Edit tour

Windows Analysis Report
http://bankwir.com/

Overview

General Information

Sample URL:	http://bankwir.com/
Analysis ID:	1523036
Tags:	urlscan
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2184,i,7239552655901931415,17710681725114952505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bankwir.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /service/common.php HTTP/1.1Host: sedo.comConnection: keep-aliveContent-Length: 45sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://sedo.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sedo.com/us/park-domains/?tracked=&partnerid=&language=usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=Jg2WMt4CTlyZO2nSGSsm52JkZzQ_pcYfZWibdG477zs-1727736052-1.0.1.1-b9MRhozq2P5yEyhr1BgOKtP5D9NF0n3x9fsEYEyCodhSSEtzD_5oJd_GO8Ce81goEif4FQ1zNj4gi4pLI9nMYg; campaignId=; session=03e31c5ec68ea2ed808724c8900cf8d8; locale=en-US

Source: chromecache_226.2.dr, chromecache_245.2.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: chromecache_140.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqkJY-jySVFEzuVAbKhhopkpTm1ii
Source: chromecache_147.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqlLPj13THtKBF-aJdB7fpkn0FmZP
Source: chromecache_140.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqlOut1prwKJps2O8ydGQjoOUbYYd
Source: chromecache_124.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqlxJ0Dh13zDUIXc_C8SfMMTbpTtl
Source: chromecache_147.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqm5WVQdUf7qJ-9s-EWNG9O-OZuKw
Source: chromecache_241.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqmjPLXAimMMOH1Tlz6VaWtBVKsqQ
Source: chromecache_124.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqn7py5dd3f6VNtX2AgAAkSiZ3kVO
Source: chromecache_241.2.dr	String found in binary or memory: https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqnmIzyDTcsQv1Im8xTL_S9biwgke
Source: chromecache_137.2.dr	String found in binary or memory: https://afs.googleusercontent.com/svg/right_arrow.svg
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://app.usercentrics.eu/browser-ui/latest/loader.js
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://app.varify.io/varify.js
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://beian.miit.gov.cn/
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/dist/js/deprecated/typescript/static/app.min.js
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/apple-touch-icon.png?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/favicon-16x16.png?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/favicon-32x32.png?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/favicon.ico?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/safari-pinned-tab.svg?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/images/icons/site.webmanifest?v=dLJ3bx2xjj
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/c7r/assets/static/libs/external/jquery-ui.min.js
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/components/TfcP3WYRyZ9A/cookie-banner.min.js
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/components/p9HJ4M2Uz7U4/full.header.min.js
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/components/zkLxDsbw1hz2/full.footer.min.js
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/dist/css/typo3/main.css?1724922195
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/dist/js/typo3/app.min.js?1724922195
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/Park_Domains/Domain-Parking-Profis.jpg
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/Park_Domains/Domain-Parking.jpg
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/Park_Domains/Parking_50-50_1420x1082_EN.jpg
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/Park_Domains/Parking_einrichten.jpg
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/Sell_Domains/Domain_Auction/FAQ.jpg
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin/user_upload/park-domains_bild.png
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin_git/resources/public/JavaScripts/jquery-3.7.1.min.js?1724921946
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/fileadmin_git/resources/public/JavaScripts/splide.min.js?1724921946
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/typo3temp/assets/js/4c6258062633129d69aecce4f0023d9c.js?1718178726
Source: chromecache_160.2.dr	String found in binary or memory: https://cdn.sedo.com/typo3temp/assets/js/cfd16b174d7f7b046e20adbc2e0a1094.js?1689601391
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_160.2.dr	String found in binary or memory: https://faq-us.sedo.com/app/answers/detail/a_id/1168/kw/what%20is%20domain%20parking/search/1
Source: chromecache_160.2.dr	String found in binary or memory: https://faq-us.sedo.com/app/answers/detail/a_id/2827/kw/park/search/1
Source: chromecache_160.2.dr	String found in binary or memory: https://faq-us.sedo.com/app/answers/detail/a_id/689/kw/park/search/1
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_148.2.dr	String found in binary or memory: https://frontend-services.ionos.com/t/tag/SEDO/customerarea.js
Source: chromecache_171.2.dr, chromecache_136.2.dr	String found in binary or memory: https://jqueryui.com
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_140.2.dr, chromecache_241.2.dr	String found in binary or memory: https://search.yahoo.com/search/results
Source: chromecache_160.2.dr	String found in binary or memory: https://sedo.com/member/domainsignup/index.php?language=us
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_166.2.dr	String found in binary or memory: https://twitter.com/sedo
Source: chromecache_166.2.dr	String found in binary or memory: https://twitter.com/sedoDE
Source: chromecache_160.2.dr	String found in binary or memory: https://typo3.org/
Source: chromecache_160.2.dr	String found in binary or memory: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Source: chromecache_147.2.dr, chromecache_124.2.dr	String found in binary or memory: https://www.cbna.com/
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
Source: chromecache_124.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8oaHH3uuIAxU9UZEFHUpGFGcYABAAGgJscg
Source: chromecache_124.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8oaHH3uuIAxU9UZEFHUpGFGcYABABGgJscg
Source: chromecache_124.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi8oaHH3uuIAxU9UZEFHUpGFGcYABACGgJscg
Source: chromecache_147.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwij9rm53uuIAxX2nYMHHa-9KDMYABAAGgJlZg
Source: chromecache_147.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwij9rm53uuIAxX2nYMHHa-9KDMYABABGgJlZg
Source: chromecache_147.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwij9rm53uuIAxX2nYMHHa-9KDMYABACGgJlZg
Source: chromecache_140.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwijoMfD3uuIAxW1nYMHHbVsBzsYABAAGgJlZg
Source: chromecache_140.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwijoMfD3uuIAxW1nYMHHbVsBzsYABABGgJlZg
Source: chromecache_140.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwijoMfD3uuIAxW1nYMHHbVsBzsYABACGgJlZg
Source: chromecache_137.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjD5J693uuIAxVrkYMHHd81IMkYABAAGgJlZg
Source: chromecache_241.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjvhdy33uuIAxVrkYMHHd81IMkYABAAGgJlZg
Source: chromecache_241.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjvhdy33uuIAxVrkYMHHd81IMkYABABGgJlZg
Source: chromecache_241.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjvhdy33uuIAxVrkYMHHd81IMkYABACGgJlZg
Source: chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://www.paypal.com/cn/selfhelp/home
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://www.paypal.com/de/selfhelp/home
Source: chromecache_166.2.dr	String found in binary or memory: https://www.paypal.com/es/selfhelp/home
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://www.paypal.com/pt/selfhelp/home
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://www.paypal.com/us/selfhelp/home
Source: chromecache_241.2.dr	String found in binary or memory: https://www.signnow.com/
Source: chromecache_140.2.dr	String found in binary or memory: https://www.ufbdirect.com/freedomchecking/bundle
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: https://www.united-internet.de/
Source: chromecache_166.2.dr	String found in binary or memory: https://www.united-internet.de/en.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49728 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@24/208@72/22

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2184,i,7239552655901931415,17710681725114952505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://bankwir.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2184,i,7239552655901931415,17710681725114952505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://connect.facebook.net/en_US/fbevents.js	0%	URL Reputation	safe
http://ns.attribution.com/ads/1.0/	0%	URL Reputation	safe
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0	0%	URL Reputation	safe
https://jqueryui.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
api.usercentrics.eu	35.241.3.184	true	false	unknown
www.sedo.com	104.16.140.114	true	false	unknown
bankwir.com	162.255.119.21	true	false	unknown
app.usercentrics.eu	35.190.14.188	true	false	unknown
sedo.cachefly.net	205.234.175.175	true	false	unknown
sedo.com	104.16.141.114	true	false	unknown
syndicatedsearch.goog	142.250.185.110	true	false	unknown
cdn.sedo.com	104.16.140.114	true	false	unknown
parkingpage.namecheap.com	91.195.240.19	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
uct.service.usercentrics.eu	34.95.108.180	true	false	unknown
vip1.g5.cachefly.net	205.234.175.175	true	false	unknown
consent-api.service.consent.usercentrics.eu	35.201.111.240	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
widget.trustpilot.com	52.222.236.60	true	false	unknown
googlehosted.l.googleusercontent.com	172.217.18.1	true	false	unknown
afs.googleusercontent.com	unknown	unknown	false	unknown
img.sedoparking.com	unknown	unknown	false	unknown
www.bankwir.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.sedo.com/c7r/assets/static/libs/external/jquery-ui.min.js	false		unknown
https://consent-api.service.consent.usercentrics.eu/consent/uw/3	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/VirtualServiceItem-d95151cb.js	false		unknown
https://cdn.sedo.com/fileadmin/images/legacy/images/icons/icn-check-beige.svg	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=v9j5kxslamme&aqid=6yj7ZoLRH-rdjuwPstOM8QY&psid=3259787283&pbt=bs&adbx=385.203125&adby=413.015625&adbh=571&adbw=493&adbah=212%2C171%2C171&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=20%7C0%7C1376%7C2057%7C783&lle=0&ifv=1&hpt=0	false		unknown
https://sedo.com/us/park-domains/?tracked=&partnerid=&language=us	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/FirstLayerCustomization-de8ec6f3-0ed66d66.js	false		unknown
https://cdn.sedo.com/components/TfcP3WYRyZ9A/cookie-banner.min.js	false		unknown
https://cdn.sedo.com/components/zkLxDsbw1hz2/e3c69f63348c1ec6e547.png	false		unknown
https://cdn.sedo.com/components/zkLxDsbw1hz2/b75b73e313804cf110ea.svg	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/index.module.js	false		unknown
http://sedo.com/redirect.php?id=22	false		unknown
https://afs.googleusercontent.com/svg/right_arrow.svg	false		unknown
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=ajf1s0f0ifll&aqid=FSn7ZoOGLOuijuwP3-uAyQw&psid=3259787283&pbt=bs&adbx=442.0625&adby=373.359375&adbh=1026&adbw=379&adbah=334%2C334%2C358&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=18%7C0%7C-4781439%7C5%7C4784418&lle=0&ifv=1&hpt=1	false		unknown
https://www.google.com/adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/index-4d0d6d10.js	false		unknown
https://cdn.sedo.com/c7r/assets/static/images/icons/favicon.ico?v=dLJ3bx2xjj	false		unknown
http://img.sedoparking.com/templates/bg/arrows-curved.png	false		unknown
https://www.google.com/images/afs/snowman.png	false		unknown
https://cdn.sedo.com/typo3temp/assets/js/4c6258062633129d69aecce4f0023d9c.js?1718178726	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=9s2srwsu99nc&aqid=Cin7Zu_YCOuijuwP3-uAyQw&psid=3259787283&pbt=bv&adbx=442.0625&adby=373.359375&adbh=1203&adbw=379&adbah=401%2C401%2C401&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=23%7C0%7C-4782737%7C12%7C4785046&lle=0&ifv=1&hpt=1	false		unknown
https://cdn.sedo.com/fileadmin_git/resources/public/JavaScripts/splide.min.js?1724921946	false		unknown
https://sedo.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?	false		unknown
https://sedo.com/service/common.php?v=0.1&m=translate&f=getTexts&language=us&app=com.sedo.translation.global	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/ButtonsCustomization-5698ac85-5d43b15f.js	false		unknown
https://sedo.com/services/parking.php3	false		unknown
http://www.bankwir.com/search/tsc.php?ses=ogcQkbQpzTES3IebH-jL7XHjZBaJcAFoaSa-avJH62SFZ15x2TZWk5GCiUOcmmFAix2mUIhlcIacIOBT4ovgKwAARzX-W2gTMrxEGA62NTxSdgOb30zCDj2huDe6QDewz05_n2ib87RzA7Hsxwue3b9rz7vpxsDSy3FnfxvKgaPoEPsS9-LHgsEn40EKANf-1ToBovE_SHVODsfDg4wbme94iYHhL3DRwEZLpVgxIXa0AJd0YVF6ofq-nPg3OmTUQ9wHwzYgefz5yDvfHIiyADevu-zfd3DlJ_-rlaeDJ24haWRQ7ORilmszsxqyBu4IZt6zsPA7cZAdO1JXAYHQQONrYWiYTo3vGT8lqK-0a5gkbJPdGPuDLXlIXfg&cv=2	false		unknown
https://api.usercentrics.eu/translations/translations-en.json	false		unknown
https://syndicatedsearch.goog/afs/ads/i/iframe.html	false		unknown
https://cdn.sedo.com/components/p9HJ4M2Uz7U4/d26139c0fd3b917ce03b.woff2	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=g2y9xf98rbdi&aqid=Iin7ZqOHO7W7juwPtdmd2AM&psid=3259787283&pbt=bv&adbx=442.0625&adby=373.359375&adbh=1232&adbw=379&adbah=401%2C401%2C430&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=15%7C0%7C-4783771%7C8%7C4784389&lle=0&ifv=1&hpt=1	false		unknown
https://cdn.sedo.com/components/zkLxDsbw1hz2/d5634a838071888dbd2a.png	false		unknown
https://app.usercentrics.eu/browser-ui/latest/loader.js	false		unknown
https://app.usercentrics.eu/session/1px.png?settingsId=5QJe3R54G	false		unknown
https://cdn.sedo.com/components/zkLxDsbw1hz2/48d68b70659b28905e87.jpg	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/DefaultData-fa10cf7f-3d7db9aa.js	false		unknown
http://img.sedoparking.com/templates/logos/sedo_logo.png	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/SecondLayerUI-2d936468-4fd84b50.js	false		unknown
https://app.usercentrics.eu/browser-sdk/4.38.4/cross-domain-bridge.html	false		unknown
http://www.bankwir.com/search/tsc.php?ses=ogcOvUmN52CO_eKsS5JZzE0wynRpt6QbiS6sAHuO_6msznjeTMydQ93ointIivefiiMkkBN_NZP1WxDDsxt58gmUI3k7v-SyUMSMr2tGGCjigQ7KWxayEJJgFOj_5eggQILa25IYaBcIfHpeOUsJz8ZWbj9Isa1HKZefUYxR9gqczds4rqBm0yCZ7J1Jf6c7wbfB7U7yeSJmHNLobTZ93Kck3FGEtHrIs6Hs0zIgy_lpTBM6wGPDV0TmKYKguw-dhwwuXdAXisOicYz3810tShNiPEEjuJnuYzeKyjojdjxmg6E49xGGmDuUa9wzlLggqxKPZ6vddXV_a_t5qGbkpK3crZZGymFtcClYf7VUApPj_TtA9upvttLb_lb&cv=2	false		unknown
https://cdn.sedo.com/typo3temp/assets/js/cfd16b174d7f7b046e20adbc2e0a1094.js?1689601391	false		unknown
https://api.usercentrics.eu/settings/5QJe3R54G/latest/en.json	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=zguyri9jkluj&aqid=Kin7ZrzkLL2ixdwPyozRuAY&psid=3259787283&pbt=bv&adbx=442.0625&adby=373.359375&adbh=1410&adbw=379&adbah=550%2C430%2C430&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=23%7C0%7C2141%7C1367%7C4554&lle=0&ifv=1&hpt=1	false		unknown
https://cdn.sedo.com/fileadmin_git/resources/public/JavaScripts/jquery-3.7.1.min.js?1724921946	false		unknown
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0	false	URL Reputation: safe	unknown
http://www.bankwir.com/	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=fndbf5aaed6e&aqid=Iin7ZqOHO7W7juwPtdmd2AM&psid=3259787283&pbt=bs&adbx=442.0625&adby=373.359375&adbh=1232&adbw=379&adbah=401%2C401%2C430&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=15%7C0%7C-4783771%7C8%7C4784389&lle=0&ifv=1&hpt=1	false		unknown
https://sedo.com/cdn-cgi/challenge-platform/h/g/jsd/r/8cb7b7b79a0b42be	false		unknown
https://img.sedoparking.com/templates/images/hero_nc.svg	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=lp9u7lxh6zn6&aqid=FSn7ZoOGLOuijuwP3-uAyQw&psid=3259787283&pbt=bv&adbx=442.0625&adby=373.359375&adbh=1026&adbw=379&adbah=334%2C334%2C358&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=18%7C0%7C-4781439%7C5%7C4784418&lle=0&ifv=1&hpt=1	false		unknown
https://cdn.sedo.com/fileadmin/images/legacy/images/icons/icn-check-blue.svg	false		unknown
https://cdn.sedo.com/dist/js/typo3/app.min.js?1724922195	false		unknown
https://sedo.com/redirect.php?id=22	false		unknown
https://cdn.sedo.com/components/p9HJ4M2Uz7U4/b75b73e313804cf110ea.svg	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/SaveButton-c74cbe89.js	false		unknown
https://app.usercentrics.eu/browser-ui/3.55.0/index-3ff76a26.js	false		unknown
https://sedo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false		unknown
https://cdn.sedo.com/fileadmin/user_upload/Sell_Domains/Domain_Auction/FAQ.jpg	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=lrsy5ttgkmyk&aqid=6yj7ZoLRH-rdjuwPstOM8QY&psid=3259787283&pbt=bv&adbx=385.203125&adby=413.015625&adbh=571&adbw=493&adbah=212%2C171%2C171&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=20%7C0%7C1376%7C2057%7C783&lle=0&ifv=1&hpt=0	false		unknown
https://cdn.sedo.com/components/p9HJ4M2Uz7U4/full.header.min.js	false		unknown
http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3	false		unknown
http://www.bankwir.com/search/tsc.php?ses=ogcCEgzSeontOgAbrSzHQVODwWyiFd4Smw4NzjHCVuKwwf_Zh7smDYw8XcvF9mEwvIWDdMpWAhDhSCRGbwXXCwb7M94EIr_Y6XNgLEPfbup_J4Ss8zT-lIgI2E1lTQvRqm4D_wHpAD6GCKXnzRLM6h-4XAF_YoB7VMC7Qom8P5eH2cRNIWJys3VzkYjG_PkO-YTn-zuMeAJzDzmh8Vaj_oduMSL0HNXnpScEHSqfUof9WL9FX52GfWZ8EyYqGYtNCgOAY2PVNL6BWyP9SwiMmIxd6bpOZHKALHYm_rGRZTdJzo75bx6Mqs8nv5nNP8HbkZIyHWpLGDGeIaWw9WrCtgsNKgvJgi-8OMtQHqw9GFYlMdCq-lCrC4fiq9n&cv=2	false		unknown
https://cdn.sedo.com/fileadmin/user_upload/Park_Domains/Domain-Parking.jpg	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=hocrzb5il20c&aqid=DSn7ZuO7L_a7juwPr_uimQM&psid=3259787283&pbt=bv&adbx=442.0625&adby=373.359375&adbh=1381&adbw=379&adbah=550%2C401%2C430&adbn=master-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=18%7C0%7C-4783746%7C4%7C4784387&lle=0&ifv=1&hpt=1	false		unknown
https://syndicatedsearch.goog/afs/gen_204?client=dp-sedo80_3ph&output=uds_ads_only&zx=tig31t74dzzu&aqid=6yj7ZoLRH-rdjuwPstOM8QY&pbt=bs&adbx=481.5&adby=986.015625&adbh=16&adbw=300&adbn=slave-1-1&eawp=partner-dp-sedo80_3ph&errv=678245571&csala=12%7C0%7C1384%7C2057%7C784&lle=0&ifv=0&hpt=0	false		unknown
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff	false		unknown
https://sedo.com/service/common.php	false		unknown
https://cdn.sedo.com/components/p9HJ4M2Uz7U4/a7d29342348138d42728.woff2	false		unknown
https://cdn.sedo.com/components/zkLxDsbw1hz2/9f07a3eca6d4792ac529.svg	false		unknown
http://www.bankwir.com/search/tsc.php?ses=ogcV14EreA4EoIZw_-LU2Q3lXkYfE3OnozKITGjNkP94gIIEhFnsW-etuHLK2aqXRE9BVN0UEIe6ycipmPUznSrFgIWiv0JTOxF7CZWlA3KyYQtP-X7oQadg0fHVdSLPOQ-L6b-5J5fASepmmXUHYW-VWf247ymnouT7pDq17b27lz92olfr-O_xbsN-QbuCTyk5jB5E4mDGn_aQpGtR9TofLtNfafVe60H-ztO89PoEV6V-sm8zifpBmp9arqfQGQLcjNjfZtsLt-8lACY-nt2WnoYdtwbIPGhVoClzq3Qm5GHKyKQe0d3NKpOkX3WXJ00KMNhX8UuvlGfZKXkRwh8SbowBPW4IEXz4EnJMGRhIohsEeXyZcfpRqIv&cv=2	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://typo3.org/	chromecache_160.2.dr	false		unknown
https://www.paypal.com/us/selfhelp/home	chromecache_138.2.dr, chromecache_166.2.dr	false		unknown
https://syndicatedsearch.goog	chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	false		unknown
https://www.ufbdirect.com/freedomchecking/bundle	chromecache_140.2.dr	false		unknown
https://cdn.sedo.com/c7r/assets/static/images/icons/safari-pinned-tab.svg?v=dLJ3bx2xjj	chromecache_160.2.dr	false		unknown
https://faq-us.sedo.com/app/answers/detail/a_id/689/kw/park/search/1	chromecache_160.2.dr	false		unknown
https://app.varify.io/varify.js	chromecache_201.2.dr, chromecache_211.2.dr	false		unknown
https://beian.miit.gov.cn/	chromecache_138.2.dr, chromecache_166.2.dr	false		unknown
https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqlxJ0Dh13zDUIXc_C8SfMMTbpTtl	chromecache_124.2.dr	false		unknown
https://www.signnow.com/	chromecache_241.2.dr	false		unknown
https://connect.facebook.net/en_US/fbevents.js	chromecache_201.2.dr, chromecache_211.2.dr	false	URL Reputation: safe	unknown
https://www.united-internet.de/	chromecache_138.2.dr, chromecache_166.2.dr	false		unknown
http://ns.attribution.com/ads/1.0/	chromecache_226.2.dr, chromecache_245.2.dr	false	URL Reputation: safe	unknown
https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqmjPLXAimMMOH1Tlz6VaWtBVKsqQ	chromecache_241.2.dr	false		unknown
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5	chromecache_234.2.dr, chromecache_220.2.dr, chromecache_168.2.dr, chromecache_230.2.dr	false		unknown
https://www.cbna.com/	chromecache_147.2.dr, chromecache_124.2.dr	false		unknown
https://www.paypal.com/es/selfhelp/home	chromecache_166.2.dr	false		unknown
https://cdn.sedo.com/c7r/assets/static/images/icons/favicon-32x32.png?v=dLJ3bx2xjj	chromecache_160.2.dr	false		unknown
https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqnmIzyDTcsQv1Im8xTL_S9biwgke	chromecache_241.2.dr	false		unknown
https://www.paypal.com/de/selfhelp/home	chromecache_138.2.dr, chromecache_166.2.dr	false		unknown
https://cdn.sedo.com/c7r/assets/static/images/icons/favicon-16x16.png?v=dLJ3bx2xjj	chromecache_160.2.dr	false		unknown
https://twitter.com/sedoDE	chromecache_166.2.dr	false		unknown
https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqm5WVQdUf7qJ-9s-EWNG9O-OZuKw	chromecache_147.2.dr	false		unknown
https://sedo.com/member/domainsignup/index.php?language=us	chromecache_160.2.dr	false		unknown
https://www.paypal.com/pt/selfhelp/home	chromecache_138.2.dr, chromecache_166.2.dr	false		unknown
https://www.united-internet.de/en.html	chromecache_166.2.dr	false		unknown
https://cdn.sedo.com/c7r/assets/static/images/icons/apple-touch-icon.png?v=dLJ3bx2xjj	chromecache_160.2.dr	false		unknown
https://jqueryui.com	chromecache_171.2.dr, chromecache_136.2.dr	false	URL Reputation: safe	unknown
https://frontend-services.ionos.com/t/tag/SEDO/customerarea.js	chromecache_148.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
205.234.175.175	sedo.cachefly.net	United States	30081	CACHENETWORKSUS	false
104.16.140.114	www.sedo.com	United States	13335	CLOUDFLARENETUS	false
52.222.236.60	widget.trustpilot.com	United States	16509	AMAZON-02US	false
104.16.141.114	sedo.com	United States	13335	CLOUDFLARENETUS	false
35.241.3.184	api.usercentrics.eu	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
142.250.186.161	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
34.95.108.180	uct.service.usercentrics.eu	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.110	syndicatedsearch.goog	United States	15169	GOOGLEUS	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
172.217.18.1	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
35.190.14.188	app.usercentrics.eu	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.255.119.21	bankwir.com	United States	22612	NAMECHEAP-NETUS	false
142.250.186.100	unknown	United States	15169	GOOGLEUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
35.201.111.240	consent-api.service.consent.usercentrics.eu	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523036
Start date and time:	2024-10-01 00:39:42 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://bankwir.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@24/208@72/22
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.sedo.com/services/parking.php3 Browse: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0 Browse: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0 Browse: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0 Browse: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0&nm=2 Browse: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.186.46, 64.233.167.84, 34.104.35.123, 142.250.185.194, 172.217.18.2, 142.250.185.202, 216.58.212.170, 142.250.181.234, 172.217.18.10, 172.217.16.138, 142.250.184.234, 172.217.16.202, 142.250.184.202, 142.250.74.202, 142.250.185.170, 216.58.206.42, 142.250.185.234, 142.250.186.170, 142.250.185.138, 216.58.206.74, 142.250.186.42, 172.217.23.106, 142.250.186.106, 142.250.186.138, 142.250.185.74, 142.250.186.74, 142.250.185.106, 13.85.23.86, 88.221.110.106, 88.221.110.91, 13.95.31.18, 20.3.187.198, 142.250.184.193, 172.217.18.97, 142.250.186.163, 216.58.212.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, partner.googleadservices.com, clientservices.googleapis.com, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, tpc.googlesyndication.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://bankwir.com/

Input	Output
URL: http://www.bankwir.com/ Model: jbxai	""
	""
URL: http://www.bankwir.com/ Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Learn more", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://sedo.com/us/park-domains/?tracked=&partnerid=&language=us Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Set up domain parking now", "text_input_field_labels":[], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7ri Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"FIND GET A BANK ACCOUNT- GET A BANK ACCOUNT", "prominent_button_name":"Visit Website", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://sedo.com/us/park-domains/?tracked=&partnerid=&language=us Model: jbxai	{ "brand":["Sedo"], "contains_trigger_text":true, "trigger_text":"Earn money, and sell your domains more quickly.", "prominent_button_name":"Set up domain parking now", "text_input_field_labels":["Earn money by advertising: aligned with the domain name and in the language of the visitors to your page", "Attract visitors with advertising instead turning them away with an under construction notification: parked domains can be accessed online and sell twice as fast as offline domains", "Easy to setup and completely free", "Get to know your domain's value: gain valuable visitor statistics as a basis for price negotiations with prospective buyers"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"Visit Website", "prominent_button_name":"Visit Website", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4 Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"This domain has recently been registered with Namecheap.", "prominent_button_name":"Visit Website", "text_input_field_labels":["OHCU Free Checking - Free Checking - Checking with Perks"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4 Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"If you want cashback. a high rate, and other", "prominent_button_name":"Visit Website", "text_input_field_labels":["USE Federal Credit Union", "ohcu.org"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4 Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"This domain has recently been registered with Namecheap.", "prominent_button_name":"Visit Website", "text_input_field_labels":["USE Federal Credit Union", "ohcu.org"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7ri Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"FIND GET NEW BANK ACCOUNT - GET NEW BANK ACCOUNT", "prominent_button_name":"Visit Website", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"Visit Website", "prominent_button_name":"Visit Website", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI Model: jbxai	{ "brand":["namecheap"], "contains_trigger_text":true, "trigger_text":"Visit Website", "prominent_button_name":"Visit Website", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "tmpyiylrfjd", last modified: Tue Sep 17 11:16:29 2024, max compression, original size modulo 2^32 473
Category:	dropped
Size (bytes):	236
Entropy (8bit):	7.101694903074545
Encrypted:	false
SSDEEP:	6:XISDMHA6RQv98lnIQh0z8AuiUAJS6rYcyyln:XIq6Hlnjh0Q36pYD2n
MD5:	810EE2A65A302B5F880E3A00E840D6CE
SHA1:	0216DAA7AE065F8634DF06741E9CC791CAA9C1C0
SHA-256:	570D71A067BF20C244E164897D82D6C8E77D712A5B400A00BE41EFBBD6128487
SHA-512:	898D331822B32A20BD8286B2494EBD1119A8881D82B4C468594838459783C794D8F01D8D00B69B068C5D407C229EC5E899E621E72527127095FF01AE75CAC695
Malicious:	false
Reputation:	low
Preview:	.....e.f..tmpyiylrfjd...Mj.0...=.....f.#...r.U....3A.....^.D-t.....{\|.`..p...8<.#7.......C.^..M}......2...'..(Q....V..o;.j..V[..EL.a..)r"x..q.%...1%.e.oWF(........E.C.=z..B._b..w..+..=...FV5..=x.=..+nH.d.h.+..=...P.n.f...hi.]....

Source: http://www.bankwir.com/	HTTP Parser: No favicon
Source: http://www.bankwir.com/	HTTP Parser: No favicon
Source: http://www.bankwir.com/	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0&nm=2	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0&nm=2	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3	HTTP Parser: No favicon
Source: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: bankwir.com
Source: global traffic	DNS traffic detected: DNS query: www.bankwir.com
Source: global traffic	DNS traffic detected: DNS query: img.sedoparking.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: syndicatedsearch.goog
Source: global traffic	DNS traffic detected: DNS query: afs.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.sedo.com
Source: global traffic	DNS traffic detected: DNS query: sedo.com
Source: global traffic	DNS traffic detected: DNS query: cdn.sedo.com
Source: global traffic	DNS traffic detected: DNS query: widget.trustpilot.com
Source: global traffic	DNS traffic detected: DNS query: app.usercentrics.eu
Source: global traffic	DNS traffic detected: DNS query: api.usercentrics.eu
Source: global traffic	DNS traffic detected: DNS query: consent-api.service.consent.usercentrics.eu
Source: global traffic	DNS traffic detected: DNS query: uct.service.usercentrics.eu

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 00:40:39.634392977 CEST	192.168.2.7	1.1.1.1	0xb024	Standard query (0)	bankwir.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:39.636604071 CEST	192.168.2.7	1.1.1.1	0x34b3	Standard query (0)	bankwir.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:40.150624037 CEST	192.168.2.7	1.1.1.1	0xa84d	Standard query (0)	www.bankwir.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.150918007 CEST	192.168.2.7	1.1.1.1	0x81e0	Standard query (0)	www.bankwir.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:40.944683075 CEST	192.168.2.7	1.1.1.1	0x8c87	Standard query (0)	img.sedoparking.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.944848061 CEST	192.168.2.7	1.1.1.1	0x534c	Standard query (0)	img.sedoparking.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:40.949081898 CEST	192.168.2.7	1.1.1.1	0x1df1	Standard query (0)	img.sedoparking.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.949246883 CEST	192.168.2.7	1.1.1.1	0x1854	Standard query (0)	img.sedoparking.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:40.965743065 CEST	192.168.2.7	1.1.1.1	0x51e6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.965912104 CEST	192.168.2.7	1.1.1.1	0x57ea	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:41.802120924 CEST	192.168.2.7	1.1.1.1	0x679f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:41.838687897 CEST	192.168.2.7	1.1.1.1	0xf2a1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:42.084239960 CEST	192.168.2.7	1.1.1.1	0x69fc	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:42.084789991 CEST	192.168.2.7	1.1.1.1	0xf789	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Oct 1, 2024 00:40:42.731127024 CEST	192.168.2.7	1.1.1.1	0x2247	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:42.732465982 CEST	192.168.2.7	1.1.1.1	0xb029	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Oct 1, 2024 00:40:43.552865028 CEST	192.168.2.7	1.1.1.1	0xd19b	Standard query (0)	img.sedoparking.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.553653002 CEST	192.168.2.7	1.1.1.1	0x2e4f	Standard query (0)	img.sedoparking.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:43.554594994 CEST	192.168.2.7	1.1.1.1	0x5ca4	Standard query (0)	img.sedoparking.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.554594994 CEST	192.168.2.7	1.1.1.1	0xcef2	Standard query (0)	img.sedoparking.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:43.555609941 CEST	192.168.2.7	1.1.1.1	0x9329	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.555609941 CEST	192.168.2.7	1.1.1.1	0x2af5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:43.556360960 CEST	192.168.2.7	1.1.1.1	0x80ae	Standard query (0)	www.bankwir.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.556905985 CEST	192.168.2.7	1.1.1.1	0x5841	Standard query (0)	www.bankwir.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:45.736848116 CEST	192.168.2.7	1.1.1.1	0x9687	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:45.737210035 CEST	192.168.2.7	1.1.1.1	0xd800	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Oct 1, 2024 00:40:46.747453928 CEST	192.168.2.7	1.1.1.1	0x8775	Standard query (0)	afs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:46.747605085 CEST	192.168.2.7	1.1.1.1	0xd26b	Standard query (0)	afs.googleusercontent.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:48.166305065 CEST	192.168.2.7	1.1.1.1	0x9179	Standard query (0)	afs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:48.166541100 CEST	192.168.2.7	1.1.1.1	0x3c25	Standard query (0)	afs.googleusercontent.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:51.791733980 CEST	192.168.2.7	1.1.1.1	0xacb6	Standard query (0)	www.sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:51.792138100 CEST	192.168.2.7	1.1.1.1	0x431a	Standard query (0)	www.sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:52.707684040 CEST	192.168.2.7	1.1.1.1	0xb7fa	Standard query (0)	sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:52.708466053 CEST	192.168.2.7	1.1.1.1	0x4895	Standard query (0)	sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:54.358191013 CEST	192.168.2.7	1.1.1.1	0x1d4d	Standard query (0)	sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:54.358894110 CEST	192.168.2.7	1.1.1.1	0xca82	Standard query (0)	sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:58.102567911 CEST	192.168.2.7	1.1.1.1	0x47f6	Standard query (0)	cdn.sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.103034973 CEST	192.168.2.7	1.1.1.1	0xefbb	Standard query (0)	cdn.sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:58.976850033 CEST	192.168.2.7	1.1.1.1	0x1e34	Standard query (0)	cdn.sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.977142096 CEST	192.168.2.7	1.1.1.1	0x1f74	Standard query (0)	cdn.sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:59.274048090 CEST	192.168.2.7	1.1.1.1	0x1270	Standard query (0)	widget.trustpilot.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.274185896 CEST	192.168.2.7	1.1.1.1	0xe325	Standard query (0)	widget.trustpilot.com	65	IN (0x0001)	false
Oct 1, 2024 00:40:59.942679882 CEST	192.168.2.7	1.1.1.1	0xe8ef	Standard query (0)	sedo.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.942858934 CEST	192.168.2.7	1.1.1.1	0xa26b	Standard query (0)	sedo.com	65	IN (0x0001)	false
Oct 1, 2024 00:41:00.610554934 CEST	192.168.2.7	1.1.1.1	0x9ee5	Standard query (0)	widget.trustpilot.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:00.610836983 CEST	192.168.2.7	1.1.1.1	0x46e7	Standard query (0)	widget.trustpilot.com	65	IN (0x0001)	false
Oct 1, 2024 00:41:01.044631004 CEST	192.168.2.7	1.1.1.1	0xb01	Standard query (0)	app.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:01.045286894 CEST	192.168.2.7	1.1.1.1	0x6aaf	Standard query (0)	app.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:01.724261999 CEST	192.168.2.7	1.1.1.1	0x7d31	Standard query (0)	app.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:01.724494934 CEST	192.168.2.7	1.1.1.1	0x2a52	Standard query (0)	app.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:02.568691969 CEST	192.168.2.7	1.1.1.1	0xc7ac	Standard query (0)	api.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:02.569092989 CEST	192.168.2.7	1.1.1.1	0x4bf9	Standard query (0)	api.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:04.317774057 CEST	192.168.2.7	1.1.1.1	0xf693	Standard query (0)	api.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:04.318372965 CEST	192.168.2.7	1.1.1.1	0xfd51	Standard query (0)	api.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:06.128774881 CEST	192.168.2.7	1.1.1.1	0x2709	Standard query (0)	app.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:06.129442930 CEST	192.168.2.7	1.1.1.1	0xe6e9	Standard query (0)	app.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:11.079781055 CEST	192.168.2.7	1.1.1.1	0x2d55	Standard query (0)	consent-api.service.consent.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.080173969 CEST	192.168.2.7	1.1.1.1	0x571e	Standard query (0)	consent-api.service.consent.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:11.146286964 CEST	192.168.2.7	1.1.1.1	0xf5a0	Standard query (0)	uct.service.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.146435976 CEST	192.168.2.7	1.1.1.1	0x901d	Standard query (0)	uct.service.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:11.935365915 CEST	192.168.2.7	1.1.1.1	0xbcb	Standard query (0)	uct.service.usercentrics.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.935509920 CEST	192.168.2.7	1.1.1.1	0x1306	Standard query (0)	uct.service.usercentrics.eu	65	IN (0x0001)	false
Oct 1, 2024 00:41:27.064723969 CEST	192.168.2.7	1.1.1.1	0xe1ec	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:27.064882040 CEST	192.168.2.7	1.1.1.1	0x2318	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 00:41:44.412004948 CEST	192.168.2.7	1.1.1.1	0xc3fd	Standard query (0)	www.bankwir.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:44.412516117 CEST	192.168.2.7	1.1.1.1	0xceeb	Standard query (0)	www.bankwir.com	65	IN (0x0001)	false
Oct 1, 2024 00:41:45.241705894 CEST	192.168.2.7	1.1.1.1	0x9c8d	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:45.241940022 CEST	192.168.2.7	1.1.1.1	0x7aa8	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Oct 1, 2024 00:41:45.328567028 CEST	192.168.2.7	1.1.1.1	0xd6a6	Standard query (0)	syndicatedsearch.goog	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:45.328785896 CEST	192.168.2.7	1.1.1.1	0x4bdb	Standard query (0)	syndicatedsearch.goog	65	IN (0x0001)	false
Oct 1, 2024 00:41:53.785082102 CEST	192.168.2.7	1.1.1.1	0xddce	Standard query (0)	www.bankwir.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:53.785208941 CEST	192.168.2.7	1.1.1.1	0x5c5f	Standard query (0)	www.bankwir.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 00:40:39.662945032 CEST	1.1.1.1	192.168.2.7	0xb024	No error (0)	bankwir.com		162.255.119.21	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.179007053 CEST	1.1.1.1	192.168.2.7	0x81e0	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.207900047 CEST	1.1.1.1	192.168.2.7	0xa84d	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.207900047 CEST	1.1.1.1	192.168.2.7	0xa84d	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.952198982 CEST	1.1.1.1	192.168.2.7	0x534c	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.952198982 CEST	1.1.1.1	192.168.2.7	0x534c	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.952630043 CEST	1.1.1.1	192.168.2.7	0x8c87	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.952630043 CEST	1.1.1.1	192.168.2.7	0x8c87	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.952630043 CEST	1.1.1.1	192.168.2.7	0x8c87	No error (0)	vip1.g5.cachefly.net		205.234.175.175	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.956245899 CEST	1.1.1.1	192.168.2.7	0x1df1	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.956245899 CEST	1.1.1.1	192.168.2.7	0x1df1	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.956245899 CEST	1.1.1.1	192.168.2.7	0x1df1	No error (0)	vip1.g5.cachefly.net		205.234.175.175	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.956265926 CEST	1.1.1.1	192.168.2.7	0x1854	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.956265926 CEST	1.1.1.1	192.168.2.7	0x1854	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:40.972721100 CEST	1.1.1.1	192.168.2.7	0x51e6	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:40.972754002 CEST	1.1.1.1	192.168.2.7	0x57ea	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 00:40:41.809211969 CEST	1.1.1.1	192.168.2.7	0x679f	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:41.845432997 CEST	1.1.1.1	192.168.2.7	0xf2a1	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 00:40:42.093800068 CEST	1.1.1.1	192.168.2.7	0x69fc	No error (0)	syndicatedsearch.goog		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:42.737718105 CEST	1.1.1.1	192.168.2.7	0x2247	No error (0)	syndicatedsearch.goog		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.560518026 CEST	1.1.1.1	192.168.2.7	0xd19b	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.560518026 CEST	1.1.1.1	192.168.2.7	0xd19b	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.560518026 CEST	1.1.1.1	192.168.2.7	0xd19b	No error (0)	vip1.g5.cachefly.net		205.234.175.175	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.561935902 CEST	1.1.1.1	192.168.2.7	0xcef2	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.561935902 CEST	1.1.1.1	192.168.2.7	0xcef2	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.562124014 CEST	1.1.1.1	192.168.2.7	0x9329	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.562323093 CEST	1.1.1.1	192.168.2.7	0x2af5	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 00:40:43.564950943 CEST	1.1.1.1	192.168.2.7	0x5ca4	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.564950943 CEST	1.1.1.1	192.168.2.7	0x5ca4	No error (0)	sedo.cachefly.net		205.234.175.175	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:43.567094088 CEST	1.1.1.1	192.168.2.7	0x2e4f	No error (0)	img.sedoparking.com	sedo.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.567094088 CEST	1.1.1.1	192.168.2.7	0x2e4f	No error (0)	sedo.cachefly.net	vip1.g5.cachefly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.593518972 CEST	1.1.1.1	192.168.2.7	0x5841	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.597758055 CEST	1.1.1.1	192.168.2.7	0x80ae	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:43.597758055 CEST	1.1.1.1	192.168.2.7	0x80ae	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:45.744379044 CEST	1.1.1.1	192.168.2.7	0x9687	No error (0)	syndicatedsearch.goog		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:46.756320000 CEST	1.1.1.1	192.168.2.7	0xd26b	No error (0)	afs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:46.756812096 CEST	1.1.1.1	192.168.2.7	0x8775	No error (0)	afs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:46.756812096 CEST	1.1.1.1	192.168.2.7	0x8775	No error (0)	googlehosted.l.googleusercontent.com		172.217.18.1	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:48.174721003 CEST	1.1.1.1	192.168.2.7	0x3c25	No error (0)	afs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:48.175079107 CEST	1.1.1.1	192.168.2.7	0x9179	No error (0)	afs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:40:48.175079107 CEST	1.1.1.1	192.168.2.7	0x9179	No error (0)	googlehosted.l.googleusercontent.com		142.250.186.161	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:51.800488949 CEST	1.1.1.1	192.168.2.7	0xacb6	No error (0)	www.sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:51.800488949 CEST	1.1.1.1	192.168.2.7	0xacb6	No error (0)	www.sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:52.714790106 CEST	1.1.1.1	192.168.2.7	0xb7fa	No error (0)	sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:52.714790106 CEST	1.1.1.1	192.168.2.7	0xb7fa	No error (0)	sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:54.366873980 CEST	1.1.1.1	192.168.2.7	0x1d4d	No error (0)	sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:54.366873980 CEST	1.1.1.1	192.168.2.7	0x1d4d	No error (0)	sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.110657930 CEST	1.1.1.1	192.168.2.7	0x47f6	No error (0)	cdn.sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.110657930 CEST	1.1.1.1	192.168.2.7	0x47f6	No error (0)	cdn.sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.986345053 CEST	1.1.1.1	192.168.2.7	0x1e34	No error (0)	cdn.sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:58.986345053 CEST	1.1.1.1	192.168.2.7	0x1e34	No error (0)	cdn.sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.282593012 CEST	1.1.1.1	192.168.2.7	0x1270	No error (0)	widget.trustpilot.com		52.222.236.60	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.282593012 CEST	1.1.1.1	192.168.2.7	0x1270	No error (0)	widget.trustpilot.com		52.222.236.94	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.282593012 CEST	1.1.1.1	192.168.2.7	0x1270	No error (0)	widget.trustpilot.com		52.222.236.107	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.282593012 CEST	1.1.1.1	192.168.2.7	0x1270	No error (0)	widget.trustpilot.com		52.222.236.71	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.950627089 CEST	1.1.1.1	192.168.2.7	0xe8ef	No error (0)	sedo.com		104.16.140.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:40:59.950627089 CEST	1.1.1.1	192.168.2.7	0xe8ef	No error (0)	sedo.com		104.16.141.114	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:00.618730068 CEST	1.1.1.1	192.168.2.7	0x9ee5	No error (0)	widget.trustpilot.com		52.222.236.60	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:00.618730068 CEST	1.1.1.1	192.168.2.7	0x9ee5	No error (0)	widget.trustpilot.com		52.222.236.71	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:00.618730068 CEST	1.1.1.1	192.168.2.7	0x9ee5	No error (0)	widget.trustpilot.com		52.222.236.94	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:00.618730068 CEST	1.1.1.1	192.168.2.7	0x9ee5	No error (0)	widget.trustpilot.com		52.222.236.107	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:01.052854061 CEST	1.1.1.1	192.168.2.7	0xb01	No error (0)	app.usercentrics.eu		35.190.14.188	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:01.732275009 CEST	1.1.1.1	192.168.2.7	0x7d31	No error (0)	app.usercentrics.eu		35.190.14.188	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:02.576819897 CEST	1.1.1.1	192.168.2.7	0xc7ac	No error (0)	api.usercentrics.eu		35.241.3.184	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:04.341527939 CEST	1.1.1.1	192.168.2.7	0xf693	No error (0)	api.usercentrics.eu		35.241.3.184	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:06.135984898 CEST	1.1.1.1	192.168.2.7	0x2709	No error (0)	app.usercentrics.eu		35.190.14.188	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:09.643970966 CEST	1.1.1.1	192.168.2.7	0x45ee	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:09.643970966 CEST	1.1.1.1	192.168.2.7	0x45ee	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.086647034 CEST	1.1.1.1	192.168.2.7	0x2d55	No error (0)	consent-api.service.consent.usercentrics.eu		35.201.111.240	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.153244019 CEST	1.1.1.1	192.168.2.7	0xf5a0	No error (0)	uct.service.usercentrics.eu		34.95.108.180	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:11.942049026 CEST	1.1.1.1	192.168.2.7	0xbcb	No error (0)	uct.service.usercentrics.eu		34.95.108.180	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:27.071381092 CEST	1.1.1.1	192.168.2.7	0xe1ec	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:27.071732998 CEST	1.1.1.1	192.168.2.7	0x2318	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 00:41:30.729588985 CEST	1.1.1.1	192.168.2.7	0xe3ba	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:30.729588985 CEST	1.1.1.1	192.168.2.7	0xe3ba	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:44.443423986 CEST	1.1.1.1	192.168.2.7	0xceeb	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:41:44.468861103 CEST	1.1.1.1	192.168.2.7	0xc3fd	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:41:44.468861103 CEST	1.1.1.1	192.168.2.7	0xc3fd	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:45.250425100 CEST	1.1.1.1	192.168.2.7	0x9c8d	No error (0)	syndicatedsearch.goog		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:45.341067076 CEST	1.1.1.1	192.168.2.7	0xd6a6	No error (0)	syndicatedsearch.goog		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:52.376882076 CEST	1.1.1.1	192.168.2.7	0x6bff	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:52.376882076 CEST	1.1.1.1	192.168.2.7	0x6bff	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 1, 2024 00:41:53.822777987 CEST	1.1.1.1	192.168.2.7	0x5c5f	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:41:53.965725899 CEST	1.1.1.1	192.168.2.7	0xddce	No error (0)	www.bankwir.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 00:41:53.965725899 CEST	1.1.1.1	192.168.2.7	0xddce	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:39.669157982 CEST	426	OUT	GET / HTTP/1.1 Host: bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:40.146595001 CEST	285	IN	HTTP/1.1 302 Found Date: Mon, 30 Sep 2024 22:40:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 46 Connection: keep-alive Location: http://www.bankwir.com/ X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 62 61 6e 6b 77 69 72 2e 63 6f 6d 2f 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='http://www.bankwir.com/'>Found</a>.

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:40.213972092 CEST	430	OUT	GET / HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:40.880218029 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:40:40 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_UMNYaxwyVXzMtf4Ja6SmOZ7nUzaZo5jU/nybSX9CSfBeBKlrBXaXTCPOWsSTtoCCB9pCGEGcbtYC+VJCtS9h/Q== last-modified: Mon, 30 Sep 2024 22:40:40 GMT x-cache-miss-from: parking-75d9cf65f9-b9tc5 server: Parking/1.0 content-encoding: gzip Data Raw: 38 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 59 eb 6e db 38 16 fe bf 4f a1 7a 90 45 3b b5 6c d9 89 1d 47 4e 0a 24 69 da e9 bd 9d f4 92 b4 28 0a 4a a2 2c 36 12 a9 15 29 5f e2 35 b0 af b1 af b7 4f b2 87 a4 24 4b b2 ec 26 83 a9 d1 58 22 79 0e cf e5 3b 17 d2 c7 0f 9e be 3b ff 78 fd fe c2 08 44 14 3e 39 96 7f 8d 10 d1 c9 49 0b d3 96 61 78 48 20 13 79 4e c8 dc 9b 1b bc 38 79 f3 6c 36 7b fa e1 fa e5 2b f6 f5 45 30 75 df 9e 7e b8 38 3b fb 70 fa f4 72 76 3a bb 3c 7d 79 76 fa 96 2e c2 2f b3 fe f4 f5 f5 41 f0 89 1e cd ac e1 ed 87 57 4e f0 ea cc 9f fe 7c f6 e9 9c 7b cf 42 67 f8 d1 fb 10 cc 9d a3 3f af be 5c a5 2f 0e c4 7e cf 7d cc 46 fe f5 bb 69 97 8f fe d5 7b fd fc fd 04 ed 3f bd e8 bd ee 8a 3f 3e 1d bc be 78 fb e6 fc 74 76 71 7a fa e1 e4 e4 c7 a7 37 6f af d1 7c b6 f8 7c 75 fb 46 f8 07 2f d1 f0 32 7a f7 f5 90 7e ba 45 5f d9 e0 e7 a7 2e 5d 38 97 57 47 e7 97 fe 19 3e 7b 15 26 67 57 e8 ea e3 f9 fb 77 5f f8 e5 47 c1 ce cf cf 8e e2 f3 e7 17 cf 5d 47 5c 9f 3f fe fc f2 5c 5c 1e 05 5d 60 0c aa 63 e4 3d 39 8e b0 40 [TRUNCATED] Data Ascii: 841Yn8OzE;lGN$i(J,6)_5O$K&X"y;;xD>9IaxH yN8yl6{+E0u~8;prv:<}yv./AWN\|{Bg?\/~}Fi{??>xtvqz7o\|\|uF/2z~E_.]8WG>{&gWw_G]G\?\\]`c=9@cqJoZO!~ z3#Ie?qOYz$B09j=E>iM,-eT`'OM&B('DiTI9N+r`jU0wK1J;T17 %AbCAZI6BnY<'`1q9\|d !)KCB.tR"Wf
Oct 1, 2024 00:40:40.880245924 CEST	224	IN	Data Raw: 73 8c 12 37 c8 e4 78 00 56 08 09 bd f9 87 91 fd 4b 70 78 d2 22 60 80 56 31 24 16 31 18 88 44 68 82 bb 31 9d ac 27 82 04 fb 27 ad 6e 97 44 93 0e c7 1e 8b 51 22 f5 93 f2 74 05 8e e2 10 09 cc bb 21 9b 30 de 95 f3 3f e4 63 47 b1 e8 3e 39 e6 62 01 ae Data Ascii: s7xVKpx"`V1$1Dh1''nDQ"t!0?cG>9b.u`Pi1=XG5ro"QPn%I ^77J)3<rXF(j[+8pgL-(9,lVAo
Oct 1, 2024 00:40:40.880256891 CEST	1236	IN	Data Raw: 14 73 bb 8f a3 71 c6 af 33 3c c4 91 61 ad 7c 32 71 91 42 5f 1b 1e 53 f0 6e 84 48 9d 89 9e c9 45 e9 01 e1 81 15 cf 57 41 b2 74 d8 5c b2 06 e3 db 19 76 4d 18 1a 67 da 5b 63 36 c5 89 1f b2 99 3d 25 9c 00 fa 57 31 f0 51 02 f9 28 22 e1 c2 8e 18 65 3c Data Ascii: sq3<a\|2qB_SnHEWAt\vMg[c6=%W1Q("e<F.?V+t{3IXJ=[$$&!`B\|S!DNd ,)x\a'H7n1<is0:JB<x\^q6GQ\|Ox>*ltWM[8{,ka#OA4.
Oct 1, 2024 00:40:40.880269051 CEST	1236	IN	Data Raw: db 00 70 fd 14 9f 4c 1c f4 b0 6f 59 ed fc 3f 1c 4b 1e 8d a5 f8 d6 38 13 7a 8d 7a 2d e2 fa 66 44 1e 2a 35 77 79 51 d8 d9 e7 63 75 30 6a 18 6f 1a 6a ca 00 1b 0a 54 7b a0 8a 93 7a 03 6b 6f 8d 3d 8d be dd 3c ca c8 cd ee 57 73 06 3d 0d 0a 32 32 41 0d Data Ascii: pLoY?K8zz-fD*5wyQcu0jojT{zko=<Ws=22AkOyQl0~%FId/[Bl>CQc;33Cx!vbW5YdfM0UL,2iV.8/7szNQk2_(kx
Oct 1, 2024 00:40:40.880280018 CEST	1236	IN	Data Raw: 30 f4 91 62 be 5e 7b 2e f3 f7 20 8e 82 1e 82 48 02 0f 3d d1 7d 95 3c 55 34 71 38 fe 76 21 fd 9f 21 89 08 4d 32 1c 7d 9e 38 a5 92 39 fe 03 9b 3c 80 f2 c0 25 8f 40 de 63 92 87 c9 8f d9 e3 11 d0 98 3b 1e 81 bd cd 1c 27 de 3d ef fd 7b 56 1c d8 96 97 Data Ascii: 0b^{. H=}<U4q8v!!M2}89<%@c;'={V:{\|I5]YNz5_U:F:'&;\|IVab)'2Wo"LaZ~?:8(/Mh\Bu,}{LC/+e!nh;unD/P=K{D
Oct 1, 2024 00:40:40.880290031 CEST	1060	IN	Data Raw: c6 f5 a1 31 1f 0d f6 73 68 b8 2c c0 fc 36 08 40 a1 5a 04 dc 89 7c 4c c7 1b 1a 6a 58 53 ea 7e 4e 81 e2 dd 2a ce 81 58 e7 a8 c9 a2 ab b7 46 13 46 58 e4 18 be 52 23 f8 7e 77 c1 f7 3b 3b be d8 35 a7 45 93 9e ec 6b 75 be 63 fd 7e 71 7f 68 cd 9c 05 6b Data Ascii: 1sh,6@Z\|LjXS~N*XFFXR#~w;;5Ekuc~qhkH~/bBs+k)&Zn]K5(C3`g(8EqDc,Er4d>Fb/jz:sz0h-Pcuw"K>8pa2\b)ED_
Oct 1, 2024 00:40:40.880307913 CEST	1236	IN	Data Raw: 38 37 46 0d 0a ac 1c 6b 53 db 38 f0 af b8 be 9b 10 4f 8c 49 c8 f5 15 23 3a 90 c2 1d 33 f4 da 03 3a 73 37 0c c3 38 89 03 6e 4d ec da 0e 90 0b fa ef b7 bb 92 65 f9 91 10 e6 ca 87 36 96 56 eb dd d5 be b4 b2 54 ef 2b 38 49 46 9a 10 aa ac ae 7e 27 6d Data Ascii: 87FkS8OI#:3:s78nMe6VT+8IF~'mm2+T):/(Q,k##uRU{Fq@qT+t_Zg9V=OAL?~Cv} Aj"C\|@ ^ 95PWqO},2x
Oct 1, 2024 00:40:40.880321980 CEST	224	IN	Data Raw: 21 15 45 25 27 f4 67 37 d9 ed 7e d7 5a 56 3a d6 4e 34 2c 20 52 29 7e a6 98 6a 6b ad 16 b7 cb f8 2c 57 c9 59 b4 66 52 fe ec b2 c6 d9 15 ea c6 d8 cb 2a b4 5a dc 87 d4 6f b9 0a 4f 0d 0d e7 ba ed 15 fe 4d 25 0f 8a 35 e9 05 0e c6 63 3f 06 a5 81 f0 ee Data Ascii: !E%'g7~ZV:N4, R)~jk,WYfR*ZoOM%5c?eTOPYC4)g\|N93@$M->DH"UB,IA@B+l5<>I2$!LJ}]K3RhvegQgRP+fs1[7tM^{
Oct 1, 2024 00:40:40.969430923 CEST	1183	IN	Data Raw: 03 66 1f b1 c4 78 7f e1 09 d8 6b 9d 11 c4 59 1a 24 6d 0a b8 ee 3e 3d e5 d1 57 6b cc 59 e7 a8 5e 52 f5 d8 cc 7f 30 fe fe 74 fa 47 96 c5 67 a2 c9 95 5d 62 89 66 fe 7e 74 01 d9 d9 a8 93 23 ec 94 de 69 93 a6 a8 21 b0 ae 00 66 78 a1 ab 78 24 15 4c 66 Data Ascii: fxkY$m>=WkY^R0tGg]bf~t#i!fxx$LfN#2PY3=C8}=&M-wUU.))<:GS0: $b>Pu9N)YF402{]M2uKayQ^obr9W.]b!7
Oct 1, 2024 00:40:42.747816086 CEST	705	OUT	GET /search/tsc.php?ses=ogcVt54d5CL1QzrEa2Fnlup2YwhjFZWtx5ieJ-i5M1BAqpknHMrN-3ZcPQyhBkBhXvtw0sPQcrD3jocC371nD7s_gxJVCVbnDi15G1kxLffDCjC35IADRf6EiBwa1NMoNxPKUpiQM7BPe_s78qN4h25yQOVG_p59c5_09dlcDL7IJ5KN6iqBhGi5LxR1lW9aC8i8pirx54A39C3JeCyRGy6OHn_3BhwHNX8IkCHpzp7bAjWNoMEu4GyWwWwn0WdxBnuPdkE_SU7NbvaSWSDHGyDs9iVUWolf1nf3JqWcEH1EIbOZw5_3XW8PrzkTvc5CvkZVHnh8D05ZvQk33nE-BTgr46Mdvet9Qe_tXJHu4lVTrc-Vfw66UE8o1kC&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:42.948451042 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:40:42 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-fvx6t server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:40.983102083 CEST	397	OUT	GET /templates/bg/arrows-curved.png HTTP/1.1 Host: img.sedoparking.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:41.443320990 CEST	540	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 22:40:41 GMT Content-Type: image/png Content-Length: 13502 Connection: keep-alive Access-Control-Allow-Origin: * Cache-Control: max-age=604800 Expires: Mon, 07 Oct 2024 22:40:41 GMT X-CFHash: "107694ee1e94990d97b7e58651ffd6a0" X-CFF: B Last-Modified: Tue, 12 Oct 2021 05:19:02 GMT X-CF3: H CF4Age: 0 x-cf-tsc: 1724339305 CF4ttl: 31536000.000 X-CF2: H Server: CFS 1124 X-CF-ReqID: 921b81571a903ad0b06087cb368cecfe X-CF1: 11696:fM.iad2:cf:nom:cacheN.iad2-01:H Accept-Ranges: bytes
Oct 1, 2024 00:40:41.443356037 CEST	1236	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9d 00 00 02 52 08 06 00 00 00 18 89 18 5e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 Data Ascii: PNGIHDRR^pHYssRGBgAMAa4SIDATx\yFUbUA#VJ?.wUD&AP&Q#qAd\E[Y';{+_<y9ko-J%C)I37oe
Oct 1, 2024 00:40:41.443367004 CEST	1236	IN	Data Raw: 50 e9 00 f5 d9 bf 64 6e a0 ee 50 fd 00 fb a8 74 80 fa ec 5f 32 47 f5 03 1c a0 d2 01 16 8b ea 07 51 a3 d2 01 16 8b ea 07 51 a3 d2 01 96 8f ea 07 d1 a0 d2 01 96 8f ea 07 d1 a0 d2 01 dc 94 2a ad b7 32 ad 36 a8 7e 10 12 42 07 70 9d 96 ae 4e 74 5b 3e Data Ascii: PdnPt_2GQQ26~BpNt[>u.5uS=Ov&7\|W~h+ov7[__Q%5M65*%}Y~RWZ:Ygou'Zg?t@5t)AHN$Q&u!
Oct 1, 2024 00:40:41.443377018 CEST	448	IN	Data Raw: 76 9e 89 36 42 e7 b0 50 03 88 c1 03 00 55 99 eb 8c 36 42 e7 68 36 80 b6 76 d5 ce 46 28 63 d8 a5 c1 03 5a 6f 00 e6 31 f3 28 35 a1 33 81 fc 9a 06 ad 36 42 d9 07 94 87 8f f9 9e 33 78 00 60 0e 33 8d 52 13 3a 53 2a 36 a2 be fb e3 0b 95 1f 0f b1 0c b4 Data Ascii: v6BPU6Bh6vF(cZo1(536B3x`3R:S*6jQjBgVW3tBY`SR:f)M<N RZo&4B.hNu"Bg1RS}x``c7:c<7<J8AuL/tS\2`!t
Oct 1, 2024 00:40:41.443433046 CEST	1236	IN	Data Raw: f9 d8 7a 6b ad bf b2 2a a7 4e ad d3 7a 03 9c 37 36 70 2c 42 27 52 de ef f9 39 ff fa ba f9 f1 bd ca c8 35 e0 9c 23 03 c7 22 74 22 67 c2 a7 67 5a 6f 1b 01 b4 de ec d4 db aa 00 58 a6 63 03 c7 22 74 50 48 95 34 36 b6 d5 a7 5b 5e b6 de 38 ed 00 58 2e Data Ascii: zkNz76p,B'R95#"t"ggZoXc"tPH46[^8X.-8'NmM4,=QM8Ix7&SE`pTc*5\2?6\|`r3E`^yuk)8A\|?D_UZ
Oct 1, 2024 00:40:41.443444014 CEST	1236	IN	Data Raw: f5 19 42 08 70 06 63 d8 70 ce dc a1 33 aa b9 f6 ca 6a e3 33 8d 35 42 08 70 4a 3a 5c 07 da da d9 d9 ee a6 5d 46 77 b1 1c 95 87 ce a8 22 84 1a 92 ac 9b f5 a0 33 c2 09 b3 c0 d2 15 eb 40 59 26 77 68 c3 61 91 6a 0f 9d 51 b6 1d 37 90 6c 4d 69 39 6b 2a Data Ascii: Bpcp3j35BpJ:\]Fw"3@Y&whajQ7lMi9k*5,<tFohNB:eTAsR43IaOTUPK(Zq]Bp:tA\8 h$NmiD+QkH~tR=aSV[WPJ57C<`
Oct 1, 2024 00:40:41.443454027 CEST	1236	IN	Data Raw: 5f 5a 6f 8c 5c 03 51 32 c1 93 98 e0 39 9f ca 9c 08 1d 77 78 37 78 c0 c8 35 10 05 f3 bb b1 7e f1 67 3f fa d6 86 54 80 d0 71 4f df 7c 8f 3b 5e b6 de 18 b9 06 42 a3 b5 1a 5c 79 ef ad ef b4 a5 22 84 8e cb 94 ee 66 a2 6e f9 72 e2 01 23 d7 40 40 b4 7e Data Ascii: _Zo\Q29wx7x5~g?TqO\|;^B\y"fnr#@@~8/~\|B^X<e8C[>rKoT640)`p^c:[o>m88pm8aW:A7Zohon[DXNiKo},Fi5SwY0B
Oct 1, 2024 00:40:41.443466902 CEST	1236	IN	Data Raw: 07 58 ae 94 00 42 4c 08 1d c0 1d 07 6b 40 9f 0e 76 ba 0c 21 20 44 ea df 3c fb dd 1b 4a ab ab a2 84 c3 fe 00 87 14 53 70 8c 61 23 24 aa 78 e3 cb ad ef b6 cc 3b 67 24 51 6b 5a cb 1a 21 04 38 44 e9 ae 0d a0 ed 44 ee 7c f8 b7 2f 47 71 ad 31 c2 a4 8e Data Ascii: XBLk@v! D<JSpa#$x;g$QkZ!8DD\|/Gq1DB-{pE:\|&5{TApS{l6$[S:K+pJj BgU([igZqZqpA%SVTA\| 1&LwN$]BPy~N*Smhn
Oct 1, 2024 00:40:41.443530083 CEST	328	IN	Data Raw: 63 dd 07 88 cf 70 4f cf 0d 71 44 22 98 9a 09 e9 4b aa 91 dd b5 81 fd a5 67 be e3 45 0b eb 83 de cb ed 7f bc fb d2 57 92 6c f0 bc 69 19 76 05 40 f8 b4 dc cd b2 a4 2d 0e a1 d2 a9 86 77 83 07 ac fb 00 81 d3 d2 fe 58 ef 5c 77 ed 90 50 42 a7 62 be 1d Data Ascii: cpOqD"KgEWliv@-wX\wPBb8Q;@8O>x})KpF:Q;t"?r[F,7FiytviBgkq)-w:9#\|m,ye;W\>Zor,#'!t
Oct 1, 2024 00:40:41.443571091 CEST	1236	IN	Data Raw: 21 74 3c a6 95 f4 ed 25 73 3e b6 de d8 70 0a 9c cc d7 09 b5 e3 10 3a 81 f0 6d e4 da 1a 0e 1e d8 3d 3f 2d 01 30 c2 df 09 b5 e3 10 3a e1 f1 ee a0 51 ce 7a 03 0e 31 0f 61 79 f1 83 77 5e da 90 00 11 3a e1 4a b5 56 9d 5d a5 6e 79 d5 7a 63 f0 00 31 f3 Data Ascii: !t<%s>p:m=?-0:Qz1ayw^:JV]nyzc1Y:zm&:mA~c{.:qnA81G-":g'S[>\[T?RG!t0k~20pBG[mpNDG!tp"O;(pQL
Oct 1, 2024 00:40:41.448380947 CEST	1236	IN	Data Raw: 94 04 95 dc a5 1a 82 4b 66 0a 9d 32 02 08 70 df 70 a3 6a cf bc dc 53 7a c5 54 44 92 12 44 58 86 b9 43 a7 8c 00 02 fc b2 bf 36 24 a9 28 d5 b3 ad b9 bd 47 d2 63 cf 10 ea 54 69 e8 94 1d ac 01 65 72 89 21 04 c0 1f e5 aa 48 92 e4 41 1e 46 26 98 98 9a Data Ascii: Kf2ppjSzTDDXC6$(GcTier!HAF&Cj<tv";=~Hj }ZuBB}@@IGJ6vZCK\|R^h.xS:Pj#RMP*~R\2/TcXjWo)IvCh
Oct 1, 2024 00:40:46.745724916 CEST	396	OUT	GET /templates/logos/sedo_logo.png HTTP/1.1 Host: img.sedoparking.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:46.862633944 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 22:40:46 GMT Content-Type: image/png Content-Length: 15086 Connection: keep-alive Access-Control-Allow-Origin: * Cache-Control: max-age=604800 Expires: Mon, 07 Oct 2024 22:40:46 GMT X-CFHash: "def00c11b1596db4efee6a9fbe64fc27" X-CFF: B Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT X-CF3: H CF4Age: 0 x-cf-tsc: 1724339300 CF4ttl: 31536000.000 X-CF2: H Server: CFS 1124 X-CF-ReqID: 9184af09402a536ace8d987ade76a265 X-CF1: 11696:fM.iad2:cf:nom:cacheN.iad2-01:H Accept-Ranges: bytes Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8e 40 03 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 40 03 04 8b 41 07 11 8d 41 04 20 8d 41 04 20 8d 41 04 20 8e 41 03 2e 8d 41 04 20 8d 41 04 20 8b 41 07 11 8e 40 03 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8f 40 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8f 40 04 01 00 00 00 00 00 00 00 00 00 00 00 00 8e 40 03 04 8e 41 03 2e [TRUNCATED] Data Ascii: 00 %6 % h6(0` $@@@@AA A A A.A A A@@@@@@@@A.AU@@@@@@@@@@@@@@@@}AUA @@@@@A.@j@@@@@@@@@@@@@@@@@@@@@@@@}A.@@@A @

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:43.572984934 CEST	302	OUT	GET /templates/bg/arrows-curved.png HTTP/1.1 Host: img.sedoparking.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:44.030237913 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 22:40:43 GMT Content-Type: image/png Content-Length: 13502 Connection: keep-alive Access-Control-Allow-Origin: * Cache-Control: max-age=604800 Expires: Mon, 07 Oct 2024 22:40:43 GMT X-CFHash: "107694ee1e94990d97b7e58651ffd6a0" X-CFF: B Last-Modified: Tue, 12 Oct 2021 05:19:02 GMT X-CF3: H CF4Age: 8019 x-cf-tsc: 1722376099 CF4ttl: 31527980.000 X-CF2: H Server: CFS 1124 X-CF-ReqID: 621e2f855b7271a3d7e549ad08f5f656 X-CF1: 11696:fR.iad2:cf:nom:cacheN.iad2-01:H Accept-Ranges: bytes Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9d 00 00 02 52 08 06 00 00 00 18 89 18 5e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 34 53 49 44 41 54 78 01 ed dd cd 93 5c d7 79 df f1 e7 dc 1e ca 88 94 94 46 91 55 e5 8a 62 b3 55 8e 1c 96 17 41 8b d9 07 23 56 d9 d1 ca 18 a2 ca 89 00 4a c2 cb 3f 00 80 2e 95 77 11 a0 55 44 26 e5 41 fe 01 f6 50 26 c1 8a 17 ec d9 51 d2 82 8d b5 23 a2 b1 71 41 a4 64 5c 96 45 5b 16 a5 a0 59 15 92 98 97 be 27 e7 dc e9 3b b8 d3 e8 99 e9 97 7b bb cf cb f7 a3 1a ce 2b 5f 84 99 ee df 3c cf 79 ce 39 ea 6b e7 6f bf 2d 4a 9a a2 25 15 43 29 49 33 c9 de 37 6f a6 92 65 a9 0c 92 be ec ee a4 bd ce e5 be 00 00 30 87 95 e1 eb 66 1e 3c 86 36 2f 4a 92 fd 8f 26 e6 b5 7d f3 a9 53 f2 b5 17 6e f7 25 93 9e 12 31 e1 a3 df cf 1a c9 03 d9 db bd 27 b2 97 f6 de b8 9c 0a 00 00 27 58 99 f8 2b b5 ac 9a 34 5a d3 f9 3b 4a 54 66 de 4a 56 f2 7f c4 d7 2e dc b6 1f ec 29 53 2d 65 2a bb 27 [TRUNCATED] Data Ascii: PNGIHDRR^pHYssRGBgAMAa4SIDATx\yFUbUA#VJ?.wUD&AP&Q#qAd\E[Y';{+_<y9ko-J%C)I37oe0f<6/J&}Sn%1''X+4Z;JTfJV.)S-e*'ZdOy'a{mMCr1VLK@:HN^}exN\/klP\j:vr_3n.!n?t8pNX5Dwd8`iBQ=L:`bL+Ne7tFVxSe{:H]!`6ooqNixNhz1%T?VlD+Bg9zZNBD-U[%~/DJ?F)5
Oct 1, 2024 00:40:44.030273914 CEST	224	IN	Data Raw: 84 88 4a c7 1f c3 f1 6b b9 49 f5 03 c0 57 84 8e 8f ec 35 0c 89 6e 73 fc 0e 00 df d0 5e f3 91 f9 25 21 6f bf 7d ee d4 83 67 2f dc 7e a5 f5 e7 af b5 04 00 3c 40 a5 13 0e 86 0f 00 38 8f 4a 27 1c 07 c3 07 54 3f 00 5c 45 a5 13 b6 fd 93 0f 58 fb 01 e0 Data Ascii: JkIW5ns^%!o}g/~<@8J'T?\EX\|vS`hY"`h}?J'^y7[@tP5ZQ5F`,&&6`VT:T3A`jy.7z0Tp
Oct 1, 2024 00:40:44.030296087 CEST	1236	IN	Data Raw: 37 00 47 20 74 50 29 a6 de 00 1c 87 f6 1a ea c6 86 53 00 07 a8 74 50 37 36 9c 02 38 40 e8 60 61 0e b5 de ce bf be 2e 00 a2 43 e8 60 f1 4c 3b 57 29 f5 e6 d7 2e dc 7e c0 ba 0f 10 17 d6 74 e0 02 ae 59 00 22 41 a5 03 17 3c be 66 21 5f f7 e1 9a 05 20 Data Ascii: 7G tP)StP768@`a.C`L;W).~tY"A<f!_ T>+o]Zo@xhuvJ 5?kioo:yT:i=uB!`F9pk:]jZpL[\G5ZoZK,h\0,5Av@
Oct 1, 2024 00:40:44.030312061 CEST	224	IN	Data Raw: 9f a6 00 80 7b b4 ce e4 b9 de 1b e7 bb 52 b3 da 42 e7 09 c3 6a 28 11 e9 28 b3 68 77 ff ad f8 76 19 d3 7e 03 e0 b0 87 26 78 9e ad fb 2c bc c5 85 ce a8 88 43 88 f6 1b 00 47 3d d0 9f 3c 7a b6 ce c1 82 e5 85 ce 28 13 42 a2 92 6e 6c ed b8 bc fd a6 f4 Data Ascii: {RBj((hwv~&x,CG=<z(BnlwBIY*bL0t:Xr@$n8KfN)&tFDSQXz\oKK!j$w%<K`8JJE2?#CF@w'
Oct 1, 2024 00:40:44.030322075 CEST	1236	IN	Data Raw: ab 6a a2 2d b8 d0 19 91 b7 e1 1a 2a db 0c 71 1d a8 54 fd 9c 95 fd 23 2e 00 a0 72 26 23 5e 79 e7 f5 f3 57 a4 02 a1 87 4e 59 b0 01 54 ec fb 51 89 7c 4f 68 bd 01 a8 5e 65 13 6d 31 85 4e 59 b8 01 c4 a9 07 00 ea 51 c9 44 5b ac a1 53 16 64 00 0d 5b 6f Data Ascii: j-qT#.r&#^yWNYTQ\|Oh^em1NYQD[Sd[o&\|jhxv6BPU6Bh6vF(cZo1(536B3x`3R:S6jQjBgVW3tBY`SR:f)M<N RZo&4B.
Oct 1, 2024 00:40:44.030333042 CEST	1236	IN	Data Raw: 51 4d 08 9d a6 0a f2 5f dd 57 13 cc 8b d0 01 8e 17 45 f5 53 18 99 86 5b 13 86 11 bc b2 e8 73 d4 66 41 e8 00 13 8a a9 fa 29 e4 55 50 a2 4e 9b 5f 9f d7 69 c5 b9 cd 87 c0 b1 08 1d 60 7a 51 55 3f 65 fb 21 94 ad 89 4e ce 10 42 ce 58 da 39 6a b3 20 74 Data Ascii: QM_WES[sfA)UPN_i`zQU?e!NBX9j t9XTBv=vb={J_'yIW4dIK^c0vK?GmPO=V^^3568v4F6 2/M)x8,FkBk}0zsL>vgU
Oct 1, 2024 00:40:44.030344009 CEST	1236	IN	Data Raw: db f7 d7 82 b6 13 b9 f3 e1 df be 1c c4 86 2e aa 1f 00 8b 64 83 e7 bd 1f bd f0 ac 78 62 b9 a1 73 58 6a fe f8 ba a6 0d b7 19 42 1b 8e ea 07 c0 a2 98 e0 79 c5 04 cf 15 f1 80 4b a1 53 96 da 00 ca 94 da fa a7 9f be d4 11 cf 51 fd 00 a8 9b 2f c1 e3 6a Data Ascii: .dxbsXjByKSQ/j^@T?C:e:<NYW?zPW C,aSTDNn71NYjh!\|Onz0'')K{dkk<cdlQm_OBtr.0'
Oct 1, 2024 00:40:44.030397892 CEST	1236	IN	Data Raw: 10 40 28 b8 7e 4a f4 bc 08 1d 04 40 b7 77 1a 72 eb c3 bf 7d 39 88 be 77 31 05 a7 b4 9c 35 21 b4 26 4a ad 0a e2 10 c0 48 f4 49 08 1d 84 a4 67 aa 9f 0d df 07 0f 46 71 0e 5c 04 02 9b 50 3b 0e a1 83 10 a5 a1 0c 1e 8c b2 27 21 24 89 9c c9 44 af d3 86 Data Ascii: @(~J@wr}9w15!&JHIgFq\P;'!$DFpj!t6O/m5>X@ 'C iOBkAyB8pS$kTAq,)#j"tkX\|<6hwjt>E;f]+]B8~,42f?R-AU
Oct 1, 2024 00:40:44.030410051 CEST	1236	IN	Data Raw: 00 85 b6 16 44 f5 03 a0 26 04 8f cc 11 3a 23 52 ad b3 ad 90 da 70 54 3f 00 6a 10 7d f0 54 15 3a 65 a9 ad 82 b4 34 36 43 09 20 aa 1f 00 55 32 c1 f3 e6 27 d9 ce 95 18 8f f0 a9 23 74 0e d8 75 20 93 eb 1d 95 35 b6 7e fd 6e bb 23 9e b3 d5 cf 4a 92 5d Data Ascii: D&:#RpT?j}T:e46C U2'#tu 5~n#J]H`.Ztr.<NYhdOsnB,~!`6$bD36$p.NY@2hyHsdkS6N\|Z}9W?P\@0
Oct 1, 2024 00:40:44.030421019 CEST	203	IN	Data Raw: e2 29 f6 ff 60 52 66 fd 26 4d 74 76 39 c6 0d 9f d3 20 74 b0 08 5e 9e f5 36 ca 06 d0 8a 64 67 b5 92 4b 04 10 0e d1 d2 1b 68 f5 fc af 7a 3f 48 05 c7 22 74 b0 50 be 0f 1e 14 4a 01 b4 4e 0b 2e 76 ea d6 c7 d9 f6 8d 98 37 7c 4e 83 d0 c1 72 98 df 0c cd Data Ascii: )`Rf&Mtv9 t^6dgKhz?H"tPJN.v7\|Nr{~FLy?xPVJYA*]QZ?:p8;eofCEAU?{2:58-Q4iTAO
Oct 1, 2024 00:40:44.035433054 CEST	1236	IN	Data Raw: fe 0f ef bc dc 16 cc 85 d0 81 2f 82 ac 7e 0a 87 aa 20 51 2d d6 82 dc 61 d7 6f 32 ad be 4e 3b ad 1a 84 0e bc 13 6a f5 53 66 d7 82 b2 24 59 53 5a ce d0 8a 5b 22 2d 9b 1f eb 9d 6b 8c 43 57 87 d0 81 b7 4c 55 d0 b7 d7 6c cb a0 71 eb c3 f7 da c1 4e 11 Data Ascii: /~ Q-ao2N;jSf$YSZ["-kCWLUlqNVFK'+0]BIhUj8_gWP9BoiWA4q:Y)Zr"iIIOw^!86N9R_3(O>$8i-h1Oa[s
Oct 1, 2024 00:40:47.558809042 CEST	301	OUT	GET /templates/logos/sedo_logo.png HTTP/1.1 Host: img.sedoparking.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:47.660640955 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 22:40:47 GMT Content-Type: image/png Content-Length: 15086 Connection: keep-alive Access-Control-Allow-Origin: * Cache-Control: max-age=604800 Expires: Mon, 07 Oct 2024 22:40:47 GMT X-CFHash: "def00c11b1596db4efee6a9fbe64fc27" X-CFF: B Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT X-CF3: H CF4Age: 0 x-cf-tsc: 1722376094 CF4ttl: 31536000.000 X-CF2: H Server: CFS 1124 X-CF-ReqID: 3f0d7d3f76e97c29b92b1d0893ac26cc X-CF1: 11696:fR.iad2:cf:nom:cacheN.iad2-01:H Accept-Ranges: bytes Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8e 40 03 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 40 03 04 8b 41 07 11 8d 41 04 20 8d 41 04 20 8d 41 04 20 8e 41 03 2e 8d 41 04 20 8d 41 04 20 8b 41 07 11 8e 40 03 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8f 40 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 40 04 01 8e 40 03 04 8f 40 04 01 00 00 00 00 00 00 00 00 00 00 00 00 8e 40 03 04 8e 41 03 2e [TRUNCATED] Data Ascii: 00 %6 % h6(0` $@@@@AA A A A.A A A@@@@@@@@A.AU@@@@@@@@@@@@@@@@}AUA @@@@@A.@j@@@@@@@@@@@@@@@@@@@@@@@@}A.@@@A @

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:43.630175114 CEST	671	OUT	GET /search/tsc.php?ses=ogcVt54d5CL1QzrEa2Fnlup2YwhjFZWtx5ieJ-i5M1BAqpknHMrN-3ZcPQyhBkBhXvtw0sPQcrD3jocC371nD7s_gxJVCVbnDi15G1kxLffDCjC35IADRf6EiBwa1NMoNxPKUpiQM7BPe_s78qN4h25yQOVG_p59c5_09dlcDL7IJ5KN6iqBhGi5LxR1lW9aC8i8pirx54A39C3JeCyRGy6OHn_3BhwHNX8IkCHpzp7bAjWNoMEu4GyWwWwn0WdxBnuPdkE_SU7NbvaSWSDHGyDs9iVUWolf1nf3JqWcEH1EIbOZw5_3XW8PrzkTvc5CvkZVHnh8D05ZvQk33nE-BTgr46Mdvet9Qe_tXJHu4lVTrc-Vfw66UE8o1kC&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:44.280419111 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:40:44 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-fvx6t server: Parking/1.0

Source: chromecache_166.2.dr	String found in binary or memory: \************************************/function(e){"use strict";e.exports=JSON.parse('{"en-US":{"logolinkurl":"/us/","logolinktext":"Sedo.com","company":"Sedo.com, LLC","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/us/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/us/about-us/imprint/","dataSecurityPoliciesLink":"/us/about-us/policies/protecting-your-privacy/","policiesLink":"/us/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"en-GB":{"logolinkurl":"/uk/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/uk/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/uk/about-us/imprint/","dataSecurityPoliciesLink":"/uk/about-us/policies/protecting-your-privacy/","policiesLink":"/uk/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"de-DE":{"logolinkurl":"/de/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Newsletter abonnieren","newslettertermsUrl":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/",
Source: chromecache_166.2.dr	String found in binary or memory: \************************************/function(e){"use strict";e.exports=JSON.parse('{"en-US":{"logolinkurl":"/us/","logolinktext":"Sedo.com","company":"Sedo.com, LLC","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/us/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/us/about-us/imprint/","dataSecurityPoliciesLink":"/us/about-us/policies/protecting-your-privacy/","policiesLink":"/us/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"en-GB":{"logolinkurl":"/uk/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/uk/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/uk/about-us/imprint/","dataSecurityPoliciesLink":"/uk/about-us/policies/protecting-your-privacy/","policiesLink":"/uk/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"de-DE":{"logolinkurl":"/de/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Newsletter abonnieren","newslettertermsUrl":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/",
Source: chromecache_166.2.dr	String found in binary or memory: \************************************/function(e){"use strict";e.exports=JSON.parse('{"en-US":{"logolinkurl":"/us/","logolinktext":"Sedo.com","company":"Sedo.com, LLC","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/us/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/us/about-us/imprint/","dataSecurityPoliciesLink":"/us/about-us/policies/protecting-your-privacy/","policiesLink":"/us/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"en-GB":{"logolinkurl":"/uk/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Subscribe to newsletter","newslettertermsUrl":"/uk/about-us/policies/protecting-your-privacy/","newslettertermsLabel":"Privacy Policy","newsletterCheckboxLabel":"Yes, I would like to receive regular email updates on Sedo product news, discounts, promotions and domain news. I can unsubscribe at any time using the unsubscribe link in the respective newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Subscribe","newsletterRegisterPlaceholder":"Your email address","paypalUrl":"https://www.paypal.com/us/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Company Info","dataSecurityPoliciesLabel":"Protecting your Privacy","cookieSettingsLabel":"Cookie Settings","policiesLabel":"Policies","socialHeader":"Find us on","impressumLink":"/uk/about-us/imprint/","dataSecurityPoliciesLink":"/uk/about-us/policies/protecting-your-privacy/","policiesLink":"/uk/about-us/policies/","accessibilityLabel":"Accessibility Statement","accessibilityLink":"/us/about-us/policies/accessibility-statement/"},"de-DE":{"logolinkurl":"/de/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"Newsletter abonnieren","newslettertermsUrl":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/",
Source: chromecache_201.2.dr, chromecache_211.2.dr	String found in binary or memory: \****************************/function(e,t,n){n.r(t);var a=n(/! ./utils/CookieHandler /"./src/utils/CookieHandler.js"),i=n(/! ./utils/helpers /"./src/utils/helpers.js"),r=n(/! ./utils/Template */"./src/utils/Template.js");t.default=class{constructor(e,t){this.gtmId=e,this.lang=t,this.cookieHandler=new a.default(window.document),this.template=new r.default(this.lang),this.banner=this.template.createBanner(),this.template.addTemplateToBody(),this.externalScriptsHandler()}externalScriptsHandler(){const e=`window.dataLayer = window.dataLayer \|\| [];\n (function(w,d,s,l,i){w[l]=w[l]\|\|[];w[l].push({'gtm.start':\n new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],\n j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=\n 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);\n })(window,document,'script','dataLayer','${this.gtmId}');`;window.addEventListener("ucSettingChanged",(t=>{const n=[{detailsName:"Taboola",idName:"taboolaPixelSnippet",innerHtml:"window._tfa = window._tfa \|\| [];\n window._tfa.push({notify: 'event', name: 'page_view', id: 1313783});\n !function (t, f, a, x) {\n if (!document.getElementById(x)) {\n t.async = 1;t.src = a;t.id=x;f.parentNode.insertBefore(t, f);\n }\n }(document.createElement('script'),\n document.getElementsByTagName('script')[0],\n '//cdn.taboola.com/libtrc/unip/1313783/tfa.js',\n 'tb_tfa_script');"},{detailsName:"Google Tag Manager",idName:"gtm-layer",innerHtml:e},{detailsName:"LinkedIn Insight Tag",idName:"linkedinPixelSnippet",innerHtml:"_linkedin_partner_id = '1239514';\n window._linkedin_data_partner_ids = window._linkedin_data_partner_ids \|\| [];\n window._linkedin_data_partner_ids.push(_linkedin_partner_id);\n (function(){var s = document.getElementsByTagName('script')[0];\n var b = document.createElement('script');\n b.type = 'text/javascript';b.async = true;\n b.src = 'https://snap.licdn.com/li.lms-analytics/insight.min.js';\n s.parentNode.insertBefore(b, s);})();"},{detailsName:"Hotjar",idName:"hotjarSnippet",innerHtml:"(function (h, o, t, j, a, r) {\n h.hj = h.hj \|\| function () {\n (h.hj.q = h.hj.q \|\| []).push(arguments)\n };\n h._hjSettings = {\n hjid: 1601031,\n hjsv: 6\n };\n a = o.getElementsByTagName('head')[0];\n r = o.createElement('script');\n r.async = 1;\n r.src = t + h._hjSettings.hjid + j + h._hjSettings.hjsv;\n a.appendChild(r);\n })(window, document, 'https://static.hotjar.com/c/hotjar-', '.js?sv=');"},{detailsName:"Facebook Pixel",idName:"facebookSnippet",innerHtml:"!function(f,b,e,v,n,t,s)\n {if(f.fbq)return;n=f.fbq=function()\n\n {n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}\n ;\n if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n n.queue=[];t=b.createElement(e);t.async=!0;\n t.src=v;s=b
Source: chromecache_140.2.dr	String found in binary or memory: Visit Website</span></a></div></div></div></div><div id="e3" class="i_ div clicktrackedAd_js si101" style="-ms-flex-direction:column; -webkit-box-orient:vertical; -webkit-flex-direction:column; flex-direction:column;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:stretch; -webkit-box-align:stretch; -webkit-align-items:stretch; align-items:stretch;"><div class="i_ div si32" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;"><a class="p_ si27 a" href="https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwijoMfD3uuIAxW1nYMHHbVsBzsYABAAGgJlZg&co=1&ase=2&gclid=EAIaIQobChMIo6DHw97riAMVtZ2DBx21bAc7EAAYAiAAEgIGoPD_BwE&ohost&cid=CAASAuRo&sig=AOD64_1hDnc_i1zwCqRDs5rfRmm7L5Ub2A&q&nis=6&adurl=https://tinytrk.com/index.php?rgid%3D558636%26sub%3Dgclid%26zbulk%3DGet%2520New%2520Bank%2520Account" attributionsrc="" data-set-target="1" target="_top">Find Get New <span style='display:inline;text-transform:inherit;' class="si130 span">Bank</span> Account - Get New <span style='display:inline;text-transform:inherit;' class="si130 span">Bank</span> Account</a></div><div class="i_ div si34" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:center; -webkit-box-align:center; -webkit-align-items:center; align-items:center;"><div class="i_ div adbadgeContainer w_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><span class="p_ si25 span">Ad</span></div><a class="m_ n_ si28 a" data-lines="1" data-truncate="0" href="https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwijoMfD3uuIAxW1nYMHHbVsBzsYABAAGgJlZg&co=1&ase=2&gclid=EAIaIQobChMIo6DHw97riAMVtZ2DBx21bAc7EAAYAiAAEgIGoPD_BwE&ohost&cid=CAASAuRo&sig=AOD64_1hDnc_i1zwCqRDs5rfRmm7L5Ub2A&q&nis=6&adurl=https://tinytrk.com/index.php?rgid%3D558636%26sub%3Dgclid%26zbulk%3DGet%2520New%2520Bank%2520Account" attributionsrc="" data-set-target="1" target="_top">https://search.yahoo.com/search/results</a><div class="i_ div si67 w_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><div id="e6" class="i_ div y_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><a class="m_ o_ wtaBubbleText a" data-lines="1" data-truncate="0" data-pingback-type="wtac" href="https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqkJY-jySVFEzuVAbKhhopk
Source: chromecache_241.2.dr	String found in binary or memory: Visit Website</span></a></div></div></div></div><div id="e3" class="i_ div clicktrackedAd_js si101" style="-ms-flex-direction:column; -webkit-box-orient:vertical; -webkit-flex-direction:column; flex-direction:column;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:stretch; -webkit-box-align:stretch; -webkit-align-items:stretch; align-items:stretch;"><div class="i_ div si32" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;"><a class="p_ si27 a" href="https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjvhdy33uuIAxVrkYMHHd81IMkYABAAGgJlZg&co=1&ase=2&gclid=EAIaIQobChMI74Xct97riAMVa5GDBx3fNSDJEAAYAiAAEgKyV_D_BwE&ohost&cid=CAASAuRo&sig=AOD64_2huGA88D3NEdw2c3m4qWjmstbk6A&q&nis=6&adurl=https://tinytrk.com/index.php?rgid%3D684695%26sub%3Dgclid%26zbulk%3DGet%2520A%2520Bank%2520Account" attributionsrc="" data-set-target="1" target="_top">Find Get A <span style='display:inline;text-transform:inherit;' class="si130 span">Bank</span> Account - Get A <span style='display:inline;text-transform:inherit;' class="si130 span">Bank</span> Account</a></div><div class="i_ div si34" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-content:flex-start;-ms-flex-align:center; -webkit-box-align:center; -webkit-align-items:center; align-items:center;"><div class="i_ div adbadgeContainer w_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><span class="p_ si25 span">Ad</span></div><a class="m_ n_ si28 a" data-lines="1" data-truncate="0" href="https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjvhdy33uuIAxVrkYMHHd81IMkYABAAGgJlZg&co=1&ase=2&gclid=EAIaIQobChMI74Xct97riAMVa5GDBx3fNSDJEAAYAiAAEgKyV_D_BwE&ohost&cid=CAASAuRo&sig=AOD64_2huGA88D3NEdw2c3m4qWjmstbk6A&q&nis=6&adurl=https://tinytrk.com/index.php?rgid%3D684695%26sub%3Dgclid%26zbulk%3DGet%2520A%2520Bank%2520Account" attributionsrc="" data-set-target="1" target="_top">https://search.yahoo.com/search/results</a><div class="i_ div si67 w_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><div id="e6" class="i_ div y_" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;"><a class="m_ o_ wtaBubbleText a" data-lines="1" data-truncate="0" data-pingback-type="wtac" href="https://adssettings.google.com/whythisad?source=afs_3p&reasons=AXRXrqmjPLXAimMMOH1Tlz6VaWtBVKsqQwu
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ","paypalUrl":"https://www.paypal.com/cn/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":" equals www.facebook.com (Facebook)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ","paypalUrl":"https://www.paypal.com/cn/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":" equals www.twitter.com (Twitter)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ","paypalUrl":"https://www.paypal.com/cn/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":" equals www.youtube.com (Youtube)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ber den Abmeldelink im jeweiligen Newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Abonnieren","newsletterRegisterPlaceholder":"Ihre E-Mail Adresse","paypalUrl":"https://www.paypal.com/de/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":"Impressum","dataSecurityPoliciesLabel":"Datenschutzrichtlinien der Sedo GmbH","cookieSettingsLabel":"Cookie Einstellungen","policiesLabel":"AGB & Policies","socialHeader":"Finden Sie uns auf","impressumLink":"/de/ueber-uns/impressum/","dataSecurityPoliciesLink":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/","policiesLink":"/de/ueber-uns/policies-gmbh/"},"fr-FR":{"logolinkurl":"/fr/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"S\'abonner equals www.facebook.com (Facebook)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ber den Abmeldelink im jeweiligen Newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Abonnieren","newsletterRegisterPlaceholder":"Ihre E-Mail Adresse","paypalUrl":"https://www.paypal.com/de/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":"Impressum","dataSecurityPoliciesLabel":"Datenschutzrichtlinien der Sedo GmbH","cookieSettingsLabel":"Cookie Einstellungen","policiesLabel":"AGB & Policies","socialHeader":"Finden Sie uns auf","impressumLink":"/de/ueber-uns/impressum/","dataSecurityPoliciesLink":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/","policiesLink":"/de/ueber-uns/policies-gmbh/"},"fr-FR":{"logolinkurl":"/fr/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"S\'abonner equals www.twitter.com (Twitter)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: ber den Abmeldelink im jeweiligen Newsletter.","newsletterEmailLabel":"Email","newsletterRegisterButton":"Abonnieren","newsletterRegisterPlaceholder":"Ihre E-Mail Adresse","paypalUrl":"https://www.paypal.com/de/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/","twitterUrl":"https://twitter.com/sedoDE","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoGmbH","impressumLabel":"Impressum","dataSecurityPoliciesLabel":"Datenschutzrichtlinien der Sedo GmbH","cookieSettingsLabel":"Cookie Einstellungen","policiesLabel":"AGB & Policies","socialHeader":"Finden Sie uns auf","impressumLink":"/de/ueber-uns/impressum/","dataSecurityPoliciesLink":"/de/ueber-uns/policies-gmbh/datenschutzrichtlinien-der-sedo-gmbh/","policiesLink":"/de/ueber-uns/policies-gmbh/"},"fr-FR":{"logolinkurl":"/fr/","logolinktext":"Sedo.com","company":"Sedo GmbH","newsletterHeadline":"S\'abonner equals www.youtube.com (Youtube)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: nico","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Informaci equals www.facebook.com (Facebook)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: nico","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Informaci equals www.twitter.com (Twitter)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: nico","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Informaci equals www.youtube.com (Youtube)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: o de e-mail","paypalUrl":"https://www.paypal.com/pt/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Rela equals www.facebook.com (Facebook)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: o de e-mail","paypalUrl":"https://www.paypal.com/pt/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Rela equals www.twitter.com (Twitter)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: o de e-mail","paypalUrl":"https://www.paypal.com/pt/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Rela equals www.youtube.com (Youtube)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: sinscription dans la newsletter correspondante.","newsletterEmailLabel":"Email","newsletterRegisterButton":"S\'abonner","newsletterRegisterPlaceholder":"Votre adresse e-mail","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Mentions l equals www.facebook.com (Facebook)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: sinscription dans la newsletter correspondante.","newsletterEmailLabel":"Email","newsletterRegisterButton":"S\'abonner","newsletterRegisterPlaceholder":"Votre adresse e-mail","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Mentions l equals www.twitter.com (Twitter)
Source: chromecache_138.2.dr, chromecache_166.2.dr	String found in binary or memory: sinscription dans la newsletter correspondante.","newsletterEmailLabel":"Email","newsletterRegisterButton":"S\'abonner","newsletterRegisterPlaceholder":"Votre adresse e-mail","paypalUrl":"https://www.paypal.com/es/selfhelp/home","unitedinternetUrl":"https://www.united-internet.de/en.html","twitterUrl":"https://twitter.com/sedo","facebookUrl":"https://www.facebook.com/sedo","instagramUrl":"https://www.instagram.com/sedodomains/","youtubeUrl":"https://www.youtube.com/user/SedoLLC","impressumLabel":"Mentions l equals www.youtube.com (Youtube)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	610
Entropy (8bit):	5.4559097885945365
Encrypted:	false
SSDEEP:	12:TMHdPhRi/nzVV/KYf3nS31PHEX7aPjW2e/bKI0C2UbKt9:2dzAjLf3S5kX72ObKbhU2
MD5:	950A5568A5DC7D9B5C1C8E33C9686077
SHA1:	4AC8BE7FA70589332CA25BC6CEA1263CA54306E0
SHA-256:	0D8EEC0DF98211FA752EBE83512BFD9027B3423FEFB1F116D062B58233B88C50
SHA-512:	380236D6F03ACFF1215F6159479F428BEB1F8904A6CD5F5FB6D19098A2BFC08EA0E9770B158B732A7BF669CA592DC56A2F35F681FCE173386A40F1A98C9CDD8C
Malicious:	false
Reputation:	low
URL:	https://cdn.sedo.com/fileadmin/images/legacy/images/icons/icn-check-beige.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 79.5 79.5" style="enable-background:new 0 0 79.5 79.5;" xml:space="preserve">.<style type="text/css">...st0{fill:#C7AC9A;}.</style>.<g>..<path class="st0" d="M39.8,0C17.8,0,0,17.8,0,39.8s17.8,39.8,39.8,39.8s39.8-17.8,39.8-39.8C79.5,17.8,61.7,0,39.8,0z M34.1,58.5...L15.4,39.8l7.5-7.5l11.2,11.2L56.6,21l7.5,7.5L34.1,58.5z"/>.</g>.</svg>.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	48097
Entropy (8bit):	4.541259077514592
Encrypted:	false
SSDEEP:	768:cfppX5/9YbZIqEGYbGqnq77SdMOsZff7pUbGA+dHeSZKFwj:CKYw3A9+
MD5:	5A2C392E7ACDF6E9DE6E00129500503C
SHA1:	C8D0F80381E4CE180B5EB3C4C98539907292A7BB
SHA-256:	878DA09A057EC8F1775CDC522E5F7EC44966DF547A87A9C29826BA114833C24B
SHA-512:	52223B04EB9121F05442DBC48519A95FDABB81C414772EE43DC837B58F797B97314796EF6D77EA6B7A1F3FEE5937EC039E617FCDF8B146822792ACCD2534E141
Malicious:	false
Reputation:	low
URL:	https://img.sedoparking.com/templates/images/hero_nc.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">. Creator: CorelDRAW 2018 (64-Bit) -->.<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="1440px" height="140px" version="1.1" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd".viewBox="0 0 1451.085 141.382". xmlns:xlink="http://www.w3.org/1999/xlink">. <defs>. <font id="FontID0" horiz-adv-x="666" font-variant="normal" style="fill-rule:nonzero" font-weight="400">..<font-face ...font-family="Arial">...<font-face-src>....<font-face-name name="Arial"/>...</font-face-src>..</font-face>. <missing-glyph><path d="M0 0z"/></missing-glyph>. <glyph unicode=" " horiz-adv-x="277" d=""/>. <glyph unicode="." horiz-adv-x="277" d="M90.9909 0l0 99.9962 99.9962 0 0 -99.9962 -99.9962 0z"/>. <glyph unicode="?" horiz-adv-x="556" d="M231.002 175.

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:40:54.381336927 CEST	441	OUT	GET /redirect.php?id=22 HTTP/1.1 Host: sedo.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 00:40:55.902901888 CEST	741	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 30 Sep 2024 22:40:54 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 30 Sep 2024 23:40:54 GMT Location: https://sedo.com/redirect.php?id=22 Set-Cookie: __cf_bm=cKLvouZcSXRgEFOt9Ufe.gn03_.2VFTlP8MPncLj5RA-1727736054-1.0.1.1-04rrENnIm8fj4p5Jsg.eTzRqfX_mV0uDW98Ru8Im43f48CJ_x9Uw_fSvoD4zNyyTMGxHXJ.EzPJzqvlJqxoE0g; path=/; expires=Mon, 30-Sep-24 23:10:54 GMT; domain=.sedo.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 8cb7b7a67f45421d-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 1, 2024 00:40:55.920572042 CEST	741	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 30 Sep 2024 22:40:54 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 30 Sep 2024 23:40:54 GMT Location: https://sedo.com/redirect.php?id=22 Set-Cookie: __cf_bm=cKLvouZcSXRgEFOt9Ufe.gn03_.2VFTlP8MPncLj5RA-1727736054-1.0.1.1-04rrENnIm8fj4p5Jsg.eTzRqfX_mV0uDW98Ru8Im43f48CJ_x9Uw_fSvoD4zNyyTMGxHXJ.EzPJzqvlJqxoE0g; path=/; expires=Mon, 30-Sep-24 23:10:54 GMT; domain=.sedo.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 8cb7b7a67f45421d-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 1, 2024 00:40:55.920726061 CEST	741	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 30 Sep 2024 22:40:54 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 30 Sep 2024 23:40:54 GMT Location: https://sedo.com/redirect.php?id=22 Set-Cookie: __cf_bm=cKLvouZcSXRgEFOt9Ufe.gn03_.2VFTlP8MPncLj5RA-1727736054-1.0.1.1-04rrENnIm8fj4p5Jsg.eTzRqfX_mV0uDW98Ru8Im43f48CJ_x9Uw_fSvoD4zNyyTMGxHXJ.EzPJzqvlJqxoE0g; path=/; expires=Mon, 30-Sep-24 23:10:54 GMT; domain=.sedo.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 8cb7b7a67f45421d-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 1, 2024 00:40:55.921441078 CEST	741	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 30 Sep 2024 22:40:54 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 30 Sep 2024 23:40:54 GMT Location: https://sedo.com/redirect.php?id=22 Set-Cookie: __cf_bm=cKLvouZcSXRgEFOt9Ufe.gn03_.2VFTlP8MPncLj5RA-1727736054-1.0.1.1-04rrENnIm8fj4p5Jsg.eTzRqfX_mV0uDW98Ru8Im43f48CJ_x9Uw_fSvoD4zNyyTMGxHXJ.EzPJzqvlJqxoE0g; path=/; expires=Mon, 30-Sep-24 23:10:54 GMT; domain=.sedo.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 8cb7b7a67f45421d-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Oct 1, 2024 00:41:41.003974915 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:12.350907087 CEST	940	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:13.028873920 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:12 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_Z8F7ljnWGH2UNZ1cxXNceSYcWpNPtg1rNrS77vElnbTBgRFlHPE6u9DHbplxx3JlqFuM5xEPvNp2FcdLTqe9cw== last-modified: Mon, 30 Sep 2024 22:41:12 GMT x-cache-miss-from: parking-75d9cf65f9-fvx6t server: Parking/1.0 content-encoding: gzip Data Raw: 32 43 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 59 fb 73 d3 b8 16 fe fd fe 15 26 3b bd 03 bb 71 e2 a4 4d 9a 3a 0d 33 2d b4 14 28 a5 85 72 79 0d c3 c8 b6 9c 88 da 92 b1 e4 3c c8 e6 7f bf 47 92 ed d8 8e 13 da 9d 25 43 63 eb f1 e9 3c be 73 8e a4 1c 3f 7a fe f6 d9 ed e7 eb 33 63 22 c2 e0 e9 b1 fc 6b 04 88 8e 47 0d 4c 1b 86 e1 21 81 4c e4 39 01 73 ef ee f0 62 f4 e6 7c 36 7b 7e f3 f9 d5 6b f6 e5 e5 64 ea 5e 9d dc 9c 9d 9e de 9c 3c 7f 3f 3b 99 bd 3f 79 75 7a 72 45 17 c1 c7 59 77 7a f9 f9 60 f2 81 1e cd ac fe af 9b d7 ce e4 f5 a9 3f fd 71 fe e1 19 f7 ce 03 a7 7f eb dd 4c e6 ce d1 bb 4f 1f 3f 25 2f 0f c4 7e c7 fd 8b 0d fc cf 6f a7 6d 3e f8 d9 b9 7c 71 3d 46 fb cf cf 3a 97 6d 71 f1 e1 e0 f2 ec ea cd b3 93 d9 d9 c9 c9 cd 68 f4 fd cb e0 fc 30 f8 41 3f be b8 e8 7e b8 fa d2 71 e7 9f ae 5c fc fe b3 fb 31 ba ba 16 e3 4e 7c 15 bf 3f 3c 9c 9e 05 d4 b9 3d 1d bf 3b 0f 2e ae cf fa c9 d1 f3 0b 27 0a e6 f3 fd 57 c1 cf f3 e4 4d 6f 7e 76 3d bd 8a ba e7 ae 77 79 fb 13 1f b9 b3 d1 08 54 c7 c8 7b 7a 1c 62 81 0c 77 82 62 8e c5 [TRUNCATED] Data Ascii: 2CBYs&;qM:3-(ry<G%Cc<s?z3c"kGL!L9sb\|6{~kd^<?;?yuzrEYwz`?qLO?%/~om>\|q=F:mqh0A?~q\1N\|?<=;.'WMo~v=wyT{zbwb4"AnFRGCS1g)#tl%g>C$FQQcJ,bh.SX~F<1yxJ\l&DEuZV3Ds&a%8VQZI$(TP XOb.JdcZ3f$p)XD\n8`.OV7PH-#6&,HjlzC0R=mA
Oct 1, 2024 00:41:13.028889894 CEST	224	IN	Data Raw: 18 e9 3f 58 61 d4 20 a0 68 23 6f 12 8b 08 0c 41 42 34 c6 ed 88 8e d7 1d 93 18 fb a3 46 bb 4d c2 71 8b 63 8f 45 28 56 5a 80 55 da 02 87 11 c8 8a 79 3b 60 63 c6 db b2 ff bb 7c 6c 29 88 f6 d3 63 2e 16 e0 d2 1c ac fd e7 23 83 4a 33 05 e4 17 6e b9 9c Data Ascii: ?Xa h#oAB4FMqcE(VZUy;`c\|l)c.#J3n7/oK)DLG-ByeX.&;Nohx.795L#!J$z,kohsGD}abxLmP,&M1yS\|Q4mrJG/=[<p
Oct 1, 2024 00:41:13.028901100 CEST	1236	IN	Data Raw: fa 87 38 34 ac 95 4f c6 2e 52 2c 6b c2 63 12 63 e0 29 a9 82 e8 9e 4c 94 0e 4c 3c b0 a2 f9 6a 12 2f 1d 36 97 d0 60 7c 3b e5 a8 09 4d c3 54 7b 6b c8 a6 38 f6 03 36 b3 a7 84 13 60 f9 2a 02 1c 25 90 8f 42 12 2c ec 90 51 c6 23 e4 c2 ba d9 d3 70 2d 30 Data Ascii: 84O.R,kcc)LL<j/6`\|;MT{k86`*%B,Q#p-0,BKw%3,E(a=Kn;V+8W@LbB26c=r\R37Q0V./9^0zI<^T+p}k>Z@' iZ{{"a8
Oct 1, 2024 00:41:13.028914928 CEST	224	IN	Data Raw: 8f 1d f4 b8 6b 59 cd ec 3f 1c 4b 9e 0c a5 f8 d6 30 15 7a cd 7a 2d e2 fa 66 44 1e 2a 35 3a 98 cb 68 ed f3 a1 3a 18 d5 b4 d7 35 d5 65 80 0d 05 ca 7b a0 92 93 3a 3d 6b 6f cd 3d cd be dd 18 45 e6 a6 f7 a8 19 40 c7 da d3 7b c5 ac 88 ca 8b a8 52 6c 83 Data Ascii: kY?K0zz-fD*5:h:5e{:=ko=E@{Rl~'fId/[&e!7\|: 'G1p\|"`Cz".7cmqZ`bWmZ[:eM`p}FWSBT6g/
Oct 1, 2024 00:41:13.029253006 CEST	1236	IN	Data Raw: c0 9a de 40 6d 25 a0 69 f2 c4 95 aa d7 e8 da ed 0c 06 fb 83 82 3f 0a 8d eb 80 2e 24 82 b9 a9 52 41 19 d8 9e c8 13 79 0d 7c 07 f5 9d ae 5b 81 4f 1b ef 0f 6f f2 f0 df 10 3d 8d b3 0d ec 7f 4f fa ca 0a e0 34 ea c9 33 ef 26 f4 c0 3d ea 1d 55 a1 d3 c6 Data Ascii: @m%i?.$RAy\|[Oo=O43&=UZkV`6>~]vkHo$#IR5h=/sq SF8h!>ZZ6!z]T*`N(F#QIxNvJR2>GYb
Oct 1, 2024 00:41:13.029323101 CEST	1236	IN	Data Raw: 5e 72 6f 58 64 74 bd d0 b0 21 72 ec 59 93 ad 00 3c 60 01 bc b5 16 a8 c4 27 22 c8 36 7c 91 2d 05 c6 1e 30 f5 b3 57 3d df 50 e0 3b 22 6d 97 23 df 07 8e b2 87 e0 10 46 56 23 2b ac 59 f2 f2 34 a3 17 c1 37 4f 4f db ed f6 f1 0a 9d 13 e8 18 74 bc 23 08 Data Ascii: ^roXdt!rY<`'"6\|-0W=P;"m#FV#+Y47OOt#z8"tNMEu^ Xn(xZ=$?`IijO[\|=7S\39'[Vr#J"i}'-xJO\|Oe;`pszbsnCV7J+E2z
Oct 1, 2024 00:41:13.029335022 CEST	448	IN	Data Raw: d4 ce c3 09 22 4f 3e c8 d1 4e 8e ed 3b df b5 70 f2 81 61 58 ae 40 e5 a9 58 ba c8 08 c7 bf fe 8d 1e 36 b1 b4 86 ff c3 f8 c1 b7 8e 6f 92 ca e6 41 12 52 6e a3 90 32 54 e0 0f d8 56 4e 74 65 2a fa e2 20 b9 15 8b 3f eb e5 2f f1 f4 97 78 fa f3 88 a7 30 Data Ascii: "O>N;paX@X6oARn2TVNte* ?/x08YZ I$SAvGT$sUZ,^s4@P+gFg!bwWcU[i?euIhcuuxVt'{q#*k]Pu)\|;-
Oct 1, 2024 00:41:13.029778004 CEST	1236	IN	Data Raw: 2e 96 19 d7 71 e9 24 42 0b 49 55 ec 4a 33 c1 be 0d ec f3 8f 52 db 9f 7b 47 73 1d 89 3d c5 32 14 53 f4 63 fb 2e 6e c7 a9 cf 4e 92 f9 cc 18 bb 99 de c6 b9 d2 ee 04 00 76 40 89 42 10 23 82 44 f6 8c 1d 40 82 35 1d 6e 7b 49 fc e0 7d 8f a8 83 d8 9f 2d Data Ascii: .q$BIUJ3R{Gs=2Sc.nNv@B#D@5n{I}-hU#5HH(_R/=v}}J>+}UMP_4}\+/+4;pAC.'rXwt,)4PAWy,:zYpR19FE
Oct 1, 2024 00:41:13.029870987 CEST	224	IN	Data Raw: d9 44 51 5d df 80 46 da 4d 59 5d 47 bc f2 f9 db 4e e1 64 44 c9 42 92 43 4c 4c 33 6a a9 73 41 4f 80 64 12 46 f0 9c c3 86 06 db da 71 87 9c 2c 58 53 da 2b 66 43 17 5b 49 9d 07 a5 3c 29 df d0 33 b5 2f ba 80 42 15 fc 6a 35 48 60 2b 4e bb 51 90 1b 5f Data Ascii: DQ]FMY]GNdDBCLL3jsAOdFq,XS+fC[I<)3/Bj5H`+NQ_H&]YVQp bNZ+2H_X4.4j8\]'~Nr~1m#bYl99^!H(;%O#~OJIaP`
Oct 1, 2024 00:41:13.114976883 CEST	1125	IN	Data Raw: 60 9d 08 ea 9a da 23 17 bd 9d ab 39 3b 97 fa 3f 8a d5 d4 b4 c4 7a c5 d8 6e bf d3 a9 4c 46 11 92 cb 60 ac 16 80 24 2d 3a a0 88 3f b4 bc cd e2 2c e7 16 57 5c f9 d3 e9 50 d5 31 60 05 90 e2 8f f4 5d a0 62 cd 49 e0 a2 cb 05 bd c8 ba 4d 29 5a ee bd 9f Data Ascii: `#9;?znLF`$-:?,W\P1`]bIM)Z2(k%i0O9pHLeeP-n_p5;I0+i$_Qq=PTPTr(wG=kUbZ<%gKg#hxju+JkO&AJp
Oct 1, 2024 00:41:13.262020111 CEST	1215	OUT	GET /search/tsc.php?ses=ogcV14EreA4EoIZw_-LU2Q3lXkYfE3OnozKITGjNkP94gIIEhFnsW-etuHLK2aqXRE9BVN0UEIe6ycipmPUznSrFgIWiv0JTOxF7CZWlA3KyYQtP-X7oQadg0fHVdSLPOQ-L6b-5J5fASepmmXUHYW-VWf247ymnouT7pDq17b27lz92olfr-O_xbsN-QbuCTyk5jB5E4mDGn_aQpGtR9TofLtNfafVe60H-ztO89PoEV6V-sm8zifpBmp9arqfQGQLcjNjfZtsLt-8lACY-nt2WnoYdtwbIPGhVoClzq3Qm5GHKyKQe0d3NKpOkX3WXJ00KMNhX8UuvlGfZKXkRwh8SbowBPW4IEXz4EnJMGRhIohsEeXyZcfpRqIv&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:13.455200911 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:13 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-lw9z8 server: Parking/1.0
Oct 1, 2024 00:41:16.524044037 CEST	949	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:17.190061092 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:17 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_0ws7GhCHMRoeLyN3G9CH4/P8QtoCzEV2njHNq1jRyJohY+0osBj0Gx1OM3AMmFhMm1vcm5+VifMwcjTW3IwXkA== last-modified: Mon, 30 Sep 2024 22:41:17 GMT x-cache-miss-from: parking-75d9cf65f9-nz24j server: Parking/1.0 content-encoding: gzip Data Raw: 32 32 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 84 50 4b 73 da 30 10 be f7 57 6c 7c e8 25 e5 e1 40 53 32 c5 cc 18 f3 4c 30 c4 e4 41 e8 a5 23 cb 6b 2c 90 25 62 c9 56 c8 af af 80 4e 9b 9e aa c3 6a bf 9d d9 ef b1 dd 8b c1 22 78 5c df 0f 21 d3 39 ef 75 8f 15 38 11 1b cf 41 e1 00 24 44 93 1a 49 62 2e e9 6e 87 07 2f 1c 19 33 88 d6 b7 77 f2 c7 34 ab e8 dc 8f 86 fd 7e e4 0f 1e 8c 6f 1e fc db be 3f 17 07 be 32 57 d5 6c dd ce 9e c4 8d 69 5e bf 47 77 71 76 d7 4f ab ed e8 29 50 c9 88 c7 d7 8f 49 94 bd c5 37 cb 97 d5 4b 39 6d eb 96 4b 2f 65 27 5d 2f aa 86 ea bc ba b3 f1 fd 86 b4 06 43 77 d6 d0 93 a7 f6 6c 38 0f 03 df 0c 7d 3f f2 bc 9f 4d a3 be 8d b3 60 12 2e 25 ce 0e f3 d6 f8 26 98 b4 1b f7 9d 48 cb e0 7d f8 7c 25 b6 93 f9 ab bb 5d 1e 6e 65 b6 be 6c 4a d5 df 36 c7 6f ee 22 6c f9 61 3e ca c2 dc ad 68 fe f5 f2 99 a5 a1 a1 db c7 55 6b 6a 5e 76 be e7 d9 e8 48 92 5e 37 47 4d 80 66 a4 50 a8 3d a7 d4 69 ad e3 f4 ba 9a 69 8e bd 98 88 9d 61 45 9d ca fc b3 88 d5 fe 7b ed fc 05 4c c3 42 70 26 10 1e 48 c5 c4 46 81 4f a9 2c 85 [TRUNCATED] Data Ascii: 222PKs0Wl\|%@S2L0A#k,%bVNj"x\!9u8A$DIb.n/3w4~o?2Wli^GwqvO)PI7K9mK/e']/Cwl8}?M`.%&H}\|%]nelJ6o"la>hUkj^vH^7GMfP=iiaE{LBp&HFO,%`JLEh&E8Susf/B>Kt%X1_r20)'Hb;i:$hG>d`}COc9FRnQx8[=Ol,Ti&Sp+uX!drf:"K;X{6Uf;F837Y[o+jf-;Hm
Oct 1, 2024 00:41:17.190113068 CEST	224	IN	Data Raw: 2d b0 0b ec c3 a2 28 30 08 06 94 44 d9 dc 48 a2 20 4a 8e 3d aa fe 7b 0f 2f 92 28 89 f2 24 8b 45 30 13 9b e4 39 3c 97 ef dc 98 6b 01 16 a1 19 3e 92 75 91 1f 87 8d 53 49 92 bf de ad d7 34 3b ae 38 89 59 81 4b c1 57 98 67 5d 91 ac 48 85 4e eb 94 1d Data Ascii: -(0DH J={/($E09<k>uSI4;8YKWg]HN_JX/o{f^)FVi<s:$'K1_~\@m7.@GTIj;w7,6.4RbNc&]+g
Oct 1, 2024 00:41:17.538786888 CEST	1224	OUT	GET /search/tsc.php?ses=ogc_6KaAP3qvZpm3n9bvdQ8nyOhbuX_2yo7FoIIXRa7JpqLjwWHLQZggjpOY7-ZV4LHVnH6RYuCSEsjYSY1V3OMvx4_tEeHVaQPg2iz3GYXOMI3rMkGzYncYnqC4Gctvus_-6Fo48nzl_m_4CBNeROlXFzQdDIP2d5Ch7oMEYWxfPFogzfV6Fm5L3zkEZUk06dJ0OloHtf92IuWxl_MmLZ0MucVwzhYEWh2Oaeegd_JAdutx7xq6XiU3aWP3VUTd65P2fsUWaFDWsB1VlXm_e8nmnaqx8v3o0UiDiGXM1PMBudspugRhfDImPUkQuj8qhZY7oFrUoLA6mcp5TrBv54G_hkuhwrM8MXNukMmKJmWCPxBNDexAXtQlOLx&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:17.732681990 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:17 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-n7q88 server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:13.465013981 CEST	771	OUT	GET /search/tsc.php?ses=ogcV14EreA4EoIZw_-LU2Q3lXkYfE3OnozKITGjNkP94gIIEhFnsW-etuHLK2aqXRE9BVN0UEIe6ycipmPUznSrFgIWiv0JTOxF7CZWlA3KyYQtP-X7oQadg0fHVdSLPOQ-L6b-5J5fASepmmXUHYW-VWf247ymnouT7pDq17b27lz92olfr-O_xbsN-QbuCTyk5jB5E4mDGn_aQpGtR9TofLtNfafVe60H-ztO89PoEV6V-sm8zifpBmp9arqfQGQLcjNjfZtsLt-8lACY-nt2WnoYdtwbIPGhVoClzq3Qm5GHKyKQe0d3NKpOkX3WXJ00KMNhX8UuvlGfZKXkRwh8SbowBPW4IEXz4EnJMGRhIohsEeXyZcfpRqIv&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:14.105438948 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:14 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-lw9z8 server: Parking/1.0
Oct 1, 2024 00:41:17.750510931 CEST	771	OUT	GET /search/tsc.php?ses=ogc_6KaAP3qvZpm3n9bvdQ8nyOhbuX_2yo7FoIIXRa7JpqLjwWHLQZggjpOY7-ZV4LHVnH6RYuCSEsjYSY1V3OMvx4_tEeHVaQPg2iz3GYXOMI3rMkGzYncYnqC4Gctvus_-6Fo48nzl_m_4CBNeROlXFzQdDIP2d5Ch7oMEYWxfPFogzfV6Fm5L3zkEZUk06dJ0OloHtf92IuWxl_MmLZ0MucVwzhYEWh2Oaeegd_JAdutx7xq6XiU3aWP3VUTd65P2fsUWaFDWsB1VlXm_e8nmnaqx8v3o0UiDiGXM1PMBudspugRhfDImPUkQuj8qhZY7oFrUoLA6mcp5TrBv54G_hkuhwrM8MXNukMmKJmWCPxBNDexAXtQlOLx&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:17.946449041 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:17 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-lw9z8 server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:17.911036968 CEST	233	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
Oct 1, 2024 00:41:22.940248966 CEST	934	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:22.940669060 CEST	934	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:23.631359100 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:23 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_juqD9Rau98mFcol04vZFoRh4RxZzYGyhgQKc7Cr3oYpY4hMbJQn9bq5w8hBN1Amy1jgOwx2lCHvXpbx6RjMVHQ== last-modified: Mon, 30 Sep 2024 22:41:23 GMT x-cache-miss-from: parking-75d9cf65f9-n7q88 server: Parking/1.0 content-encoding: gzip Data Raw: 32 43 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 57 79 73 9b 38 14 ff 7f 3f 85 ea 9d dd d9 c3 d8 38 a7 03 71 66 9c 6b 7b 24 6d 93 6d b7 4d 3b 99 8e 00 01 8a 41 a2 48 18 bb 5e be fb 3e 09 8c f1 b9 ad 3d 63 23 e9 dd ef f7 de 13 a7 cf 2e df 5c bc 7b 78 7b 85 42 19 47 67 a7 ea 17 45 98 05 83 16 61 2d 84 3c 2c b1 81 3d 27 e2 ee 68 44 a6 83 db eb 3c bf bc 7b 78 f9 8a 7f 7a 11 8e dd d7 c3 bb ab f3 f3 bb e1 e5 df f9 30 ff 7b f8 f2 7c f8 9a 4d a3 0f f9 de f8 e6 e1 20 7c cf 4e 72 f3 e8 db dd 2b 27 7c 75 ee 8f 9f ae df 5f 08 ef 3a 72 8e de 79 77 e1 c4 39 b9 ff f8 e1 63 f6 e2 40 ee f7 dc 3f 79 df 7f 78 33 ee 8a fe d7 de cd 5f 6f 03 bc 7f 79 d5 bb e9 ca e7 ef 0f 6e ae 5e df 5e 0c f3 ab e1 f0 6e 30 f8 f2 94 7d bd 3c b9 c7 d9 49 3f be 76 79 64 1e 8c 3f 5d f3 fb f0 e0 7e f2 e9 db c3 5f d3 30 b8 7b e5 1e 5f a4 fb fc 21 01 0b 6e 9d 97 77 ec c4 f9 7a 98 f7 c3 f3 d7 bd 61 3c ed 3d 05 6f f2 c9 5e 74 f1 7c fc 31 71 26 47 f7 4f b7 ff 3c 07 c1 e0 3a c1 de d9 69 4c 24 46 6e 88 53 41 e4 a0 95 49 df e8 b7 ce 4e 25 95 11 39 73 [TRUNCATED] Data Ascii: 2CBWys8?8qfk{$mmM;AH^>=c#.\{x{BGgEa-<,='hD<{xz0{\|M \|Nr+'\|u_:ryw9c@?yx3_oyn^^n0}<I?vyd?]~_0{_!nwza<=o^t\|1q&GO<:iL$FnSAIN%9s04<9")HG%z"'gKC/KY[+51AkLIT$4#cC/QIqdGdOhLT/;fkIGDQ`7i*6!PD Lu;9IrEGH&yB]RT}FRBvB4bWG08G?->-9M 4&
Oct 1, 2024 00:41:23.631395102 CEST	1236	IN	Data Raw: 2c 58 1c 84 29 f1 07 ad 6e 97 c6 41 47 10 8f 27 38 55 72 55 40 ba 92 c4 09 d8 4a 44 37 e2 01 17 5d 75 fe 45 3d 76 b4 88 ee d9 a9 90 53 c8 66 2d ac fb c7 33 c4 54 84 22 fa 8d 74 5c 21 d0 f8 b8 63 76 4c f4 2f ba 7d f1 0e dd 40 3a 99 20 b0 0a a8 0c Data Ascii: ,X)nAG'8UrU@JD7]uE=vSf-3T"t\!cvL/}@: 3G+aEw*uzC4PBm>eNL3ripo7A1:qPfN%u#zs1o?mA\G`jP=1Y4pXDdnJdR%oU4
Oct 1, 2024 00:41:23.631407976 CEST	1236	IN	Data Raw: dd b2 fb f6 56 a3 f5 93 2b 8d 4c ec b6 7b 41 f7 fd a6 6f e0 59 b3 7e 13 cd 0f 39 00 ce 8f b1 3b 7d cb e1 95 62 ba db 87 25 d2 ef 77 63 33 db 8f 86 99 8f 28 31 62 b8 26 e1 80 cc ea 97 13 9f 4e 88 67 57 3d 0b 6e 57 8b 2b 57 73 e4 1d fa ea bb 5a b6 Data Ascii: V+L{AoY~9;}b%wc3(1b&NgW=nW+WsZU]EEYKo0+R%$$pa&)Hv}c;+yf<N \nz}3mUi`\|\XqlY'gMYQxO@U?+;xcn]>
Oct 1, 2024 00:41:23.631418943 CEST	1236	IN	Data Raw: 5b bf 0f d7 25 7b dd 83 2c 96 ff 28 b2 3e c0 f4 29 51 60 39 68 68 1d 34 12 4c 2f bd 9f d2 3b e0 0e 7f 2c 27 d5 20 d7 60 80 48 98 8b d2 ec 34 71 94 34 6e 24 72 e1 ad 54 48 12 45 05 ec 03 6d fd 09 6a 34 a9 f3 79 cf 6c af bb 64 36 19 02 44 37 b2 6d Data Ascii: [%{,(>)Q`9hh4L/;,' `H4q4n$rTHEmj4yld6D7m-`hX:+@WW%g8T_4A~Pz>uO, ('av^K?$&j?n3yQu$)'9AtLu+~Ydws}GGA
Oct 1, 2024 00:41:23.631431103 CEST	1236	IN	Data Raw: 94 9e cd be 0d 58 53 e8 90 41 60 b7 37 9a 88 c7 1b 75 27 63 9b 5e bc ed 75 de 84 e2 d4 89 b9 37 57 08 08 be a4 b4 27 74 5b ee ca 83 e9 80 13 1b e5 7e 5d c0 e6 45 a7 cf 4f df f8 5e d9 f4 88 96 d7 62 25 22 52 d7 51 a9 a7 6c 8d e5 ba dd ec d3 78 5b Data Ascii: XSA`7u'c^u7W't[~]EO^b%"RQlx[k:afmh]Y$VqFNHpDi+[,3jl_5H6#4*7n(Ui5$I>ZzI:fl^esK_"\|u)^[n#xT
Oct 1, 2024 00:41:23.631443024 CEST	1236	IN	Data Raw: e7 fe e9 00 4e 11 a8 34 de 89 dc 7a 95 12 70 4e fa a1 2f 81 54 1d 34 f3 14 be 7d 35 8b f9 2f c1 c1 b9 17 cf 67 4f 7f af 27 39 b8 71 c7 e3 ba 7a 53 b8 99 cf 3a a7 ea 83 bc 0f 92 9f f6 63 d0 b3 54 32 5c da 7f 00 00 00 ff ff 0d 0a 35 37 31 0d 0a ac Data Ascii: N4zpN/T4}5/gO'9qzS:cT2\571kO8dsRip`OSU4M!&)+73v-Pm'3yyGno\glheFF9qx>YU?P8WVtHbGzqNF~?bp:7_
Oct 1, 2024 00:41:23.631455898 CEST	1021	IN	Data Raw: 5d 5d 0c e3 fb 24 9e 03 87 34 dc 33 99 d9 6b 19 6b 59 21 d4 45 8b 5b ce d7 38 9c 77 cd 8e 69 b9 92 2e cc c1 4a da 31 a1 30 c9 57 d4 6b 1c 3d 55 7b f6 7d aa 3b 83 6a 11 ea c2 90 ca 42 8e 13 05 f3 db fc ee b8 6f ad 6a 03 1b 17 1a 36 10 99 14 3f 53 Data Ascii: ]]$43kkY!E[8wi.J10Wk=U{};jBoj6?SLu^U\|,zs)6jp6FFHV4p^TX^/2>Aed}=5HU.Yx}!T)%W$V#^j6<6_yFYn-Bn)t301
Oct 1, 2024 00:41:24.506961107 CEST	1209	OUT	GET /search/tsc.php?ses=ogcCEgzSeontOgAbrSzHQVODwWyiFd4Smw4NzjHCVuKwwf_Zh7smDYw8XcvF9mEwvIWDdMpWAhDhSCRGbwXXCwb7M94EIr_Y6XNgLEPfbup_J4Ss8zT-lIgI2E1lTQvRqm4D_wHpAD6GCKXnzRLM6h-4XAF_YoB7VMC7Qom8P5eH2cRNIWJys3VzkYjG_PkO-YTn-zuMeAJzDzmh8Vaj_oduMSL0HNXnpScEHSqfUof9WL9FX52GfWZ8EyYqGYtNCgOAY2PVNL6BWyP9SwiMmIxd6bpOZHKALHYm_rGRZTdJzo75bx6Mqs8nv5nNP8HbkZIyHWpLGDGeIaWw9WrCtgsNKgvJgi-8OMtQHqw9GFYlMdCq-lCrC4fiq9n&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Easy+Credit+Online&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmsBlLqpj1eTZ0bYYlbd4QSUsy-mM9hIyMZHUHYOZIY1UvVUb2Tw1Y_z37v1uz0-0RvNyY0rRXBjmG9NHtHEhAjED3nLQuh_1qANZh7d-FsYCxYMcIDk6OV-mhBzUy3d1m-or9ZPeYX-NJt0gQ&pcsa=false&nb=0 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:24.704906940 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:24 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-d8c6n server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:25.858484983 CEST	771	OUT	GET /search/tsc.php?ses=ogcCEgzSeontOgAbrSzHQVODwWyiFd4Smw4NzjHCVuKwwf_Zh7smDYw8XcvF9mEwvIWDdMpWAhDhSCRGbwXXCwb7M94EIr_Y6XNgLEPfbup_J4Ss8zT-lIgI2E1lTQvRqm4D_wHpAD6GCKXnzRLM6h-4XAF_YoB7VMC7Qom8P5eH2cRNIWJys3VzkYjG_PkO-YTn-zuMeAJzDzmh8Vaj_oduMSL0HNXnpScEHSqfUof9WL9FX52GfWZ8EyYqGYtNCgOAY2PVNL6BWyP9SwiMmIxd6bpOZHKALHYm_rGRZTdJzo75bx6Mqs8nv5nNP8HbkZIyHWpLGDGeIaWw9WrCtgsNKgvJgi-8OMtQHqw9GFYlMdCq-lCrC4fiq9n&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:26.512897015 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:26 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-d8c6n server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:36.957576990 CEST	945	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0&nm=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:37.538149118 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:37 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_Ghnr54cL0OqGfEbodVta5rsEU5ICcdkqf3mpAWVDQ6pdAPBlZO5XMybEXBJbyB9qcNY5vs5bAXsPSr+kBUutug== last-modified: Mon, 30 Sep 2024 22:41:37 GMT x-cache-miss-from: parking-75d9cf65f9-b9tc5 server: Parking/1.0 content-encoding: gzip Data Raw: 32 43 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 57 7d 53 db 38 13 ff ff 3e 85 9a 9b bb b9 97 38 71 80 50 b0 09 33 49 a1 3d 5a 5a e0 5a ae 70 1d a6 23 db b2 ad c6 96 5c 49 ce 4b f3 f8 bb 3f 2b d9 49 9c d7 6b c9 0c b1 b5 ef bb bf dd 55 ce 9e 5d dc bc f8 f0 78 7b 89 62 95 26 e7 67 fa 3f 4a 30 8b 7a 0d c2 1a 08 05 58 61 0b 07 5e c2 fd e1 90 4c 7b 6f 5f 8e c7 17 77 8f af df f0 7f af e2 91 ff ae 7f 77 39 18 dc f5 2f de 8f fb e3 f7 fd d7 83 fe 3b 36 4d 3e 8e 0f 46 d7 8f 47 f1 3d 3b 1d db c7 df ee de 78 f1 9b 41 38 fa f2 f2 fe 85 0c 5e 26 de f1 87 e0 2e 9e 78 a7 7f 3f 7c 7c c8 af 8e d4 61 c7 ff 93 9f 84 8f 37 a3 b6 3c f9 da b9 7e 75 1b e1 c3 8b cb ce 75 5b fd 75 7f 74 7d f9 ee ed 8b fe f8 b2 df bf eb f5 3e bf 8a 99 e8 1e f9 d7 f6 cd d7 57 e1 a5 c7 83 7f 14 ee 0a 79 79 df bd 7a e1 07 c3 af e1 61 9a f5 3f fe 73 71 77 9c 05 fd db 41 f2 ef 4d f7 e1 ed d4 bb 7c 18 bc f6 a6 83 d3 af fe bb c7 ee 48 76 bd fe 83 bc 7d 2f fe 1c 0e ee 73 95 47 bd 1e 84 4e 70 70 7e 96 12 85 91 1f 63 21 89 ea 35 72 15 5a 27 8d f3 33 45 [TRUNCATED] Data Ascii: 2CBW}S8>8qP3I=ZZZp#\IK?+IkU]x{b&g?J0zXa^L{o_ww9/;6M>FG=;xA8^&.x?\|\|a7<~uu[ut}>Wyyza?sqwAM\|Hv}/sGNpp~c!5rZ'3EUB=c*Z>Oe\ae!9eHHYXEu.5NI1dqL4Pq/ #4)>NH)4Ok'$bNH_LQTQ7x(cAPx_Di HzA%$5+!W<DaDByVj2+AI8xW?,m,4
Oct 1, 2024 00:41:37.538172007 CEST	1236	IN	Data Raw: 44 d0 14 47 a4 9d b1 68 49 88 05 09 7b 8d 76 9b a6 51 4b 92 80 67 58 98 28 20 2b 6d 45 d2 0c 7c 25 b2 9d f0 88 cb b6 a6 7f d6 8f 2d a3 a2 7d 7e 26 d5 14 4a ba 50 d6 fe e3 19 62 3a 4d 09 fd 46 5a be 94 68 f4 bc 65 b7 6c f4 3f f4 f6 ea 03 ba 86 9a Data Ascii: DGhI{vQKgX( +mE\|%-}~&JPb:MFZhel?2I-*=c'XWh[1QNuTZL%K.bxC4A4S,",r9of/GMI\|]Y@%$`YPY1s"ic&<N2wGv6)b1D
Oct 1, 2024 00:41:37.538184881 CEST	448	IN	Data Raw: c0 46 d4 1b 0c a6 e9 56 c3 77 77 3a 6d 9e 7c 65 e5 72 bf df 4b be ef 77 7d 8b cc 86 f7 db 78 7e 28 00 08 7e 84 fd e9 2d 87 9f 14 d3 fd 31 ac b0 7e 7f 18 db c5 7e 34 cd 7c 48 89 95 c2 35 09 47 64 b6 f8 71 12 d2 09 09 dc 6a 66 c1 ed 6a 79 e5 aa af Data Ascii: FVww:m\|erKw}x~(~-1~~4\|H5Gdqjfjyn?m[302YKo0+R%$$pa&)Hv}c;+*<37y9QU~_wo1XFd\|#gpu$@lY'eC5A.(nkjlakmAU?+
Oct 1, 2024 00:41:37.538413048 CEST	1236	IN	Data Raw: 97 cb eb b4 3c d6 fe 16 d0 18 08 b4 50 07 a8 5a e2 c4 f4 d4 e6 5a f6 45 e1 83 28 f1 b5 9f ce 78 0e 85 b0 9a 33 79 17 08 d0 bb 37 b8 36 0a 18 86 ed a9 e2 aa 7b 74 8d 66 59 16 67 da 7d 68 8b 7d 40 6b 89 e0 2d c4 54 60 02 e7 1b ce c8 3d f0 b3 22 2d Data Ascii: <PZZE(x3y76{tfYg}h}@k-T`="-+Dq`pi5ezk6hQe/[ar+jkQm]DzZOy.B4ttbU4Y")(\|n:7kKl}hO(H
Oct 1, 2024 00:41:37.538434982 CEST	224	IN	Data Raw: 99 e9 d7 ac 8a f7 58 cb 0a e9 78 58 4b 3b 29 eb 45 ce 55 a8 3b c9 2f a9 c0 d5 7a 2a bd 22 91 39 f4 42 d3 06 c8 91 47 5d b2 02 ed 0e 09 c0 ad b5 b4 46 7a 22 bc 64 83 17 c5 52 60 e4 0e 51 3f 7a 35 f2 4d 05 bc c3 f2 76 3d f2 7d cd 51 f6 00 1c c0 48 Data Ascii: XxXK;)EU;/z"9BG]Fz"dR`Q?z5Mv=}QHjd-KZf"!+tN` hujq`)juSV*H,{d%=>m)WgN=r-p V<pa[N}+ci!?aN
Oct 1, 2024 00:41:37.538445950 CEST	1236	IN	Data Raw: f0 23 c9 97 ec 00 79 7c 05 6d f0 0f 59 90 3d 6b 24 34 49 6e ad 90 dc 61 11 0f 05 c5 56 db bc 27 36 70 52 25 95 68 61 b7 22 89 54 3d c5 2c af 65 02 23 78 5b 34 b9 b5 61 0d db 3d 4b 6c 70 24 5f a7 a8 61 63 91 f0 eb 29 3e 9c 88 d8 62 ce fb a3 39 6f Data Ascii: #y\|mY=k$4InaV'6pR%ha"T=,e#x[4a=Klp$_ac)>b9o-T72^3%=d8!?<)ikj#jg,0Q_f{Mi<KON gpG$XwYA[qV@DXMBi*: 7d\|ex<S}>B
Oct 1, 2024 00:41:37.538471937 CEST	224	IN	Data Raw: 0b a9 a6 74 f5 8e a7 0d a7 41 ef 50 11 5f e4 35 db 0d 24 bc d3 17 35 7d ba 48 9e d9 d5 56 39 a8 01 e5 6f 6b 36 b6 af 8b 4c 0f ef e9 b4 c2 c4 b2 5e 63 a6 cc 5e 9b f4 ec 0e 3f 70 65 41 64 c9 be b2 21 5b ed 66 d8 f1 bb 01 dd 09 b0 43 77 b5 5f 5a 9e Data Ascii: tAP_5$5}HV9ok6L^c^?peAd![fCw_ZP=j0/(FU#ZTcQzN8h]^MpnDS`&HTu>[JmO*(v+TBgf7Z/F.p2+\$k2k:
Oct 1, 2024 00:41:37.538609028 CEST	1236	IN	Data Raw: 31 46 18 7a c1 63 66 72 c3 97 a9 bd 0d 7c 51 f8 cd 69 50 34 bc a1 30 54 e5 55 c1 75 5c 39 99 d0 82 52 15 b9 d2 4c a0 6f 07 fa fc a3 d4 f6 97 de d1 5c 87 62 4f b1 4c 65 23 f8 a9 7d 97 b6 d3 d4 27 97 65 3e 0b c6 6e a1 b7 7b ae b4 3b 01 68 89 a6 44 Data Ascii: 1Fzcfr\|QiP40TUu\9RLo\bOLe#}'e>n{;hD"DD5n{Ym`h?Ke3hNb \]I(o_r/=u}}>+N}U]T<\|R+OTh\|ww+L'+e#%VBH=!Y9!%IW?8
Oct 1, 2024 00:41:37.538649082 CEST	1236	IN	Data Raw: c8 bc eb 1b d8 e8 79 53 78 d7 91 af 6e 7f 5b 92 94 26 51 3c d7 e2 50 27 5c 45 a5 3c 2e 38 60 14 a5 71 b8 cf 09 1c 68 b0 5c 0a 77 68 62 ee 5a ae bd 4c 0d 55 ce 52 eb 3c 28 e5 59 71 43 cf e0 17 5d fe 03 00 00 ff ff 0d 0a 35 32 30 0d 0a ac 5c 5b 6b Data Ascii: ySxn[&Q<P'\E<.8`qh\whbZLUR<(YqC]520\[kF+Y=rUgM@KwcEN$$e.NZ/of$]P$*p':x9Jwk#SphNk8$;)d+?z4bM?MJ_D
Oct 1, 2024 00:41:37.538659096 CEST	161	IN	Data Raw: ef 96 4a 69 fd 1d d0 d4 d3 b9 06 8c c4 ca 93 a4 af 5e 92 e4 fc 68 30 d6 3a 57 3f 4a b8 d8 95 b9 f2 57 7e 66 5c 03 7d c9 49 1d 26 8c 22 f0 f7 f9 f9 09 6c 7f d7 bf 29 16 5d 30 96 25 ec ee 27 d4 53 14 a9 f9 e9 62 21 f4 12 7b ea 20 d4 45 27 94 75 7b Data Ascii: Ji^h0:W?JW~f\}I&"l)]0%'Sb!{ E'u{K+]p>S7g71:v<yjQTo]tE>LZ0
Oct 1, 2024 00:41:38.735189915 CEST	1220	OUT	GET /search/tsc.php?ses=ogcOvUmN52CO_eKsS5JZzE0wynRpt6QbiS6sAHuO_6msznjeTMydQ93ointIivefiiMkkBN_NZP1WxDDsxt58gmUI3k7v-SyUMSMr2tGGCjigQ7KWxayEJJgFOj_5eggQILa25IYaBcIfHpeOUsJz8ZWbj9Isa1HKZefUYxR9gqczds4rqBm0yCZ7J1Jf6c7wbfB7U7yeSJmHNLobTZ93Kck3FGEtHrIs6Hs0zIgy_lpTBM6wGPDV0TmKYKguw-dhwwuXdAXisOicYz3810tShNiPEEjuJnuYzeKyjojdjxmg6E49xGGmDuUa9wzlLggqxKPZ6vddXV_a_t5qGbkpK3crZZGymFtcClYf7VUApPj_TtA9upvttLb_lb&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Online+Personal+Banking&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpj83GkSv_qTfJmr0vMvsF4lRX1v5EiQog9_VBnAHX1ESiBnqrLrSb-JwgIUhknaXdPffRbUD2d0MAqST59WM4PpjRJIetDh2bOvEKEy3mxJMcFw4xdNNcOr2ScuZn8OOikXeeBoLaDs4&pcsa=false&nb=0&nm=2 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:38.930938959 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:38 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-b9tc5 server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:39.063190937 CEST	771	OUT	GET /search/tsc.php?ses=ogcOvUmN52CO_eKsS5JZzE0wynRpt6QbiS6sAHuO_6msznjeTMydQ93ointIivefiiMkkBN_NZP1WxDDsxt58gmUI3k7v-SyUMSMr2tGGCjigQ7KWxayEJJgFOj_5eggQILa25IYaBcIfHpeOUsJz8ZWbj9Isa1HKZefUYxR9gqczds4rqBm0yCZ7J1Jf6c7wbfB7U7yeSJmHNLobTZ93Kck3FGEtHrIs6Hs0zIgy_lpTBM6wGPDV0TmKYKguw-dhwwuXdAXisOicYz3810tShNiPEEjuJnuYzeKyjojdjxmg6E49xGGmDuUa9wzlLggqxKPZ6vddXV_a_t5qGbkpK3crZZGymFtcClYf7VUApPj_TtA9upvttLb_lb&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:39.732165098 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:39 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-n7q88 server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:42.420990944 CEST	233	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
Oct 1, 2024 00:41:44.492275953 CEST	954	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:44.505191088 CEST	954	OUT	GET /caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:45.189785004 CEST	1236	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:45 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_vOSo81pciB3Yo4i2ovbBL9KzPSn72GPR423HYjlBAYxftcMpN1D4jcSsZ7+lB6POyjbuDLshtj4gDtiwOCgcGQ== last-modified: Mon, 30 Sep 2024 22:41:45 GMT x-cache-miss-from: parking-75d9cf65f9-lw9z8 server: Parking/1.0 content-encoding: gzip Data Raw: 32 32 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 84 90 4d 73 da 30 10 86 ef fd 15 1b 1f 7a 49 20 01 3c 09 99 62 66 6c 4c be 20 7c 26 93 38 97 8e 2c cb b6 40 96 1c 6b 6d 85 fc fa 0a e8 b4 e9 a9 3a 48 bb 3b a3 e7 7d df 1d 9c 84 f3 d1 53 b4 18 43 8e 85 18 0e f6 37 08 22 33 cf 61 d2 01 48 08 92 16 49 62 a1 e8 76 cb 76 de e3 8d 31 e1 32 7a 98 a8 b7 fb bc a1 33 7f 39 0e 82 a5 1f ae 8d 6f d6 fe 43 e0 cf e4 4e bc 98 6e 33 8d dc fc 59 5e 9b 8b cb cf e5 24 ce 27 41 da 6c 6e 9e 47 3a b9 11 f1 e5 53 b2 cc 3f e2 eb d5 eb cb 6b 7d ef 62 af 43 4f 55 3f 8d e6 cd b9 ee bf 77 a6 b7 8b 8c f4 c2 71 67 7a 8e 77 cf ee 74 3c 7b 1c f9 66 ec fb 4b cf fb d9 cc d7 aa df 29 29 0f 7a 91 72 79 57 35 71 30 bd 9e 7c 2e d6 f2 aa 7b bb 58 b9 dd de 5d b4 11 81 1f 7d a4 48 1f cb 59 27 74 37 74 ad df ae 4e 45 70 b9 98 ef 36 71 1d 4e 75 8e 1b 37 0b 91 9b f9 28 a3 b7 16 6c a3 33 92 0c 07 05 43 02 34 27 95 66 e8 39 35 a6 ad be 33 1c 20 47 c1 86 31 91 5b c3 ab 36 55 c5 77 19 eb f2 47 eb f8 8c 38 c2 5c 0a 2e 19 ac 49 c3 65 a6 c1 a7 54 d5 12 61 [TRUNCATED] Data Ascii: 221Ms0zI <bflL \|&8,@km:H;}SC7"3aHIbvv12z39oCNn3Y^$'AlnG:S?k}bCOU?wqgzwt<{fK))zryW5q0\|.{X]}HY't7tNEp6qNu7(l3C4'f953 G1[6UwG8\.IeTaEiX1e W=8?sLtLZ'{k8eCs%GNDKS"i_ueRkVZL4xEKFv7x3[o 6`@VVQj<]J!cUDXA5A#\|vNllg~9&v571Y[o+jf-;Hm-
Oct 1, 2024 00:41:45.189800978 CEST	224	IN	Data Raw: b0 0b ec c3 a2 28 30 08 06 94 44 d9 dc 48 a2 20 4a 8e 3d aa fe 7b 0f 2f 92 28 89 f2 24 8b 45 30 13 9b e4 39 3c 97 ef dc 98 6b 01 16 a1 19 3e 92 75 91 1f 87 8d 53 49 92 bf de ad d7 34 3b ae 38 89 59 81 4b c1 57 98 67 5d 91 ac 48 85 4e eb 94 1d 19 Data Ascii: (0DH J={/($E09<k>uSI4;8YKWg]HN_JX/o{f^)FVi<s:$'K1_~\@m7.@GTIj;w7,6.4RbNc&]+gH
Oct 1, 2024 00:41:45.189812899 CEST	1236	IN	Data Raw: 78 bc 89 29 07 03 5c 7d 99 1d da d3 a6 49 00 45 92 b9 bf 25 59 a0 f9 ad f6 4f 24 73 bc 36 a1 c7 08 4b b8 b9 f0 b1 2e 09 00 96 4e 99 a8 9d 4e 94 0d 10 3e 7a c5 a5 3d 95 4d c8 2e 82 35 18 df d7 60 45 b0 14 68 ed bd 80 9d 49 99 a4 ec cd 3f 53 4e 01 Data Ascii: x)\}IE%YO$s6K.NN>z=M.5`EhI?SNm\|@hz33^>pUG#0;+9-cK)+-\|V-U2?g9&>DJ'zG'Rx/qV\|$qk(F-unGZ
Oct 1, 2024 00:41:45.189825058 CEST	224	IN	Data Raw: 17 ff 46 f3 98 bd cd 00 3c 9d e2 cb 63 88 3f 6d 3d cf ed fe c1 58 f2 39 10 e2 7b 81 16 7a 40 bd 12 71 78 19 11 43 a5 e2 0e e6 72 56 0f 3c 90 83 91 65 dd b6 64 cb 00 33 05 c6 3d d0 c8 49 9b 9d 77 3f 60 4f a1 ef 36 0f 13 b9 fa 41 b5 63 b0 f1 ee 55 Data Ascii: F<c?m=X9{z@qxCrV<ed3=Iw?`O6AcUQ5m0q`;l'BxQ8idD<9r@4(Oq}x73!vhBCHjrT,I1!x("-&=??-AC%17lyN
Oct 1, 2024 00:41:45.189960003 CEST	1236	IN	Data Raw: 31 69 ce b4 2f 24 83 01 de 00 6d 29 20 42 bc 8e 84 ea 16 5d b7 9b c3 e1 e1 60 f8 c3 58 1c 02 da 48 04 17 24 53 c1 98 b1 7f 12 13 b9 85 fd 06 ef c3 6d 34 61 af 17 df cf 1e f1 ec 8f 10 5d c7 d9 8c f7 1f 27 fd e4 06 70 5a 1e 8b 99 77 ce fa 10 3d ef Data Ascii: 1i/$m) B]`XH$Sm4a]'pZw=uF5O0?n`[V/hu$oxT5^bQ&6qC*h~;JzU3:IJbJDfQNvRQB~hI>
Oct 1, 2024 00:41:45.190011024 CEST	224	IN	Data Raw: 9b 27 09 0b 77 8f 40 0e 34 34 c8 79 76 c7 e9 a1 9a 31 ce e1 cb 68 54 14 c5 d0 62 17 a6 df 7d 08 bc 73 20 0a 62 f1 bf 1c 91 45 9f 19 e7 55 73 17 84 ef a3 34 03 2e 8e 47 1c a7 54 f8 75 20 f9 7f 20 ed b0 f2 ec 18 f8 9b d9 64 bd 1e f8 12 b2 51 ed 99 Data Ascii: 'w@44yv1hTb}s bEUs4.GTu dQl~jZ)n(xBFwIxuN571[YH+3e_HPnu(,& ;wyyh\wH;aj%)V)$>_;Rs3xzH8
Oct 1, 2024 00:41:45.190093994 CEST	1236	IN	Data Raw: 0f f3 d7 fa aa 5d d8 49 49 7c fe 1d a5 d1 0f 61 d0 52 ac ea 13 5a 3e b8 b4 5c 1b 95 cc 6f 12 6f a6 e4 26 4f d1 1e ed 5e 8c 64 7a b1 69 0f ad 7c ef e0 00 12 28 89 19 c9 87 30 5e ce a4 d8 e4 65 5a 19 33 cc 92 37 2a e5 b0 a1 96 9a 49 1a 7b a5 50 f7 Data Ascii: ]II\|aRZ>\oo&O^dzi\|(0^eZ37*I{PJl=6B{k'1CYI;IKemfffW#NmP'+7+P>6=B+wV$Rr)"5y3B{X>ox~ak/2_
Oct 1, 2024 00:41:45.190160036 CEST	224	IN	Data Raw: aa e4 b5 3b 3d 4d fd ea 3a 0f 6c 35 9b a8 a5 36 ec 2e 84 a0 9c a4 0c 39 99 73 8a df a5 f4 6c 94 5d 27 96 26 6c 97 7c e9 f3 01 73 73 12 38 64 22 43 08 17 34 bf be 4d cc 45 be 0d 0d 0a 32 32 42 0d 0a 2a 71 6f 93 9c e4 91 c6 76 da cf fc 53 37 55 03 Data Ascii: ;=M:l56.9sl]'&l\|ss8d"C4ME22BqovS7Uz&j#~W_;[-b`Z:.}taDKc]aZ=3}]GGR},o pC`P7exyG
Oct 1, 2024 00:41:45.190200090 CEST	1236	IN	Data Raw: 97 52 cb f7 84 1c 03 a3 e7 04 ef 5c ca 20 6d 01 0c 23 2c f1 9d 95 42 79 57 94 57 bc 20 78 61 e5 2f 34 1e 43 a0 1b 47 ee 51 2f 1a de d7 a4 9b 57 a2 72 fb 46 f4 1d 09 7e 97 2b be 9d c0 7b ad 00 2b e8 5e ce b0 69 08 0d 52 8d 2a 88 41 f6 f1 f7 24 6f Data Ascii: R\ m#,ByWW xa/4CGQ/WrF~+{+^iR*A$o?!l~l4EO6VD-[q~yj/ 7~k'G9p_B!,2+E_3]wuwC!:z5/\|di3;\|#5a_kF
Oct 1, 2024 00:41:45.190210104 CEST	224	IN	Data Raw: 48 99 f1 19 8c a3 45 e1 ad 35 8c a0 be 65 af cd 26 f2 aa fb 06 34 d2 6e 8a aa 3b e2 95 f3 6f 3b 84 93 11 c5 4b 49 0e 31 31 4b e9 49 9d 17 ba 02 24 95 30 82 e7 0c 36 34 f8 ac 1d 83 c8 c1 82 35 a5 bd 62 34 34 b1 b5 d4 79 50 ca 93 e2 cd 3d 53 fb d2 Data Ascii: HE5e&4n;o;KI11KI$0645b44yP=S(TVdBJkE:9NZ#nGJNr<.vPQ59\|J{Ot>,rDU5wkm<:e)_v.y
Oct 1, 2024 00:41:45.276640892 CEST	1138	IN	Data Raw: d0 01 b1 9f 7a d3 bb 42 52 98 45 da 94 02 58 6b 58 27 82 ba a6 e7 b1 83 de ce d1 9c 9d 43 ed 1f c5 6a 6a 5a 62 bd 62 6c 77 d0 e9 94 06 a3 08 c9 65 30 56 09 40 92 16 1d 50 c4 1f 5a de 7a a1 96 73 8b 2b ae bc d9 6c a4 ea 18 b0 02 48 f1 47 fa 5e 50 Data Ascii: zBREXkX'CjjZbblwe0V@PZzs+lHG^P$p^-d\|8^C_.ZrDkvLtaVIZjtJhP-BRQqBqucB"gjqrEk&kQ7^V>~6<54W7<(8
Oct 1, 2024 00:41:45.328563929 CEST	1229	OUT	GET /search/tsc.php?ses=ogcQkbQpzTES3IebH-jL7XHjZBaJcAFoaSa-avJH62SFZ15x2TZWk5GCiUOcmmFAix2mUIhlcIacIOBT4ovgKwAARzX-W2gTMrxEGA62NTxSdgOb30zCDj2huDe6QDewz05_n2ib87RzA7Hsxwue3b9rz7vpxsDSy3FnfxvKgaPoEPsS9-LHgsEn40EKANf-1ToBovE_SHVODsfDg4wbme94iYHhL3DRwEZLpVgxIXa0AJd0YVF6ofq-nPg3OmTUQ9wHwzYgefz5yDvfHIiyADevu-zfd3DlJ_-rlaeDJ24haWRQ7ORilmszsxqyBu4IZt6zsPA7cZAdO1JXAYHQQONrYWiYTo3vGT8lqK-0a5gkbJPdGPuDLXlIXfg&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&query=Cit+Online+Savings+Account+Rates&afdToken=ChMI8IWNqd7riAMVK4v9Bx0AtylkEmwBlLqpjzZf00jJRYvUGJ6wvGGsT2iU7IbVe168rFuvCx3ClVd3qSBXnf4CLASbz7kwedvhMecrsczNl32swrUMcpftMdXlGiL-m7emDq6on4nnz5HtJwqgpuSRwRpUHuJ8v97FWdnG2CacayQ&pcsa=false&nb=0&nm=3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:45.527551889 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:45 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-fvx6t server: Parking/1.0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://bankwir.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Windows Analysis Report
http://bankwir.com/

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 00:41:53.974041939 CEST	771	OUT	GET /search/tsc.php?ses=ogcQkbQpzTES3IebH-jL7XHjZBaJcAFoaSa-avJH62SFZ15x2TZWk5GCiUOcmmFAix2mUIhlcIacIOBT4ovgKwAARzX-W2gTMrxEGA62NTxSdgOb30zCDj2huDe6QDewz05_n2ib87RzA7Hsxwue3b9rz7vpxsDSy3FnfxvKgaPoEPsS9-LHgsEn40EKANf-1ToBovE_SHVODsfDg4wbme94iYHhL3DRwEZLpVgxIXa0AJd0YVF6ofq-nPg3OmTUQ9wHwzYgefz5yDvfHIiyADevu-zfd3DlJ_-rlaeDJ24haWRQ7ORilmszsxqyBu4IZt6zsPA7cZAdO1JXAYHQQONrYWiYTo3vGT8lqK-0a5gkbJPdGPuDLXlIXfg&cv=2 HTTP/1.1 Host: www.bankwir.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __gsas=ID=f9bcb952ac981036:T=1727736043:RT=1727736043:S=ALNI_MYzaclFj_jU8Gw2EbZxXIAVqtL37Q
Oct 1, 2024 00:41:54.645759106 CEST	181	IN	HTTP/1.1 200 OK date: Mon, 30 Sep 2024 22:41:54 GMT content-type: text/html; charset=UTF-8 content-length: 0 x-cache-miss-from: parking-75d9cf65f9-b9tc5 server: Parking/1.0

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:41 UTC	605	OUT	GET /templates/images/hero_nc.svg HTTP/1.1 Host: img.sedoparking.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:41 UTC	483	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 22:40:41 GMT Content-Type: image/svg+xml Content-Length: 48097 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * X-CFF: B Last-Modified: Thu, 05 Oct 2023 09:16:15 GMT Vary: Accept-Encoding x-cf-rand: 4.749 X-CF3: M CF4Age: 0 x-cf-tsc: 1696583686 CF4ttl: 31536000.000 X-CF2: H Accept-Ranges: bytes Server: CFS 1124 X-CF-ReqID: a6e1b9fccafec2c806184d6c1d25d139 X-CF1: 11696:fQ.iad2:nom:cacheN.iad2-01:M
2024-09-30 22:40:41 UTC	15901	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 0a 3c 21 2d 2d 20 43 72 65 61 74 6f 72 3a 20 43 6f 72 65 6c 44 52 41 57 20 32 30 31 38 20 28 36 34 2d 42 69 74 29 20 2d 2d 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 3a 73 70 61 63 65 3d 22 70 72 65 73 65 72 76 65 22 20 77 69 64 74 68 3d 22 31 34 34 30 70 78 22 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">... Creator: CorelDRAW 2018 (64-Bit) --><svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="1440px"
2024-09-30 22:40:41 UTC	16384	IN	Data Raw: 20 2d 31 37 2e 31 38 32 31 2c 2d 32 35 2e 38 33 38 35 20 2d 34 31 2e 38 34 33 32 2c 2d 34 35 2e 38 33 33 34 20 2d 37 34 2e 30 30 35 2c 2d 36 30 2e 30 30 36 34 20 2d 33 32 2e 33 33 36 33 2c 2d 31 34 2e 31 35 31 32 20 2d 36 38 2e 38 33 37 33 2c 2d 32 31 2e 31 35 30 35 20 2d 31 30 39 2e 35 30 33 2c 2d 32 31 2e 31 35 30 35 20 2d 36 37 2e 33 33 32 38 2c 30 20 2d 31 31 38 2e 38 33 35 2c 31 33 2e 39 39 38 36 20 2d 31 35 34 2e 31 35 39 2c 34 31 2e 38 32 31 33 20 2d 33 35 2e 33 32 33 36 2c 32 37 2e 39 39 37 32 20 2d 35 37 2e 38 32 36 2c 36 39 2e 33 33 38 38 20 2d 36 37 2e 36 35 39 39 2c 31 32 34 2e 31 35 36 7a 22 2f 3e 0a 20 20 20 3c 67 6c 79 70 68 20 75 6e 69 63 6f 64 65 3d 22 74 22 20 68 6f 72 69 7a 2d 61 64 76 2d 78 3d 22 32 37 37 22 20 64 3d 22 4d 32 35 36 2e Data Ascii: -17.1821,-25.8385 -41.8432,-45.8334 -74.005,-60.0064 -32.3363,-14.1512 -68.8373,-21.1505 -109.503,-21.1505 -67.3328,0 -118.835,13.9986 -154.159,41.8213 -35.3236,27.9972 -57.826,69.3388 -67.6599,124.156z"/> <glyph unicode="t" horiz-adv-x="277" d="M256.
2024-09-30 22:40:41 UTC	15812	IN	Data Raw: 39 20 30 7a 22 2f 3e 0a 20 20 3c 70 61 74 68 20 69 64 3d 22 70 61 74 68 36 32 39 22 20 63 6c 61 73 73 3d 22 66 69 6c 31 31 22 20 64 3d 22 4d 34 30 30 2e 31 34 37 20 31 34 31 2e 30 37 37 63 2d 30 2e 34 37 38 2c 2d 30 2e 33 34 31 20 2d 30 2e 39 35 39 2c 2d 30 2e 36 37 39 20 2d 31 2e 34 34 31 2c 2d 31 2e 30 31 32 20 2d 35 2e 32 31 32 2c 2d 33 2e 35 35 20 2d 31 30 2e 36 35 31 2c 2d 36 2e 37 39 38 20 2d 31 36 2e 33 39 32 2c 2d 39 2e 34 34 32 6c 30 20 2d 30 2e 30 37 35 20 34 2e 33 30 36 20 31 2e 39 36 33 63 31 2e 34 33 35 2c 30 2e 36 38 20 32 2e 37 39 35 2c 31 2e 34 33 36 20 34 2e 32 33 2c 32 2e 31 31 35 20 30 2e 36 38 2c 30 2e 33 37 38 20 31 2e 33 36 2c 30 2e 37 35 36 20 32 2e 30 33 39 2c 31 2e 31 33 33 6c 32 2e 30 34 20 31 2e 32 30 39 63 31 2e 33 36 2c 30 2e Data Ascii: 9 0z"/> <path id="path629" class="fil11" d="M400.147 141.077c-0.478,-0.341 -0.959,-0.679 -1.441,-1.012 -5.212,-3.55 -10.651,-6.798 -16.392,-9.442l0 -0.075 4.306 1.963c1.435,0.68 2.795,1.436 4.23,2.115 0.68,0.378 1.36,0.756 2.039,1.133l2.04 1.209c1.36,0.

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:41 UTC	448	OUT	GET /adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:41 UTC	844	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 153198 Date: Mon, 30 Sep 2024 22:40:41 GMT Expires: Mon, 30 Sep 2024 22:40:41 GMT Cache-Control: private, max-age=3600 ETag: "4454758832833526012" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 22:40:41 UTC	546	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 68 61 73 68 3a 22 31 37 33 38 33 36 33 33 34 36 34 33 37 30 36 31 35 35 35 33 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 31 34 33 31 2c 31 37 33 30 31 34 33 33 2c 31 37 33 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17301431,17301433,173
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 6d 61 69 6e 22 3a 74 72 75 65 2c 22 5f 77 61 69 74 4f 6e 43 6f 6e 73 65 6e 74 46 6f 72 46 69 72 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 54 61 72 67 65 74 69 6e 67 52 73 6f 6e 63 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 4e 6f 6e 62 6c 6f 63 6b 69 6e 67 53 61 73 43 6f 6f 6b 69 65 22 3a 74 72 75 65 7d 2c 6d 64 70 3a 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 69 35 75 5a 58 51 73 64 48 4a 68 62 6e 4e 73 59 58 Data Ascii: main":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYX
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 65 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 71 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 Data Ascii: ;c.prototype.toString=function(){return this.ne};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});q("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Arra
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 76 61 72 20 70 61 3d 6c 61 3b 0a 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6b 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 70 61 29 70 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 63 21 3d 22 70 72 6f 74 6f 74 79 70 65 22 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 Data Ascii: extensible");return a}:null}var pa=la;function qa(a,b){a.prototype=ka(b.prototype);a.prototype.constructor=a;if(pa)pa(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.definePrope
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 0a 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 55 66 28 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 66 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 62 64 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 67 67 28 68 2c 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 63 65 28 32 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 4c 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 Data Ascii: on":h=!0;break a;default:h=!1}h?this.Uf(g):this.Ld(g)}};b.prototype.Uf=function(g){var h=void 0;try{h=g.then}catch(k){this.bd(k);return}typeof h=="function"?this.gg(h,g):this.Ld(g)};b.prototype.bd=function(g){this.ce(2,g)};b.prototype.Ld=function(g){this
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 72 2c 74 29 7b 6c 3d 72 3b 6d 3d 74 7d 29 3b 74 68 69 73 2e 69 62 28 6b 28 67 2c 6c 29 2c 6b 28 68 2c 6d 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 62 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 42 29 7b 63 61 73 65 20 31 3a 67 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 3a Data Ascii: ew b(function(r,t){l=r;m=t});this.ib(k(g,l),k(h,m));return p};b.prototype.catch=function(g){return this.then(void 0,g)};b.prototype.ib=function(g,h){function k(){switch(l.B){case 1:g(l.Xa);break;case 2:h(l.Xa);break;default:throw Error("Unexpected state:
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 6e 63 74 69 6f 6e 20 65 28 6b 29 7b 69 66 28 21 73 61 28 6b 2c 67 29 29 7b 76 61 72 20 6c 3d 6e 65 77 20 63 3b 63 61 28 6b 2c 67 2c 7b 76 61 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6c 3d 4f 62 Data Ascii: nction e(k){if(!sa(k,g)){var l=new c;ca(k,g,{value:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Object.seal({}),l=Ob
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 68 2c 49 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 0a 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 49 3a 76 6f 69 64 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 68 29 7b 68 3d 75 28 68 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 68 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 Data Ascii: h,I:p}}return{id:l,list:m,index:-1,I:void 0}}function e(h){this[0]={};this[1]=b();this.size=0;if(h){h=u(h);for(var k;!(k=h.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 68 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 67 3d 30 3b 72 65 Data Ascii: })};e.prototype.values=function(){return c(this,function(h){return h.value})};e.prototype.forEach=function(h,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,h.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.entries;var g=0;re
2024-09-30 22:40:41 UTC	1390	IN	Data Raw: 21 3d 62 5b 2d 2d 65 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 65 3c 3d 30 7d 7d 29 3b 0a 71 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 73 61 28 62 2c 64 29 26 26 63 2e 70 75 73 68 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 Data Ascii: !=b[--e])return!1;return e<=0}});q("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)sa(b,d)&&c.push([d,b[d]]);return c}});q("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(d=String(

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:43 UTC	703	OUT	GET /afs/ads/i/iframe.html HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:43 UTC	1037	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/html Content-Security-Policy: script-src 'nonce-x120gzsu8AW1XxZfAVw1gQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none' Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 1560 Date: Mon, 30 Sep 2024 22:40:43 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Last-Modified: Tue, 17 Sep 2024 06:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 22:40:43 UTC	353	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 61 64 42 6c 6f 63 6b 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 78 31 32 30 67 7a 73 75 38 41 57 31 58 78 5a 66 41 56 77 31 67 51 22 3e 69 66 20 28 77 69 6e 64 6f 77 2e 6e Data Ascii: <!doctype html><html><head><meta name="ROBOTS" content="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta content="origin" name="referrer"></head><body><div id="adBlock"></div><script nonce="x120gzsu8AW1XxZfAVw1gQ">if (window.n
2024-09-30 22:40:43 UTC	1207	IN	Data Raw: 61 64 73 65 6e 73 65 2f 73 65 61 72 63 68 2f 61 64 73 2e 6a 73 22 3b 76 61 72 20 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 69 66 20 28 21 21 68 72 65 66 20 26 26 20 28 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 3f 70 61 63 3d 27 29 20 3e 20 30 20 7c 7c 20 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 26 70 61 63 3d 27 29 20 3e 20 30 29 29 20 7b 69 66 20 28 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 3f 70 61 63 3d 31 27 29 20 3e 20 30 20 7c 7c 20 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 26 70 61 63 3d 31 27 29 20 3e 20 30 29 20 7b 73 63 72 69 70 74 2e 73 72 63 20 2b 3d 20 27 3f 70 61 63 3d 31 27 3b 7d 20 65 6c 73 65 20 69 66 20 28 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 3f 70 61 63 3d 32 27 29 20 3e 20 30 20 7c 7c 20 Data Ascii: adsense/search/ads.js";var href = window.location.href;if (!!href && (href.indexOf('?pac=') > 0 \|\| href.indexOf('&pac=') > 0)) {if (href.indexOf('?pac=1') > 0 \|\| href.indexOf('&pac=1') > 0) {script.src += '?pac=1';} else if (href.indexOf('?pac=2') > 0 \|\|

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:43 UTC	1478	OUT	GET /afs/ads?adsafe=low&adtest=off&psid=3259787283&channel=exp-0051%2Cauxa-control-1%2C44786252&client=dp-sedo80_3ph&r=m&hl=en&ivt=1&rpbu=http%3A%2F%2Fwww.bankwir.com%2Fcaf%2F%3Fses%3DY3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3ZoZnNhSUFXNFBPeEo%3D&type=3&uiopt=false&swp=as-drid-2280784292183247&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266%2C72717108&format=r3%7Cs&nocache=9481727736041134&num=0&output=afd_ads&domain_name=www.bankwir.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1727736041142&u_w=1280&u_h=1024&biw=1263&bih=907&psw=1263&psh=1146&frm=0&uio=--&cont=rb-default&drt=0&jsid=caf&nfp=1&jsv=678245571&rurl=http%3A%2F%2Fwww.bankwir.com%2F HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: http://www.bankwir.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:43 UTC	807	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Content-Disposition: inline Date: Mon, 30 Sep 2024 22:40:43 GMT Expires: Mon, 30 Sep 2024 22:40:43 GMT Cache-Control: private, max-age=3600 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ymDsioA5VdDhJQ9IkYKQPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Server: gws X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-30 22:40:43 UTC	583	IN	Data Raw: 33 38 61 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 68 65 61 64 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 73 73 72 2d 62 6f 69 6c 65 72 70 6c 61 74 65 22 3e 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 6d 61 72 67 69 6e 3a 30 3b 7d 2e 64 69 76 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 20 30 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 20 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 7d 2e 73 70 61 6e 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 20 2e 64 69 76 3a 6c 61 73 Data Ascii: 38aa<!doctype html><html lang="en"> <head> <style id="ssr-boilerplate">body{-webkit-text-size-adjust:100%; font-family:arial,sans-serif; margin:0;}.div{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;max-width:100%;}.span:last-child, .div:las
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 69 5f 7b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 20 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 20 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7d 2e 76 5f 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 31 20 30 3b 20 2d 77 65 62 6b 69 74 Data Ascii: i_{display:-ms-flexbox; display:-webkit-box; display:-webkit-flex; display:flex;-ms-flex-align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;box-sizing:border-box; overflow:hidden;}.v_{-webkit-box-flex:1 0; -webkit
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 5f 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7d 2e 6f 5f 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 7d 2e 78 5f 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 7d 2e 79 5f 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 7a 2d 69 6e 64 65 78 3a 31 3b 7d 2e 6b 5f 3e 64 69 76 3a 6e 6f 74 28 2e 79 5f 29 20 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 20 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 20 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 62 6f 78 3b 20 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 Data Ascii: _{overflow:hidden;}.o_{white-space:nowrap;}.x_{cursor:pointer;}.y_{display:none; position:absolute; z-index:1;}.k_>div:not(.y_) {display:-webkit-inline-box; display:-moz-inline-box; display:-ms-inline-flexbox; display:-webkit-inline-flex; display:inline-f
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 73 74 61 72 74 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 7d 2e 66 6c 65 78 41 6c 69 67 6e 42 6f 74 74 6f 6d 7b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 65 6e 64 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 65 6e 64 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 65 6e 64 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 65 6e 64 3b 7d 2e 66 6c 65 78 41 6c 69 67 6e 43 65 6e 74 65 72 7b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 Data Ascii: start; align-items:flex-start;}.flexAlignBottom{-ms-flex-align:end; -webkit-box-align:end; -webkit-align-items:flex-end; align-items:flex-end;}.flexAlignCenter{-ms-flex-align:center; -webkit-box-align:center; -webkit-align-items:center; align-items:center
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 72 69 67 68 74 3a 31 30 70 78 3b 77 69 64 74 68 3a 31 30 30 25 3b 20 2d 6d 73 2d 66 6c 65 78 2d 6e 65 67 61 74 69 76 65 3a 31 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 31 20 30 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 31 3b 20 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 31 3b 7d 2e 73 69 31 30 32 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 35 70 78 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 30 70 78 3b 7d 2e 73 69 31 32 38 7b 68 65 69 67 68 74 3a 31 70 78 3b 77 69 64 74 68 3a 31 30 30 25 3b 20 2d 6d 73 2d 66 6c 65 78 2d 6e 65 67 61 74 69 76 65 3a 31 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 31 20 30 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 31 3b 20 66 6c 65 78 2d 73 68 72 Data Ascii: right:10px;width:100%; -ms-flex-negative:1;-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shrink:1;}.si102{border-radius:15px;height:30px;width:0px;}.si128{height:1px;width:100%; -ms-flex-negative:1;-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shr
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 2d 61 6c 69 67 6e 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 20 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 22 20 64 61 74 61 2d 61 64 2d 63 6f 6e 74 61 69 6e 65 72 3d 22 31 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 5f 20 64 69 76 20 72 73 73 41 74 74 72 43 6f 6e 74 61 69 6e 65 72 22 20 73 74 79 6c 65 3d 22 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 2d 77 65 62 6b 69 74 2d 62 6f Data Ascii: -align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;-ms-flex-wrap:wrap; -webkit-flex-wrap:wrap; flex-wrap:wrap;" data-ad-container="1"><div class="i_ div rssAttrContainer" style="-ms-flex-direction:row; -webkit-bo
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 20 73 74 79 6c 65 3d 22 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 Data Ascii: style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:center; -webkit-box-pack:center; -webkit-justify-content:center; justify-content:center;-ms-flex-align:center; -webkit-box-align:ce
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 61 6e 6b 77 69 72 2e 63 6f 6d 2f 63 61 66 2f 3f 73 65 73 3d 59 33 4a 6c 50 54 45 33 4d 6a 63 33 4d 7a 59 77 4e 44 41 6d 64 47 4e 70 5a 44 31 33 64 33 63 75 59 6d 46 75 61 33 64 70 63 69 35 6a 62 32 30 32 4e 6d 5a 69 4d 6a 68 6c 4f 47 4a 6c 5a 44 4d 33 4e 43 34 34 4f 44 59 78 4e 6a 55 31 4f 53 5a 30 59 58 4e 72 50 58 4e 6c 59 58 4a 6a 61 43 5a 6b 62 32 31 68 61 57 34 39 59 6d 46 75 61 33 64 70 63 69 35 6a 62 32 30 6d 59 56 39 70 5a 44 30 7a 4a 6e 4e 6c 63 33 4e 70 62 32 34 39 59 6e 46 4f 4e 58 4e 59 4e 33 Data Ascii: nt:horizontal; -webkit-flex-direction:row; flex-direction:row;"><a href="http://www.bankwir.com/caf/?ses=Y3JlPTE3Mjc3MzYwNDAmdGNpZD13d3cuYmFua3dpci5jb202NmZiMjhlOGJlZDM3NC44ODYxNjU1OSZ0YXNrPXNlYXJjaCZkb21haW49YmFua3dpci5jb20mYV9pZD0zJnNlc3Npb249YnFONXNYN3
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 5f 20 73 69 31 30 32 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 66 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 61 64 5f 69 63 6f 6e 73 2f 73 74 61 6e 64 61 72 64 2f 70 75 62 6c 69 73 68 65 72 5f 69 63 6f 6e 5f 69 6d 61 67 65 2f 73 65 61 72 63 68 2e 73 76 67 3f 63 3d 25 32 33 31 39 36 37 64 32 22 20 61 6c 74 3d 22 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22 20 63 6c 61 73 73 3d 22 69 6d 67 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 5f 20 64 69 76 20 73 69 33 33 22 20 73 74 79 6c 65 3d 22 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 20 Data Ascii: _ si102"><img src="https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2" alt="" loading="lazy" class="img"></div></div></div><div class="i_ div si33" style="-ms-flex-direction:row; -webkit-box-orient:horizontal;
2024-09-30 22:40:43 UTC	1390	IN	Data Raw: 61 3d 66 61 6c 73 65 22 20 64 61 74 61 2d 6e 62 3d 22 30 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 20 63 6c 61 73 73 3d 22 69 5f 20 61 20 73 69 31 34 34 22 20 73 74 79 6c 65 3d 22 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 68 6f 72 69 7a 6f 6e 74 61 6c 3b 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 73 74 61 72 74 3b 20 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 73 74 61 72 74 3b 20 6a 75 73 74 69 66 79 2d 63 6f 6e Data Ascii: a=false" data-nb="0" target="_top" class="i_ a si144" style="-ms-flex-direction:row; -webkit-box-orient:horizontal; -webkit-flex-direction:row; flex-direction:row;-ms-flex-pack:start; -webkit-box-pack:start; -webkit-justify-content:flex-start; justify-con

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:44 UTC	489	OUT	GET /adsense/domains/caf.js?abp=1&YEr3CiF6AuQqLspNobyal3ji0SyqxBLn=true HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:44 UTC	844	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 153207 Date: Mon, 30 Sep 2024 22:40:44 GMT Expires: Mon, 30 Sep 2024 22:40:44 GMT Cache-Control: private, max-age=3600 ETag: "5807633318253471531" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 22:40:44 UTC	546	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 68 61 73 68 3a 22 31 37 33 38 33 36 33 33 34 36 34 33 37 30 36 31 35 35 35 33 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 30 30 30 32 2c 31 37 33 30 31 34 33 37 2c 31 37 33 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17300002,17301437,173
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 72 6f 76 69 64 65 64 44 6f 6d 61 69 6e 22 3a 74 72 75 65 2c 22 5f 77 61 69 74 4f 6e 43 6f 6e 73 65 6e 74 46 6f 72 46 69 72 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 54 61 72 67 65 74 69 6e 67 52 73 6f 6e 63 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 4e 6f 6e 62 6c 6f 63 6b 69 6e 67 53 61 73 43 6f 6f 6b 69 65 22 3a 74 72 75 65 7d 2c 6d 64 70 3a 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 69 35 75 5a 58 51 73 64 Data Ascii: rovidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsd
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 29 72 65 74 75 72 6e 20 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 65 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 71 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 Data Ascii: )return a;c.prototype.toString=function(){return this.ne};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});q("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8ClampedArray
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 2b 22 20 69 73 20 6e 6f 74 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 76 61 72 20 70 61 3d 6c 61 3b 0a 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6b 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 70 61 29 70 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 63 21 3d 22 70 72 6f 74 6f 74 79 70 65 22 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f 62 6a 65 63 74 2e 64 65 Data Ascii: +" is not extensible");return a}:null}var pa=la;function qa(a,b){a.prototype=ka(b.prototype);a.prototype.constructor=a;if(pa)pa(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.de
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 0a 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 55 66 28 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 66 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 62 64 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 67 67 28 68 2c 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 63 65 28 32 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 4c 64 3d 66 75 6e 63 74 69 6f Data Ascii: e "function":h=!0;break a;default:h=!1}h?this.Uf(g):this.Ld(g)}};b.prototype.Uf=function(g){var h=void 0;try{h=g.then}catch(k){this.bd(k);return}typeof h=="function"?this.gg(h,g):this.Ld(g)};b.prototype.bd=function(g){this.ce(2,g)};b.prototype.Ld=functio
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 72 20 6c 2c 6d 2c 70 3d 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 72 2c 74 29 7b 6c 3d 72 3b 6d 3d 74 7d 29 3b 74 68 69 73 2e 69 62 28 6b 28 67 2c 6c 29 2c 6b 28 68 2c 6d 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 62 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 42 29 7b 63 61 73 65 20 31 3a 67 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 55 6e 65 78 70 65 63 74 Data Ascii: r l,m,p=new b(function(r,t){l=r;m=t});this.ib(k(g,l),k(h,m));return p};b.prototype.catch=function(g){return this.then(void 0,g)};b.prototype.ib=function(g,h){function k(){switch(l.B){case 1:g(l.Xa);break;case 2:h(l.Xa);break;default:throw Error("Unexpect
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 65 28 6b 29 7b 69 66 28 21 73 61 28 6b 2c 67 29 29 7b 76 61 72 20 6c 3d 6e 65 77 20 63 3b 63 61 28 6b 2c 67 2c 7b 76 61 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c Data Ascii: ction"}function e(k){if(!sa(k,g)){var l=new c;ca(k,g,{value:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Object.seal
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 3a 6d 2c 69 6e 64 65 78 3a 68 2c 49 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 0a 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 49 3a 76 6f 69 64 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 68 29 7b 68 3d 75 28 68 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 68 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 Data Ascii: :m,index:h,I:p}}return{id:l,list:m,index:-1,I:void 0}}function e(h){this[0]={};this[1]=b();this.size=0;if(h){h=u(h);for(var k;!(k=h.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Objec
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 75 72 6e 20 68 2e 6b 65 79 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 68 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 Data Ascii: urn h.key})};e.prototype.values=function(){return c(this,function(h){return h.value})};e.prototype.forEach=function(h,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,h.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.entries;v
2024-09-30 22:40:44 UTC	1390	IN	Data Raw: 69 66 28 64 5b 2d 2d 63 5d 21 3d 62 5b 2d 2d 65 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 65 3c 3d 30 7d 7d 29 3b 0a 71 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 73 61 28 62 2c 64 29 26 26 63 2e 70 75 73 68 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 Data Ascii: if(d[--c]!=b[--e])return!1;return e<=0}});q("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)sa(b,d)&&c.push([d,b[d]]);return c}});q("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof String&&(

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 22:40:44 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=237906 Date: Mon, 30 Sep 2024 22:40:44 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:45 UTC	555	OUT	GET /adsense/domains/caf.js?pac=0 HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://syndicatedsearch.goog/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:45 UTC	845	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 153214 Date: Mon, 30 Sep 2024 22:40:45 GMT Expires: Mon, 30 Sep 2024 22:40:45 GMT Cache-Control: private, max-age=3600 ETag: "16762785716741463394" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 22:40:45 UTC	545	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 73 79 6e 64 69 63 61 74 65 64 73 65 61 72 63 68 2e 67 6f 6f 67 22 2c 68 61 73 68 3a 22 31 37 33 38 33 36 33 33 34 36 34 33 37 30 36 31 35 35 35 33 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 31 34 33 31 2c 31 37 33 30 31 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17301431,17301
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 65 53 65 72 76 65 72 50 72 6f 76 69 64 65 64 44 6f 6d 61 69 6e 22 3a 74 72 75 65 2c 22 5f 77 61 69 74 4f 6e 43 6f 6e 73 65 6e 74 46 6f 72 46 69 72 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 54 61 72 67 65 74 69 6e 67 52 73 6f 6e 63 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 4e 6f 6e 62 6c 6f 63 6b 69 6e 67 53 61 73 43 6f 6f 6b 69 65 22 3a 74 72 75 65 7d 2c 6d 64 70 3a 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 Data Ascii: eServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpb
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 67 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 65 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 71 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 Data Ascii: g})}if(a)return a;c.prototype.toString=function(){return this.ne};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});q("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8Clamp
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 65 45 72 72 6f 72 28 61 2b 22 20 69 73 20 6e 6f 74 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 76 61 72 20 70 61 3d 6c 61 3b 0a 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6b 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 70 61 29 70 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 63 21 3d 22 70 72 6f 74 6f 74 79 70 65 22 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 4f Data Ascii: eError(a+" is not extensible");return a}:null}var pa=la;function qa(a,b){a.prototype=ka(b.prototype);a.prototype.constructor=a;if(pa)pa(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&O
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 0a 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 55 66 28 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 66 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 62 64 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 67 67 28 68 2c 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 63 65 28 32 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 4c 64 Data Ascii: ak a;case "function":h=!0;break a;default:h=!1}h?this.Uf(g):this.Ld(g)}};b.prototype.Uf=function(g){var h=void 0;try{h=g.then}catch(k){this.bd(k);return}typeof h=="function"?this.gg(h,g):this.Ld(g)};b.prototype.bd=function(g){this.ce(2,g)};b.prototype.Ld
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 29 7d 7d 3a 74 7d 76 61 72 20 6c 2c 6d 2c 70 3d 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 72 2c 74 29 7b 6c 3d 72 3b 6d 3d 74 7d 29 3b 74 68 69 73 2e 69 62 28 6b 28 67 2c 6c 29 2c 6b 28 68 2c 6d 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 62 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 42 29 7b 63 61 73 65 20 31 3a 67 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 22 Data Ascii: )}}:t}var l,m,p=new b(function(r,t){l=r;m=t});this.ib(k(g,l),k(h,m));return p};b.prototype.catch=function(g){return this.then(void 0,g)};b.prototype.ib=function(g,h){function k(){switch(l.B){case 1:g(l.Xa);break;case 2:h(l.Xa);break;default:throw Error("
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 65 28 6b 29 7b 69 66 28 21 73 61 28 6b 2c 67 29 29 7b 76 61 72 20 6c 3d 6e 65 77 20 63 3b 63 61 28 6b 2c 67 2c 7b 76 61 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a Data Ascii: l==="function"}function e(k){if(!sa(k,g)){var l=new c;ca(k,g,{value:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Obj
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 68 2c 49 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 0a 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 49 3a 76 6f 69 64 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 68 29 7b 68 3d 75 28 68 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 68 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 Data Ascii: d:l,list:m,index:h,I:p}}return{id:l,list:m,index:-1,I:void 0}}function e(h){this[0]={};this[1]=b();this.size=0;if(h){h=u(h);for(var k;!(k=h.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|type
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 6b 65 79 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 68 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 65 Data Ascii: n(h){return h.key})};e.prototype.values=function(){return c(this,function(h){return h.value})};e.prototype.forEach=function(h,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,h.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.e
2024-09-30 22:40:45 UTC	1390	IN	Data Raw: 30 26 26 63 3e 30 3b 29 69 66 28 64 5b 2d 2d 63 5d 21 3d 62 5b 2d 2d 65 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 65 3c 3d 30 7d 7d 29 3b 0a 71 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 73 61 28 62 2c 64 29 26 26 63 2e 70 75 73 68 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 Data Ascii: 0&&c>0;)if(d[--c]!=b[--e])return!1;return e<=0}});q("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)sa(b,d)&&c.push([d,b[d]]);return c}});q("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof S

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:45 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 22:40:45 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=237849 Date: Mon, 30 Sep 2024 22:40:45 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-30 22:40:45 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-30 22:40:46 UTC	373	OUT	GET /adsense/domains/caf.js?pac=0 HTTP/1.1 Host: syndicatedsearch.goog Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 22:40:46 UTC	845	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui" Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} Content-Length: 153215 Date: Mon, 30 Sep 2024 22:40:46 GMT Expires: Mon, 30 Sep 2024 22:40:46 GMT Cache-Control: private, max-age=3600 ETag: "14287442422026715323" X-Content-Type-Options: nosniff Link: <https://syndicatedsearch.goog>; rel="preconnect" Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 22:40:46 UTC	545	IN	Data Raw: 69 66 28 21 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 29 7b 77 69 6e 64 6f 77 5b 27 67 6f 6f 67 6c 65 4e 44 54 5f 27 5d 3d 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 41 6c 74 4c 6f 61 64 65 72 3d 33 3b 76 61 72 20 73 66 66 65 44 61 74 61 5f 3d 7b 73 65 72 76 69 63 65 5f 68 6f 73 74 3a 22 73 79 6e 64 69 63 61 74 65 64 73 65 61 72 63 68 2e 67 6f 6f 67 22 2c 68 61 73 68 3a 22 31 37 33 38 33 36 33 33 34 36 34 33 37 30 36 31 35 35 35 33 22 2c 70 61 63 6b 61 67 65 73 3a 22 64 6f 6d 61 69 6e 73 22 2c 6d 6f 64 75 6c 65 3a 22 61 64 73 22 2c 76 65 72 73 69 6f 6e 3a 22 31 22 2c 6d 3a 7b 63 65 69 3a 22 31 37 33 30 31 34 33 37 2c 31 37 33 30 31 Data Ascii: if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"17383633464370615553",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,17301
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 65 53 65 72 76 65 72 50 72 6f 76 69 64 65 64 44 6f 6d 61 69 6e 22 3a 74 72 75 65 2c 22 5f 77 61 69 74 4f 6e 43 6f 6e 73 65 6e 74 46 6f 72 46 69 72 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 45 6e 68 61 6e 63 65 64 54 61 72 67 65 74 69 6e 67 52 73 6f 6e 63 22 3a 74 72 75 65 2c 22 65 6e 61 62 6c 65 4e 6f 6e 62 6c 6f 63 6b 69 6e 67 53 61 73 43 6f 6f 6b 69 65 22 3a 74 72 75 65 7d 2c 6d 64 70 3a 31 38 30 30 30 30 30 2c 73 73 64 6c 3a 22 59 58 42 77 63 33 42 76 64 43 35 6a 62 32 30 73 59 6d 78 76 5a 33 4e 77 62 33 51 75 59 32 39 74 4c 47 4a 79 4c 6d 4e 76 62 53 78 6a 62 79 35 6a 62 32 30 73 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 73 5a 58 55 75 59 32 39 74 4c 47 68 76 63 48 52 76 4c 6d 39 79 5a 79 78 70 62 Data Ascii: eServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpb
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 3a 67 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6e 65 7d 3b 76 61 72 20 64 3d 22 6a 73 63 6f 6d 70 5f 73 79 6d 62 6f 6c 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 39 3e 3e 3e 30 29 2b 22 5f 22 2c 65 3d 30 3b 72 65 74 75 72 6e 20 62 7d 29 3b 0a 71 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d Data Ascii: :g})}if(a)return a;c.prototype.toString=function(){return this.ne};var d="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",e=0;return b});q("Symbol.iterator",function(a){if(a)return a;a=Symbol("Symbol.iterator");for(var b="Array Int8Array Uint8Array Uint8Clam
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 70 65 45 72 72 6f 72 28 61 2b 22 20 69 73 20 6e 6f 74 20 65 78 74 65 6e 73 69 62 6c 65 22 29 3b 72 65 74 75 72 6e 20 61 7d 3a 6e 75 6c 6c 7d 76 61 72 20 70 61 3d 6c 61 3b 0a 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 2c 62 29 7b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 6b 61 28 62 2e 70 72 6f 74 6f 74 79 70 65 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 61 3b 69 66 28 70 61 29 70 61 28 61 2c 62 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 63 21 3d 22 70 72 6f 74 6f 74 79 70 65 22 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 62 2c 63 29 3b 64 26 26 Data Ascii: peError(a+" is not extensible");return a}:null}var pa=la;function qa(a,b){a.prototype=ka(b.prototype);a.prototype.constructor=a;if(pa)pa(a,b);else for(var c in b)if(c!="prototype")if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 0a 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 55 66 28 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 55 66 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 62 64 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 73 2e 67 67 28 68 2c 67 29 3a 74 68 69 73 2e 4c 64 28 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 64 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 74 68 69 73 2e 63 65 28 32 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 4c Data Ascii: eak a;case "function":h=!0;break a;default:h=!1}h?this.Uf(g):this.Ld(g)}};b.prototype.Uf=function(g){var h=void 0;try{h=g.then}catch(k){this.bd(k);return}typeof h=="function"?this.gg(h,g):this.Ld(g)};b.prototype.bd=function(g){this.ce(2,g)};b.prototype.L
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 77 29 7d 7d 3a 74 7d 76 61 72 20 6c 2c 6d 2c 70 3d 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 72 2c 74 29 7b 6c 3d 72 3b 6d 3d 74 7d 29 3b 74 68 69 73 2e 69 62 28 6b 28 67 2c 6c 29 2c 6b 28 68 2c 6d 29 29 3b 72 65 74 75 72 6e 20 70 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 76 6f 69 64 20 30 2c 67 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 62 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 0a 68 29 7b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 73 77 69 74 63 68 28 6c 2e 42 29 7b 63 61 73 65 20 31 3a 67 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 68 28 6c 2e 58 61 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 68 72 6f 77 20 45 72 72 6f 72 28 Data Ascii: w)}}:t}var l,m,p=new b(function(r,t){l=r;m=t});this.ib(k(g,l),k(h,m));return p};b.prototype.catch=function(g){return this.then(void 0,g)};b.prototype.ib=function(g,h){function k(){switch(l.B){case 1:g(l.Xa);break;case 2:h(l.Xa);break;default:throw Error(
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 7c 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 65 28 6b 29 7b 69 66 28 21 73 61 28 6b 2c 67 29 29 7b 76 61 72 20 6c 3d 6e 65 77 20 63 3b 63 61 28 6b 2c 67 2c 7b 76 61 6c 75 65 3a 6c 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 6b 29 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 5b 6b 5d 3b 6c 26 26 28 4f 62 6a 65 63 74 5b 6b 5d 3d 66 75 6e 63 74 69 6f 6e 28 6d 29 7b 69 66 28 6d 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6d 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6d 29 26 26 65 28 6d 29 3b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 Data Ascii: \|l==="function"}function e(k){if(!sa(k,g)){var l=new c;ca(k,g,{value:l})}}function f(k){var l=Object[k];l&&(Object[k]=function(m){if(m instanceof c)return m;Object.isExtensible(m)&&e(m);return l(m)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var k=Ob
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 68 2c 49 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 0a 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 49 3a 76 6f 69 64 20 30 7d 7d 66 75 6e 63 74 69 6f 6e 20 65 28 68 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 62 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 68 29 7b 68 3d 75 28 68 29 3b 66 6f 72 28 76 61 72 20 6b 3b 21 28 6b 3d 68 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6b 3d 6b 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6b 5b 30 5d 2c 6b 5b 31 5d 29 7d 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 Data Ascii: id:l,list:m,index:h,I:p}}return{id:l,list:m,index:-1,I:void 0}}function e(h){this[0]={};this[1]=b();this.size=0;if(h){h=u(h);for(var k;!(k=h.next()).done;)k=k.value,this.set(k[0],k[1])}}if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typ
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 6b 65 79 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 2e 76 61 6c 75 65 7d 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 68 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e Data Ascii: on(h){return h.key})};e.prototype.values=function(){return c(this,function(h){return h.value})};e.prototype.forEach=function(h,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,h.call(k,m[1],m[0],this)};e.prototype[Symbol.iterator]=e.prototype.
2024-09-30 22:40:46 UTC	1390	IN	Data Raw: 3e 30 26 26 63 3e 30 3b 29 69 66 28 64 5b 2d 2d 63 5d 21 3d 62 5b 2d 2d 65 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 65 3c 3d 30 7d 7d 29 3b 0a 71 28 22 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 73 61 28 62 2c 64 29 26 26 63 2e 70 75 73 68 28 5b 64 2c 62 5b 64 5d 5d 29 3b 72 65 74 75 72 6e 20 63 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 Data Ascii: >0&&c>0;)if(d[--c]!=b[--e])return!1;return e<=0}});q("Object.entries",function(a){return a?a:function(b){var c=[],d;for(d in b)sa(b,d)&&c.push([d,b[d]]);return c}});q("Array.prototype.find",function(a){return a?a:function(b,c){a:{var d=this;d instanceof