| Source: PO No. 0146850827805 HSP00598420.exe |
Avira: detected |
| Source: http://www.adadev.info/ctdy/ |
Avira URL Cloud: Label: malware |
| Source: http://www.adadev.info/ctdy/?ml=PF-8nXUHD&R4Stj2k=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZHUsO9SJV5WPis6dAAfaCKHAM87QjltbifMPVPoLSKwbdMw== |
Avira URL Cloud: Label: malware |
| Source: http://www.gayhxi.info/k2i2/?R4Stj2k=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTaAffH6Ebl78vR8bpDnW8pt5wmDRx2PwDjv0U4337vN//Tw==&ml=PF-8nXUHD |
Avira URL Cloud: Label: malware |
| Source: http://www.promocao.info/zaz4/ |
Avira URL Cloud: Label: malware |
| Source: http://www.promocao.info/zaz4/?R4Stj2k=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddjkJxjmB725u/4P9m9WNTMgvCSsWrKIDHmR4Q2StU9f7tIQ==&ml=PF-8nXUHD |
Avira URL Cloud: Label: malware |
| Source: PO No. 0146850827805 HSP00598420.exe |
Virustotal: Detection: 69% |
Perma Link |
| Source: PO No. 0146850827805 HSP00598420.exe |
ReversingLabs: Detection: 68% |
| Source: Yara match |
File source: 0.2.PO No. 0146850827805 HSP00598420.exe.f10000.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 00000004.00000002.3919504279.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000000.00000002.2422961999.0000000005A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000003.00000002.3926275354.0000000008440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000000.00000002.2418703571.0000000000F11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000004.00000002.3920082555.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000004.00000002.3920171472.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000003.00000002.3920397657.0000000004160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000000.00000002.2419345292.0000000002700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
| Source: Submited Sample |
Integrated Neural Analysis Model: Matched 100.0% probability |
| Source: PO No. 0146850827805 HSP00598420.exe |
Joe Sandbox ML: detected |
| Source: PO No. 0146850827805 HSP00598420.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
| Source: PO No. 0146850827805 HSP00598420.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: |
Binary string: fc.pdb source: PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2417757352.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp |
| Source: |
Binary string: fc.pdbGCTL source: PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2417757352.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp |
| Source: |
Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: DlLArodfwUXcDj.exe, 00000003.00000002.3919488077.00000000003FE000.00000002.00000001.01000000.00000005.sdmp |
| Source: |
Binary string: wntdll.pdbUGP source: PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2326927222.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000002.2418789448.00000000010FE000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2324389294.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000002.2418789448.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3920347727.0000000003A0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.2420588892.00000000036C9000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3920347727.0000000003870000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.2418064008.0000000003518000.00000004.00000020.00020000.00000000.sdmp |
| Source: |
Binary string: wntdll.pdb source: PO No. 0146850827805 HSP00598420.exe, PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2326927222.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000002.2418789448.00000000010FE000.00000040.00001000.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000003.2324389294.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, PO No. 0146850827805 HSP00598420.exe, 00000000.00000002.2418789448.0000000000F60000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000004.00000002.3920347727.0000000003A0E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.2420588892.00000000036C9000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000004.00000002.3920347727.0000000003870000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000004.00000003.2418064008.0000000003518000.00000004.00000020.00020000.00000000.sdmp |
| Source: C:\Windows\SysWOW64\fc.exe |
Code function: 4_2_030DC870 FindFirstFileW,FindNextFileW,FindClose, |
4_2_030DC870 |
| Source: C:\Program Files (x86)\NDWZDtcCSOerkwHUATuByXALRMlNVDulItdVeOTqISSebXFaozDVKcOPCDiHaLmBnUBBzoTyUCsnwnX\DlLArodfwUXcDj.exe |
Code function: 4x nop then pop edi |
3_2_08482EA2 |
| Source: C:\Program Files (x86)\NDWZDtcCSOerkwHUATuByXALRMlNVDulItdVeOTqISSebXFaozDVKcOPCDiHaLmBnUBBzoTyUCsnwnX\DlLArodfwUXcDj.exe |
Code function: 4x nop then pop edi |
3_2_08482F0D |
| Source: C:\Program Files (x86)\NDWZDtcCSOerkwHUATuByXALRMlNVDulItdVeOTqISSebXFaozDVKcOPCDiHaLmBnUBBzoTyUCsnwnX\DlLArodfwUXcDj.exe |
Code function: 4x nop then pop edi |
3_2_08471F1C |
| Source: C:\Program Files (x86)\NDWZDtcCSOerkwHUATuByXALRMlNVDulItdVeOTqISSebXFaozDVKcOPCDiHaLmBnUBBzoTyUCsnwnX\DlLArodfwUXcDj.exe |
Code function: 4x nop then xor eax, eax |
3_2_08477780 |
| Source: C:\Program Files (x86)\NDWZDtcCSOerkwHUATuByXALRMlNVDulItdVeOTqISSebXFaozDVKcOPCDiHaLmBnUBBzoTyUCsnwnX\DlLArodfwUXcDj.exe |
Code function: 4x nop then pop edi |
3_2_08473FA1 |
| Source: C:\Windows\SysWOW64\fc.exe |
Code function: 4x nop then xor eax, eax |
4_2_030C9EC0 |
| Source: C:\Windows\SysWOW64\fc.exe |
Code function: 4x nop then pop edi |
4_2_030CE4C7 |
| Source: C:\Windows\SysWOW64\fc.exe |
Code function: 4x nop then mov ebx, 00000004h |
4_2_037104CE |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49915 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49915 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49994 -> 154.197.162.239:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49978 -> 84.32.84.32:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49981 -> 172.67.182.198:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49988 -> 199.192.21.169:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 154.197.162.239:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49980 -> 172.67.182.198:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49982 -> 172.67.182.198:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49987 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49987 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49986 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49999 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49999 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 188.114.96.3:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49983 -> 172.67.182.198:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49983 -> 172.67.182.198:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49975 -> 84.32.84.32:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49984 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49977 -> 84.32.84.32:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49976 -> 84.32.84.32:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49990 -> 199.192.21.169:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49978 -> 84.32.84.32:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50003 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50003 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49995 -> 154.197.162.239:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49995 -> 154.197.162.239:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 134.122.133.80:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 188.114.96.3:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 154.197.162.239:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50007 -> 188.114.96.3:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50007 -> 188.114.96.3:80 |
| Source: Network traffic |
Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49991 -> 199.192.21.169:80 |
| Source: Network traffic |
Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49991 -> 199.192.21.169:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 47.83.1.90:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 199.192.21.169:80 |
| Source: Network traffic |
Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 188.114.96.3:80 |
| Source: Joe Sandbox View |
IP Address: 154.197.162.239 154.197.162.239 |
| Source: Joe Sandbox View |
IP Address: 172.67.182.198 172.67.182.198 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic |
HTTP traffic detected: GET /k2i2/?R4Stj2k=oYl0YuhK+EfenM8ZaSaHfCiYAhLiDDJWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTaAffH6Ebl78vR8bpDnW8pt5wmDRx2PwDjv0U4337vN//Tw==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /zaz4/?R4Stj2k=a/HH2smDyRg6YmpNlpDSiGBzLdYAcGrERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9MtzddjkJxjmB725u/4P9m9WNTMgvCSsWrKIDHmR4Q2StU9f7tIQ==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /kxtt/?R4Stj2k=eC1oD4IhFSd/6jtL1AhIhKazMaYu9E65zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXj2cOA9AsjjYxFgIbzI/ZykrVUFshkofZlIAuVzcX4MBGxA==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /a59t/?R4Stj2k=4xL6Q7DrxWj99jxZ5aXf1AQ9gWZB5E5jNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acsoaYUTukUw5/VlLJHlB4H68wgcF/MAlZiH8mu7MSOf5Syg==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /bowc/?R4Stj2k=hSFyBF7QNpd6wUo32OUgsrg4/MrOyIQWjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO84RxecymeNEzyLIaWcKrL+RZ5eMRfwg+qeUwmqwyFGBk9g==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /cf9p/?R4Stj2k=tknvN2jlhTuvpXXfB7aTVyatH+optGyLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFI57Xl4izZbo5Nf+t7hBu9DYDZsVVcrRpMjG9JV+RkwAygg==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.investshares.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /jpjz/?R4Stj2k=BsCB6j6XIP/wuAb0HPY9posnISoRnnooDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcXHKBDP7KaxaAnbP80R2HqmHJM+3O9yicYOmuDElRRJIzTA==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.jrcov55qgcxp5fwa.topConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /ctdy/?ml=PF-8nXUHD&R4Stj2k=5YPKgWGFQCLPNGrLxhxItoeNmOBaThMtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZHUsO9SJV5WPis6dAAfaCKHAM87QjltbifMPVPoLSKwbdMw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.adadev.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
HTTP traffic detected: GET /8rr3/?R4Stj2k=iJ8hmWjdEFuk0u06tRtBw99RNA0cmJToU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH4gP8KF2Qn8j/cmS57RgWwvqcfmQWCIyf50xkCSEufT28mA==&ml=PF-8nXUHD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cifasnc.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1 |
| Source: global traffic |
DNS traffic detected: DNS query: www.gayhxi.info |
| Source: global traffic |
DNS traffic detected: DNS query: www.promocao.info |
| Source: global traffic |
DNS traffic detected: DNS query: www.grimbo.boats |
| Source: global traffic |
DNS traffic detected: DNS query: www.44756.pizza |
| Source: global traffic |
DNS traffic detected: DNS query: www.lonfor.website |
| Source: global traffic |
DNS traffic detected: DNS query: www.investshares.net |
| Source: global traffic |
DNS traffic detected: DNS query: www.nosolofichas.online |
| Source: global traffic |
DNS traffic detected: DNS query: www.jrcov55qgcxp5fwa.top |
| Source: global traffic |
DNS traffic detected: DNS query: www.adadev.info |
| Source: global traffic |
DNS traffic detected: DNS query: www.cifasnc.info |
| Source: global traffic |
DNS traffic detected: DNS query: www.ebsmadrid.store |
| Source: unknown |
HTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 208Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 52 34 53 74 6a 32 6b 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 74 65 41 35 69 76 33 4c 65 4b 6e 54 61 5a 4e 73 42 56 63 79 69 5a 76 53 4e 55 45 56 54 70 63 30 51 67 46 4f 51 34 3d Data Ascii: R4Stj2k=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvteA5iv3LeKnTaZNsBVcyiZvSNUEVTpc0QgFOQ4= |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:04 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vWG%2FSM8qJ0DRVt5wzWoyamKXhz3Ag3gSbxVeTagXjq3%2B5PrmISaX54wrBoJ3ZPH5nrh19ZNPqmVnkolCU1LTFSuluDzVn5xn7eDyT9Ram51Ej17c0uZPyyy0j0SEkO4zXlk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb6780d46ab45-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=13728&min_rtt=13728&rtt_var=6864&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=740&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0 |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dG9Q%2Br8K4ZDKEBQ1kr%2FZqJy8tvBunTC4GIqYr%2BQgA0N34%2FARRgRfiV8pdBAoTUSJme3z%2Be%2FXzOOqFtSAoRXUp8DfFwhwq95Z%2BJYTxEaLPJA2ovqgVfXdt8aL6O1lC2U9Piox"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb687e8445890-IADContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7243&min_rtt=7243&rtt_var=3621&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=760&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0 |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P77ltRN%2BFyuc2GmUt6LAw4BVJS6TT2sWZwrK7mNOXF143G%2BlRLHUdpHYjV3MPKqMEfu34N9MoAWoTUn8DLCE1GebXO0qzUWzhw9ddzsBnVwi9J%2FTO8t%2BS1Xx7%2BrULGVYboSp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb6980c7faadf-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14118&min_rtt=14118&rtt_var=7059&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1777&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0 |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:11 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B316oEP6nehNekEPmV%2BueJXQ7ST3BIWGP1zZddQCxxnZC%2BQF4Tb%2B9Q3Xw8GVS2DbsDLhyt5Dh6yTSFKbjLkuh6hws%2FhQ7GY09otUCyw3k1va%2F3i%2BcrKjXi9m1XMkL1zFjxhg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb6a7db15ab5a-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=13632&min_rtt=13632&rtt_var=6816&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=484&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 115<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>10 |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 16 Jan 2025 08:25:17 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html> |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 16 Jan 2025 08:25:20 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html> |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 16 Jan 2025 08:25:23 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html> |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Thu, 16 Jan 2025 08:25:25 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html> |
| Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:31 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f |
