Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://sites.google.com/view/busch-vacuum/home

Overview

General Information

Sample URL:https://sites.google.com/view/busch-vacuum/home
Analysis ID:1391076
Infos:

Detection

HtmlDropper, HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected Html Dropper
Yara detected HtmlPhish10
Yara detected HtmlPhish20
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Phishing site or detected (based on various text indicators)
Creates files inside the system directory
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found

Classification

  • System is w10x64
  • chrome.exe (PID: 6108 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1984,i,8483475906506789809,10319773719344864098,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6392 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/busch-vacuum/home MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0.0.pages.csvJoeSecurity_HtmlPhish_20Yara detected HtmlPhish_20Joe Security
    0.1.pages.csvJoeSecurity_HtmlPhish_20Yara detected HtmlPhish_20Joe Security
      5.13.pages.csvJoeSecurity_HtmlDropper_3Yara detected Html DropperJoe Security
        5.13.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          6.14.pages.csvJoeSecurity_HtmlDropper_3Yara detected Html DropperJoe Security
            Click to see the 1 entries
            No Sigma rule has matched
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https://sites.google.com/view/busch-vacuum/homeSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
            Source: https://allmysonscom.top/jq/8845edfee9737b347c9bba0188b1b8f065ca72cbd90c1Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/boot/8845edfee9737b347c9bba0188b1b8f065ca72cbd90c6Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/cdn-cgi/challenge-platform/h/b/flow/ov1/262488950:1707764966:vaAlIai909zKvAhWSk_psiX7v9StSENbiBvKUScxVng/85474443ad6c4503/8c2b9e0eb6a0042Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/1Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/cdn-cgi/challenge-platform/h/b/flow/ov1/318354221:1707764905:dMGQ1qf0ojXCyT3GkA92YDzydM_ywRIzHUqJOdKJBCE/854744798c5612da/bb407e331054714Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/ASSETS/img/m_.svgAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/js/8845edfee9737b347c9bba0188b1b8f065ca72cbd90caAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/o/8845edfee9737b347c9bba0188b1b8f065ca72ce4265cAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/ASSETS/img/sig-op.svgAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=85474443ad6c4503Avira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/favicon.icoAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=854744798c5612daAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/x/8845edfee9737b347c9bba0188b1b8f065ca72ce4262dAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.top/APP-8845edfee9737b347c9bba0188b1b8f065ca72ce4261b/8845edfee9737b347c9bba0188b1b8f065ca72ce4261cAvira URL Cloud: Label: phishing
            Source: https://allmysonscom.topAvira URL Cloud: Label: phishing

            Phishing

            barindex
            Source: Yara matchFile source: 5.13.pages.csv, type: HTML
            Source: Yara matchFile source: 6.14.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786Matcher: Found strong image similarity, brand: MICROSOFT
            Source: https://allmysonscom.top/Matcher: Template: cloudflare matched
            Source: https://allmysonscom.top/Matcher: Template: cloudflare matched
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786Matcher: Template: microsoft matched
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786#Matcher: Template: microsoft matched
            Source: Chrome DOMOCR Text: Busch Vacuum Mark Magill Has Shared a Document Home History PRESS HERE TO VIEW/DOWNLOAD DOCUMENTS Team FAO
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: Number of links: 0
            Source: https://allmysonscom.top/HTTP Parser: Base64 decoded: https://allmysonscom.top/
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: Title: 83d322445b1d02a6451c977e55b79f8a65ca72cb02757 does not match URL
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: Invalid link: get a new Microsoft account
            Source: https://allmysonscom.top/HTTP Parser: No favicon
            Source: https://allmysonscom.top/HTTP Parser: No favicon
            Source: https://allmysonscom.top/HTTP Parser: No favicon
            Source: https://allmysonscom.top/HTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/82xpu/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/82xpu/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: No favicon
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: No <meta name="author".. found
            Source: https://allmysonscom.top/21663221c08095a4839b4833d7029a6265ca72cb02785LOG21663221c08095a4839b4833d7029a6265ca72cb02786HTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 72.246.252.126:443 -> 192.168.2.4:49762 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 72.246.252.126:443 -> 192.168.2.4:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49778 version: TLS 1.2
            Source: Binary string: _.d7=function(a,c){this.Db=a;this.B=c};_.d7.prototype.getId=function(){return this.Db};_.d7.prototype.toString=function(){return this.Db};_.iDb=new _.d7("skipCache",!0);_.jDb=new _.d7("maxRetries",3);_.kDb=new _.d7("isInitialData",!0);_.lDb=new _.d7("batchId");_.mDb=new _.d7("batchRequestId");_.nDb=new _.d7("extensionId");_.oDb=new _.d7("eesTokens");_.pDb=new _.d7("unobfuscatedRpcId"); source: chromecache_80.2.dr
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 72.246.252.126
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 96.7.245.89
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 96.7.245.89
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /view/busch-vacuum/home HTTP/1.1Host: sites.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
            Source: global trafficHTTP traffic detected: GET /js/client.js?onload=gapiLoaded HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
            Source: global trafficHTTP traffic detected: GET /fSqYar0jheoUPBYKca6aF_NSRtDkQuF_3zYDeKWst7rfzPohazcN9UFL3nOv9fXNuHhAU8TgyRRs-R1SWXu5b_Q=w16383 HTTP/1.1Host: lh6.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fSqYar0jheoUPBYKca6aF_NSRtDkQuF_3zYDeKWst7rfzPohazcN9UFL3nOv9fXNuHhAU8TgyRRs-R1SWXu5b_Q=w16383 HTTP/1.1Host: lh6.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.y0xCMa4KeeI.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-3MGCaatZB3kdS5TpZdd-gOSBHg/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
            Source: global trafficHTTP traffic detected: GET /uNIla_7jRBSSF3AYmFIAe6z2LT9wgy8chO3jGUsCmMSzR9r_PaqAbY4eE5z2pvW0gcPhVNOfFaVI0EEfJ0EY6-0=w16383 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /_/view/logImpressions?authuser=0 HTTP/1.1Host: sites.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /uNIla_7jRBSSF3AYmFIAe6z2LT9wgy8chO3jGUsCmMSzR9r_PaqAbY4eE5z2pvW0gcPhVNOfFaVI0EEfJ0EY6-0=w16383 HTTP/1.1Host: lh3.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /_/view/logImpressions?authuser=0 HTTP/1.1Host: sites.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /url?q=https%3A%2F%2Fnowlifestyle.com%2Fredir.php%3Fk%3D9a4e080456dabe5eebc8863cde7b1b48%26url%3Dhttps%3A%2F%2Fallmysonscom.top&sa=D&sntz=1&usg=AOvVaw1wKraueWhnGr5VlpbWx2MD HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /redir.php?k=9a4e080456dabe5eebc8863cde7b1b48&url=https://allmysonscom.top HTTP/1.1Host: nowlifestyle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: allmysonscom.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=85474443ad6c4503 HTTP/1.1Host: allmysonscom.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://allmysonscom.top/?__cf_chl_rt_tk=827_YhIdJNGcC0qhgrnMd71OAO.BZvCY75UWqF050PQ-1707766441-0-3813Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/a990e557/api.js?onload=uWvsrp7&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://allmysonscom.topsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allmysonscom.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allmysonscom.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/262488950:1707764966:vaAlIai909zKvAhWSk_psiX7v9StSENbiBvKUScxVng/85474443ad6c4503/8c2b9e0eb6a0042 HTTP/1.1Host: allmysonscom.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=854744532923b0b1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allmysonscom.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allmysonscom.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1536897702:1707765084:WklD56mw33U7CPv27fqqC0pnnqAIy10G1Wxmdbh_jt0/854744532923b0b1/5c8cf7413cc3963 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /url?q=https%3A%2F%2Fnowlifestyle.com%2Fredir.php%3Fk%3D9a4e080456dabe5eebc8863cde7b1b48%26url%3Dhttps%3A%2F%2Fallmysonscom.top&sa=D&sntz=1&usg=AOvVaw1wKraueWhnGr5VlpbWx2MD HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=JaAjsLQYolHFCznFfa2bkPn0yQMO3zyNcyip2LQhQqPcxjMeipF2uSrk9NwV25lExU_3uDHEwHv21nCNZsReBqROSmX3QPswsiqTZIbjyEfKnllyjdhcDRrSZ153r5oVIAPpayJVq4t2NuLl8FeoBBGWbWDi8k8-4MglUQL8n2Kv3U-LhDx5H-qQ
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/854744532923b0b1/1707766445862/TL2Z-SAoYDbR0-B HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9ye9b/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /redir.php?k=9a4e080456dabe5eebc8863cde7b1b48&url=https://allmysonscom.top HTTP/1.1Host: nowlifestyle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: allmysonscom.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=854744798c5612da HTTP/1.1Host: allmysonscom.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://allmysonscom.top/?__cf_chl_rt_tk=nMKw9Q_A9UCDvFQMi7hMjkX7gJpSnsxaBrj4i5mhxh0-1707766450-0-3941Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allmysonscom.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allmysonscom.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/318354221:1707764905:dMGQ1qf0ojXCyT3GkA92YDzydM_ywRIzHUqJOdKJBCE/854744798c5612da/bb407e331054714 HTTP/1.1Host: allmysonscom.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/82xpu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Enco