable Vector Graphics image	59759B80E24A89C8CD029B14700E646D	651B1921C99E143D3C242DE3FAACFB9AD51DBB53	B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
Chrome Cache Entry: 192	PNG image data, 86 x 73, 8-bit/color RGB, non-interlaced	66F395DDE20DA7B6FBA5F1F2D62F9461	AA5C21902D0CF6D5E6B78959094B34931DA2CDC1	B11A15B13B2E2764881D01331D65E1452369FBE967751495200A8D9669852EC2
Chrome Cache Entry: 193	PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced	DB783743CD246FF4D77F4A3694285989	B9466716904457641B7831868B47162D8D378D41	5913B1EC0FC58AB2BEC576804B9E9B566A584EA3D21A1BF74A7B40051A447FDC
Chrome Cache Entry: 194	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	547988BAC5584B4608466D761E16F370	C11BB71049702528402A31027F200184910A7E23	70E32B2DB3F079BB0295A85A0DB15ED9E5926294DD947938D6CFA595F5AB18B4
Chrome Cache Entry: 195	ASCII text, with very long lines (10017)	6C20A2BE8BA900BC0A7118893A2B1072	FF7766FDE1F33882C6E1C481CEED6F6588EA764C	B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
Chrome Cache Entry: 196	PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced	12BDACC832185D0367ECC23FD24C86CE	4422F316EB4D8C8D160312BB695FD1D944CBFF12	877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
Chrome Cache Entry: 197	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 198	ASCII text, with very long lines (51734)	0329C939FCA7C78756B94FBCD95E322B	7B5499B46660A0348CC2B22CAE927DCC3FDA8B20	0E47F4D2AF98BFE77921113C8AAF0C53614F88FF14FF819BE6612538611ED3D1
Chrome Cache Entry: 199	Web Open Font Format (Version 2), TrueType, length 93276, version 1.0	BCD7983EA5AA57C55F6758B4977983CB	EF3A009E205229E07FB0EC8569E669B11C378EF1	6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
Chrome Cache Entry: 200	PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced	12BDACC832185D0367ECC23FD24C86CE	4422F316EB4D8C8D160312BB695FD1D944CBFF12	877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
Chrome Cache Entry: 201	Web Open Font Format (Version 2), TrueType, length 43596, version 1.0	2A05E9E5572ABC320B2B7EA38A70DCC1	D5FA2A856D5632C2469E42436159375117EF3C35	3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
Chrome Cache Entry: 202	Web Open Font Format, TrueType, length 35970, version 1.0	496B7BBDE91C7DC7CF9BBABBB3921DA8	2BD3C406A715AB52DAD84C803C55BF4A6E66A924	AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
Chrome Cache Entry: 203	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 204	ASCII text, with very long lines (65451)	915D46FD8A4FC4A89138059BD0D054D4	20263099BD772641C53B8358D013FEC0FB3098DC	A71CBC147456E55A691F9D2861BA4087375510D869047A3B4F885110527E7CA8
Chrome Cache Entry: 205	PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced	F70FF06D19498D80B130EC78176FD3FF	9D8A3B74C5164FF7AE2C7930B6D7B14707B404FC	DF6DBAB5251E56B405E48AAF57D3CD4188F073FFBA71131FA6CD26E6742923AE
Chrome Cache Entry: 206	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators	336F8E7CD2791AF27D8911E7DECCF318	42BFB03B6043FB5F5868E798881ED74CEE91C83D	74DDD3E51C84AD6BD46A0BCB98C22278DD3A7C1B5D82D4EE1A47154609485837
Chrome Cache Entry: 207	SVG Scalable Vector Graphics image	FE87496CC7A44412F7893A72099C120A	A0C1458C08A815DF63D3CB0406D60BE6607CA699	55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
Chrome Cache Entry: 208	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced	333EE830E5AB72C41DD9126A27B4D878	12D8D66EBB3076F3D6069E133C3212F97C8774E1	8702292CBC365E9F0488143E2B309B85EFE09C61FD2E0A2E21C53735A309313C
Chrome Cache Entry: 209	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	547988BAC5584B4608466D761E16F370	C11BB71049702528402A31027F200184910A7E23	70E32B2DB3F079BB0295A85A0DB15ED9E5926294DD947938D6CFA595F5AB18B4
Chrome Cache Entry: 210	PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced	210433A8774859368F3A7B86D125A2A7	408BACDDC39F12CAD285579C102FE4A629862D88	9C6ADDFC339CE1C1D262290AB4CC2DE8D38D4B54B11A8E85AFD44FBB0ACC2561
Chrome Cache Entry: 211	SVG Scalable Vector Graphics image	B59C16CA9BF156438A8A96D45E33DB64	4E51B7D3477414B220F688ADABD76D3AE6472EE3	A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
Chrome Cache Entry: 212	ASCII text, with very long lines (1434), with no line terminators	CE3E019BC27E936BD1AACDB64B25A06D	30FFA6E52416FF966EC2DD32922AA14C18C4039B	EE18FA1ADA74C5D3261424BCC1C4F077510C31A06BEE0FF6742F180ED14C57D8
Chrome Cache Entry: 213	very short file (no magic)	CFCD208495D565EF66E7DFF9F98764DA	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
Chrome Cache Entry: 214	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 215	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	839CB0F55C3D2D5C2F740BDA95CB2878	93F6FA3A2DA8B7184D4B5C5F2065872793370C2E	40ECB8832F6A9A8AAA0CC6E1287E867A4FCA38433D091D86C6CAB1F28FBAB652
Chrome Cache Entry: 216	Web Open Font Format (Version 2), TrueType, length 28000, version 1.66	A4BCA6C95FED0D0C5CC46CF07710DCEC	73B56E33B82B42921DB8702A33EFD0F2B2EC9794	5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
Chrome Cache Entry: 217	SVG Scalable Vector Graphics image	59759B80E24A89C8CD029B14700E646D	651B1921C99E143D3C242DE3FAACFB9AD51DBB53	B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
Chrome Cache Entry: 218	PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced	F70FF06D19498D80B130EC78176FD3FF	9D8A3B74C5164FF7AE2C7930B6D7B14707B404FC	DF6DBAB5251E56B405E48AAF57D3CD4188F073FFBA71131FA6CD26E6742923AE
Chrome Cache Entry: 219	SVG Scalable Vector Graphics image	40EB39126300B56BF66C20EE75B54093	83678D94097257EB474713DEC49E8094F49D2E2A	765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4

Windows Analysis Report
ATT60255.HTM

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report ATT60255.HTM

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
ATT60255.HTM