Windows Analysis Report
http://reallyfreegeoip.org

Overview

General Information

Sample URL:	http://reallyfreegeoip.org
Analysis ID:	1426709
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body with high number of embedded images detected

HTML page contains hidden URLs or javascript code

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML body with high number of embedded images detected

Source: https://reallyfreegeoip.org/	HTTP Parser: Total embedded image size: 31266
Source: https://reallyfreegeoip.org/90.76.249.101	HTTP Parser: Total embedded image size: 31266

HTML page contains hidden URLs or javascript code

Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=89...

HTTP Parser: Base64 decoded: yRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAqgH-MKxAqgH-8KxAtgHANIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOljK-bP418aFA7EJlvKsXdRgl4mACgGYCwHICwGADAHaDBAKChC...

Source: https://reallyfreegeoip.org/	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/json/81.181.57.52	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/90.76.249.101	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/json/81.181.57.52?callback=myFunction	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=89...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6818625889483991&fa=3&ifi=8&uci=a!8&btvi=4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6818625889483991&fa=3&ifi=8&uci=a!8&btvi=4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-6818625889483991&fa=8&ifi=7&uci=a!7	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6818625889483991&fa=4&ifi=9&uci=a!9&btvi=5	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6818625889483991&fa=4&ifi=9&uci=a!9&btvi=5	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-6818625889483991&fa=1&ifi=10&uci=a!a&btvi=6	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49952 version: TLS 1.2

Source: excel.exe

Memory has grown: Private usage: 1MB later: 25MB

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/roboto.woff2 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://reallyfreegeoip.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reallyfreegeoip.org/json/81.181.57.52Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /json/90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://reallyfreegeoip.org/90.76.249.101Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /json/90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52?callback=myFunction HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /csv/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /xml/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /bulk HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CaoeE%7C&abl=CA&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1054 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&lmt=1713268878&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=250x816_l%7C250x816_r&format=0x0&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&pra=7&wgl=1&easpi=0&asro=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877974&bpp=5&bdt=1156&idt=1069&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=686x280&nras=1&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1096 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-6818625889483991?ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=1384&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=109 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2311&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=117 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2601&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=131 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxW87iMTYAA9JxIgnDNwCAoD-MvbbeYkPo6YFFiSTwTWDmGY_ykyBp9Af6t-sQxU23M2UK6WEo-v4osGSjO6rM5mZluvcFDXECcJN-TtSmA7-HAbX9cH_6ASshcs7OLkY-UcdhcFGg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgxLDc4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=COWD9kGgeZuaqN9uWrr4Pu6aSqAeCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNcBT9DJsdQtBDXGZGjmkNccPeq5aj1rqHH2QQ1ytIk8_7pr96uOJj9vfjLc-56o-_pgJV_gWVGQ4zY7obxGNsUSdGBDL-oTPXuU_8pCPa0Ubf54Tst-YyPTWq9g1kDmsWA4chOvYVvL_F-ce8-daTWYwYAcWTsca2C26hf4DunW6mx2urp6C4Uv1-XlgQdvynA9YFQoGOiQh2Kgn2G9-El23iyNgADz7tNHwNDoJAICpDFBQt8MOwXCdNYB71kH6zb9kSYtPPwN_j0dJaq7iy2eJVnygJHw5QHABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCj80TSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYyvmz-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEKDk5YiG8MyKbRICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=TiU2P5DEuak&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqoRm0Fk8gaRNlJVydO-AcgX-ex_0w0yph4vyK7Rujr9KZ2Ks_58E900rfhiznrSrvz9eEPtGiIv3MhEz7LRHZEHwT49RQnYFUZwEYAQ&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CaoeE%7C&abl=CA&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1054Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVu_J9GMFsCwnVUzP_dpbBHcRgK7fFwH6VPFQo3gqGMGA-u0DrC_HGrdb2OQhOrZ906TBTm6bXTxeqxNKimBeqdYoe1tZuYIOJVvqRMgQm7sI8qn2twsQc3rRIxnnEcFZbJvd0OZg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgyLDMyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmVhbGx5ZnJlZWdlb2lwLm9yZy9idWxrIixudWxsLFtbOCwiZWNKSG94Sl9YOHciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMjAsIltudWxsLG51bGwsWzk1MzI5ODQzXSwxNCwxM10iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/s?v=r20120211 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaQskQMkYWVqjzvmoqZsI475nztg5bC81gq-VXB49XRTpFz4dBlxb1d6y7bMRCjbUCu4eql7BhOgFexRoiRj_ejCDizwbg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaSxv5fD1Tm04uAwlAEDb-tAHm5RhfiBheN86s48UnhGlNMLilIH2se34uidJa4wlZ-Vpq4yvhFJAJm22u9hss8v8jU0Kg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaTiBIKzKNuETr1w-l3sy0eTeL_ip62zou988OofscCVBxqxvfaNUkLBtKel17ykNjbLqmwE2gxISOCsLNrYwux2sEUsRA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVU52TAQJRTlRvb1_bqi_QFqk_kM73rC9baqjUab81gJ0GxN-vF4Pi0XPimMRK4gC8qyZ0_jgGchTGTNcWrdNztGfr5MwJxRhJfX_cxFkjQf9rHPP-ejH-0zwDK2SHHZw6eIdDNx2lA3RZXAXcq3-JaXfE7HswNmuKtuAh8Qc5JVY8HmRESwluJCD8r/__468x6o_&adname=/adtop300./internet_ad_/redirect?tid= HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CCIHqk2geZvzzG_vlrr4P5N24SILIr8J2k4e3gpISzfWxwJVAEAEgt4G9I2DJtt2M4KSEFKAB98u4wgLIAQmpAlgyFW4j0Ek-qAMByAPLBKoE2gFP0PF6M3Ogx_7fe1QOsvZNUHHgbtesYqjEkRg6ICz3vhdYAoNPwWJnUPxiLIyXUQUYFQUCNhYng2zrDCZsZjfBfqZHHhxn1n_MqGT5NsMOUqmgclQCtQiVqHy5xXQwavCIERGSm4sjtps9X83Joq7ciLf_lak8Th2V2M_bnsDEnN6AKz-GW0XAxj4JBj05wlCkYGpiMOxSjam1Mhvhf5S8VX07eZgYGipAZYUwxbbEWJkZdq7szW8b54tZmKqRH7EJirmwWtN3wmnTr3hYx6Xjq-7ABwgwWcdL48AE0eboo6MEiAXV-5CeN5IFBAgEGAGSBQQIBRgEoAYugAfxs8e9AagH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAf3wrEC2AcA8gcEEO_VQtIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlj47M_518aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ8NvRqaPl3N2TARICAQPYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBguIgEA6BgB&sigh=ZqlnWtPV_Zw&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqZEAQd2owvRcE7P40MvaagF3YuWULXVpdj35FKAcw_4sGCqiCg1Gexg3SgWOxwZKReitVzVBXzBgB&template_id=5000&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source;navigation-source, triggerReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=1384&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQ
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CFf_Ek2geZor4HPyirr4Pz6OP-AGCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9Bu7CMA3dg9Hj4Ri3r8-bjLSteZQ3ueEv59HTes_xdCnLUNfyPZ4hS44jJj3ULz0BaWLt9CX4JJEprIvKT6wVqOW5jh4Ujy_eC4EuEzg-bKu5JPe5qBLcpVey7dC9r5_RAzJqlQohOYnF2OOmkI1eiJ3f2MESkPyZVYP3RodUK9GH097IEtIBBTSMR-QAgL140F1FlSevTsuDHFtyfEg0REHQQttDJVBNISyToDTFoEXwLAm4GvLdxWSjWVlUknogqZ6SlLJTbHCuOCKrU062HX5cbABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBDWpivSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpY-vPQ-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEJD_mp7Z9PqhTBICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=xWDdWWB5EpA&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqnM9NGOp93WvJClMIzRrhBpWGjwIsbjza7_6f_xw_-HlQwaWrfgoER6ajBoWHTlW0yOdPUSrtDRgB&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger;navigation-source, event-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2601&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mm
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CAZWlk2geZvOwHcDmrr4Py72IsAuCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9ByN_V40mYKRG3Ttf7xoJ2kh6ZoOL70EzLB_eOcUdeBm_a7Q3V5t0GfPeKU2dO9HT4nUVU9yM2EJqcFoT3JprF34ed438sxgJ1_FWzLlPhQycdRDxaBaPHz_rWFjlIeELencWxKCWUYH4jUT5Rbb-S4p_RZEEnQLsVzDBHJTU_AOy-bVlnHsaXrOtt5RFAoz76qVn50U44MCix5EgjMrc54p_3KkL8Bviqvzn0mAhMkoBtleXcSRj2V6btbr29Aa1CqdMYoeK9tgGZvEec4vLkGiCTABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCP737SCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYqZnR-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEJC9jbHhh97gvgESAgEDuBPkA9gTAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02ODE4NjI1ODg5NDgzOTkxGACyGAkSArhQGC4iAQDoGAE&sigh=RNHCxa6OB1o&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqltTZogJnZX4x4Q2N3yir7Sec5fuAPgXWrlPBKo7QaXRxBWGInXGvI1KhfkDQSo9S_jWNoP_pGRgB&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger=navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2311&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RF
Source: global traffic	HTTP traffic detected: GET /sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx HTTP/1.1Host: rtb.mfadsrvr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/adx/cm/pixel?google_gid=CAESEEBmP9OrHQviXPQMC1KfLq4&google_cver=1&google_push=AXcoOmSH5LsMIsFYGinmA9-qHpfLR6DdKaRdUijwcAtyrgrE5gi_aC7ai7Ap1y9_iFBscEVahM5c6pBnLgPM-WEc3vWN1KZt4mjoL0at HTTP/1.1Host: www.temu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ju/cs/google?google_gid=CAESEEaj-IKrJFj6IN4REVHViIk&google_cver=1&google_push=AXcoOmR77Y9HP1up4Y5IZEtV30mRb24AozZHkxu3YAcuM-rpWqgGp5TMExtV3qryDy7dUJCUqznibGUMOCDA6VAY9PrCU_3sar67FY3E HTTP/1.1Host: gtrace.mediago.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tum?umid=4&uid=CAESEHemRA7j9x_ZFSV3EmiTAtE&google_cver=1&google_push=AXcoOmSj-OWwdxfjcvZfEBQylR1fRj276GLjaDY4n8fkKNtkExS_l32_MbRNlk16vi0HXacJp4NFgiA5-BWFlXHz4fh4Gzdu7Gzclo3W HTTP/1.1Host: ums.acuityplatform.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/cmf/google?google_gid=CAESECqq3lhmL1MW8wwHo1rWmlU&google_cver=1&google_push=AXcoOmTVcCQcvLdnCFjE1DHHToNIELy_nDBPPxkqCmHIakZyiIJvFyatt6BIX8Iftr7Q4dptK6eBWt8ytwljV78pUBaDw6gwe4BF_w8 HTTP/1.1Host: match.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gp_match?google_gid=CAESEJnF8qVUeNA3yH447KsdHmA&google_cver=1&google_push=AXcoOmT-nqrzjzceulmNlSqL6Dq9pkeL-RDIp1YVkXvSbPHi9fGUVHCLLooe8eiNtU3_z8dKJu4yYC2Jxxy1gQczEsEfqMxzReSBtec HTTP/1.1Host: um.simpli.fiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/47/?remote_uid=CAESEBwhUKF8xsr4PPyPvnMAMRk&c_param1=AXcoOmRj8J-30DvSH5JN2JPulQaxH6eJzSg1-10TbNeMtW3jm1e2l3G3W-1zH3PcSNgNBLLje_jC9YIFF4dnC_YYW8CMLOnEfHaoe_Il&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1Host: s.uuidksinc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/47/?remote_uid=CAESEJmHsLofe6i8ILkHO_AzbaE&c_param1=AXcoOmSVB6nPiklpxmQF8XmGAFV2BEqDuTrwUGyl19lRkJzA00Omm3fK0tPIBH3tq-QtBGwARvzTGCVNBRf-cqofVRKanjVNR-sF90Rf&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1Host: s.uuidksinc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1 HTTP/1.1Host: an.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELXya2SqvMwLvBDTBcImRyY&google_cver=1&google_push=AXcoOmScn2dKTIYbuYoxAt_hIQ0zW0tTwhlyVVlURjnDvFXx3QRu8bYNKS8PIaa-oYW1FqEhCXR70BY5TxTmamrJKuFYo3vJJ9WkrdgW HTTP/1.1Host: cms.quantserve.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEJW-h_A-pCGkiK90-9eBUw8&google_cver=1&google_push=AXcoOmTJfD_M3HqZ7skkR_tlHN3OfwPj4pakrZ4D2I1DHC7uZ-tv6U-9-Ur3IcJkxscLn_DMra1B-hbQwxH1ft3N6GrPefuRP2lQCwA HTTP/1.1Host: aid.send.microad.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEGxxjB0aJlj08TJSAayUtos&google_cver=1&google_push=AXcoOmSc3_LHItao7R2MVc2KER3Lt3DcpBT4W5HrzuPDMe1b0aSL6X7Jhaie6aP_WobB5X6BaKZOeestTSMORBBzynKXHY6dIMAVcCc HTTP/1.1Host: aid.send.microad.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pub/sync?pubid=pub6871767557696&google_push=AXcoOmQHJVWeykoC-nW61BgbLOc9wXd5V1LOINOlkq8MTdGZK5-I-1JL7gfAPDbzY8Oql_T1eKwrjh6Y4Seae7t2kxHxIsTkpOFsXHrn&google_gid=CAESEFpq0tLyqvK6T3uzR9UOJfk&google_cver=1 HTTP/1.1Host: t.adx.opera.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U
Source: global traffic	HTTP traffic detected: GET /ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx HTTP/1.1Host: rtb.mfadsrvr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=35f380bf-64e9-4347-89e8-2f5e9a479a02; c=1713268885; tuuid_lu=1713268885
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUHmnjoKVF7OGzM2eYE9Em3SpiATp2t78QswjGRNcNPnM016p005hG3WLPouC4UyY75CDCgY-F2L9IbcjpHo6ckLhv1pj1NtAfiCTlaJBc9DzrGZYCQNrwQaCofNHFw_hie_okycw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODg0LDM2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ul_cb/sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=64a1af68-e378-4141-af74-9ecad6be1ba1; c=1713268885; tuuid_lu=1713268885
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /track/cmf/google?google_gid=CAESECqq3lhmL1MW8wwHo1rWmlU&google_cver=1&google_push=AXcoOmTVcCQcvLdnCFjE1DHHToNIELy_nDBPPxkqCmHIakZyiIJvFyatt6BIX8Iftr7Q4dptK6eBWt8ytwljV78pUBaDw6gwe4BF_w8 HTTP/1.1Host: match.adsrvr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=Cx5igkGgeZs_MN4DNrr4PkLWkgA6CyK_CdtDY_bqOEuzI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAECqQJYMhVuI9BJPqgDAcgDyQSqBNQBT9Csnt6TMkA26-lAf1Mgj1Ww57dJQOIawVXTrBTjMygh_d45G2pmxVv6QbpPgcGGPByGKRHNjANa1d9cYmgakRsy4HmN1DGyrYmFtQXPmYAxQrA4PrtDHdAFh4Cg_tueisk2HVSipjxnVlzkouc_41bfn25r3ZC2dcR_4f4eZnLycwVhY2IO58vShriukcMDv8Wq_286fXeO0fjKNr8qVNBm4vzgGg8ylQyyUefm4pAC42nZScQzJ3rxlBZFNPsaU7GDNxTom2mOxnvx866labb56QrABM3Pi7vcA4gF1fuQnjeSBQQIBBgBkgUECAUYBKAGAoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBD-inPSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYnra0-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLENC2rZqUyN7D9AESAgED2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYAiIBAOgYAQ&sigh=mFiBZ3VwL7E&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M&tc=1 HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: g=vCBeCmo09GH0HI2qNdeU_1713268885773; ts=1713268885
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg&tc=1 HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ts=1713268885; g=QnqJ0DNTnMzXHjp6qt74_1713268885778
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1 HTTP/1.1Host: t.pswec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /an/mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?redir-setuniq=1&ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1 HTTP/1.1Host: yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CE6TlkGgeZtDMN4DNrr4PkLWkgA6CyK_CdtDY_bqOEuzI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAECqQJYMhVuI9BJPqgDAcgDyQSqBNQBT9Df1R1VpmY1SHVcte1mp8OcHIS8AdPArkb-KIdQWInwC15N440VUNNSlDhCW9BI-7qYF6--hf_Wuz5KkTS34uDs6552bp3evPSt9IQz17xXiQkFGSmuKHvn-CRV87qE3k78Tg5bqphDxKcJIQBEIYLNcxOImjjVmEYnyQpD45q-OBHnTb0otJLiV6G9C4iL74QRIjK7gy5EtTc9IoAaP5kLWiQQvZ9JcRftz4VVNnaBEbDVOh-kW54H-r2WNiH_mXH4VSwLNivxLUOcOXzRT1ufbELABM3Pi7vcA4gF1fuQnjeSBQQIBBgBkgUECAUYBKAGAoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCKpVnSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYnra0-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEPCmlvzfgaWhhAESAgED2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYAiIBAOgYAQ&sigh=HoVhKm2fa_w&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: not-navigation-source, trigger, event-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEJW-h_A-pCGkiK90-9eBUw8&google_cver=1&google_push=AXcoOmTJfD_M3HqZ7skkR_tlHN3OfwPj4pakrZ4D2I1DHC7uZ-tv6U-9-Ur3IcJkxscLn_DMra1B-hbQwxH1ft3N6GrPefuRP2lQCwA HTTP/1.1Host: aid.send.microad.jpConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEGxxjB0aJlj08TJSAayUtos&google_cver=1&google_push=AXcoOmSc3_LHItao7R2MVc2KER3Lt3DcpBT4W5HrzuPDMe1b0aSL6X7Jhaie6aP_WobB5X6BaKZOeestTSMORBBzynKXHY6dIMAVcCc HTTP/1.1Host: aid.send.microad.jpConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ul_cb/bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1 HTTP/1.1Host: t.pswec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=bed4daf3-99c0-4ccf-b8cc-3b26211c2b9d; c=1713268886; tuuid_lu=1713268886
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CM2axkGgeZtHMN4DNrr4PkLWkgA6CyK_Cdt3znJGwEezI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAEBqQJYMhVuI9BJPqgDAcgDywSqBNUBT9AfEIS2mQx97CYSSizLqCZKbTIQAcQ2gEagf2m8AXUwvW7eEIdQwrCDSkXVL2Beo8T7vtKWlyv2Rdz6_ulev6ndQHmJicIXWTe53Pkog_PinykfRVguCDkpYAc41D-PMn7Zh3EcMxTj-Mv8qzy2__dn_M5mqdzqWv1t8Doq5tqJnr2DSW6HTCyqar3XHikeZHYx2Ws4nA1G2G6wTne9fpy26HR523ZFim2B7hHnTgm17hwaVGqf58Q6sGuVa1vUivMZuqMaF3wxzWVCTwo4hMYZj_PEwATNz4u73AOIBdX7kJ43kgUECAQYAZIFBAgFGASAB_Gzx70BqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ7_ynAdIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlietrT418aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ0KPSh5GYr9-lARICAQPYEwKIFATQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBgBIgEA6BgB&sigh=Ru6vvddGZwE&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger, event-source;navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /sync?dsp_id=2&user_id=bed4daf3-99c0-4ccf-b8cc-3b26211c2b9d&expires=3&user_group=1&ssp=google HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=64a1af68-e378-4141-af74-9ecad6be1ba1; c=1713268885; tuuid_lu=1713268886; google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw
Source: global traffic	HTTP traffic detected: GET /resource/spacer.gif HTTP/1.1Host: an.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885; receive-cookie-deprecation=1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/spacer.gif HTTP/1.1Host: an.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885
Source: global traffic	HTTP traffic detected: GET /fs/4.39/flatFontAssets.pkg HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: fs.microsoft.com

Source: chromecache_227.2.dr, chromecache_196.2.dr

String found in binary or memory: return b}oC.H="internal.enableAutoEventOnTimer";var gc=ia(["data-gtm-yt-inspected-"]),qC=["www.youtube.com","www.youtube-nocookie.com"],rC,sC=!1; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: reallyfreegeoip.org

Source: unknown

HTTP traffic detected: POST /report/v4?s=edOgSkCqL94WQdnTia6aP2wfi2lZoNVzA2CjnwlTovPNuoJ4CgMPxURclB9YbkwMfPazK7hsLsopnH0dcoBuumO5gc7%2BBd%2BS%2B6lz1t6TUqrzlb%2BbIt%2FbZbtSRKxRyejK557Q6Uh%2B HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 447Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 12:00:32 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=86400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edOgSkCqL94WQdnTia6aP2wfi2lZoNVzA2CjnwlTovPNuoJ4CgMPxURclB9YbkwMfPazK7hsLsopnH0dcoBuumO5gc7%2BBd%2BS%2B6lz1t6TUqrzlb%2BbIt%2FbZbtSRKxRyejK557Q6Uh%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 875403f65878672e-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_183.2.dr	String found in binary or memory: http://google.com
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: chromecache_183.2.dr	String found in binary or memory: http://mathiasbynens.be/
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: chromecache_228.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_147.2.dr	String found in binary or memory: http://www.dynamicdrive.com.
Source: chromecache_147.2.dr	String found in binary or memory: http://www.dynamicdrive.com/
Source: chromecache_133.2.dr, chromecache_164.2.dr	String found in binary or memory: https://adsense.com.
Source: chromecache_227.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_227.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_183.2.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_183.2.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: chromecache_183.2.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_178.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_183.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_183.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_178.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_183.2.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/%
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: chromecache_183.2.dr, chromecache_186.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_150.2.dr, chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/bg/%
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=7&v=
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&name=invalid_geo&context=10
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=extra&rnd=
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=
Source: chromecache_129.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_150.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224
Source: chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_214.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chromecache_150.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224
Source: chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225
Source: chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/90.76.249.101
Source: chromecache_147.2.dr	String found in binary or memory: https://reallyfreegeoip.org/bulk
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/81.181.57.52
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/90.76.249.101
Source: chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/81.181.57.52
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/81.181.57.52?callback=myFunction
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/90.76.249.101
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/90.76.249.101?callback=myFunction
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.57.52
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/90.76.249.101
Source: chromecache_183.2.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: chromecache_227.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_227.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_143.2.dr	String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_183.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: chromecache_143.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Source: chromecache_143.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_133.2.dr, chromecache_164.2.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_183.2.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_132.2.dr	String found in binary or memory: https://www.google.com/pagead/drt/ui
Source: chromecache_143.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_183.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_228.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-P55S3CL
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/arrow_left_24px_grey_800.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/close_24px_grey_700.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_blue_600.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_grey_800.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/%
Source: chromecache_227.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_147.2.dr	String found in binary or memory: https://zenorocha.github.io/clipboard.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49952 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@30/201@70/28

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{105CBBD4-FDCC-474B-B032-45F0792EE2C6} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2524,i,10992271263540220420,14325751845824133788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reallyfreegeoip.org"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\reallyfreegeoip.org.csv"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2524,i,10992271263540220420,14325751845824133788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.194.66.159	um.simpli.fi	United States	15169	GOOGLEUS	false
213.180.193.90	unknown	Russian Federation	13238	YANDEXRU	false
20.83.139.214	gw-c-us.temu.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.136.104	unknown	United States	15169	GOOGLEUS	false
35.207.24.140	dorpat.geo.iponweb.net	United States	19527	GOOGLE-2US	false
52.44.225.182	elb-aws-va-proclivity-712001148.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
35.211.178.172	user-data-us-east.bidswitch.net	United States	19527	GOOGLE-2US	false
104.21.67.152	unknown	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
74.125.138.102	www3.l.google.com	United States	15169	GOOGLEUS	false
3.33.220.150	unknown	United States	8987	AMAZONEXPANSIONGB	false
69.90.254.78	ums.acuityplatform.com	Canada	13768	COGECO-PEER1CA	false
202.233.84.1	aid.send.microad.jp	Japan	131957	MICROADMicroAdIncJP	false
87.250.250.90	an.yandex.ru	Russian Federation	13238	YANDEXRU	false
185.184.8.90	creativecdn.com	Poland	204995	RTB-HOUSE-AMSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.88.55.88	yandex.ru	Russian Federation	13238	YANDEXRU	false
52.223.40.198	match.adsrvr.org	United States	8987	AMAZONEXPANSIONGB	false
82.145.213.8	outspot2-ams.adx.opera.com	United Kingdom	39832	NO-OPERANO	false
23.220.189.216	unknown	United States	24319	AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG	false
64.233.177.157	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
31.220.27.155	s.uuidksinc.net	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
64.233.176.157	unknown	United States	15169	GOOGLEUS	false
35.208.249.213	gtrace.mediago.io	United States	19527	GOOGLE-2US	false
192.184.67.18	global.px.quantserve.com	United States	27281	QUANTCASTUS	false
142.250.105.147	www.google.com	United States	15169	GOOGLEUS	false
172.67.177.134	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
um.simpli.fi	35.194.66.159	true
a.nel.cloudflare.com	35.190.80.1	true
creativecdn.com	185.184.8.90	true
yandex.ru	77.88.55.88	true
elb-aws-va-proclivity-712001148.us-east-1.elb.amazonaws.com	52.44.225.182	true
global.px.quantserve.com	192.184.67.18	true
ums.acuityplatform.com	69.90.254.78	true
s.uuidksinc.net	31.220.27.155	true
reallyfreegeoip.org	172.67.177.134	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
gtrace.mediago.io	35.208.249.213	true
gw-c-us.temu.com	20.83.139.214	true
bg.microsoft.map.fastly.net	199.232.210.172	true
aid.send.microad.jp	202.233.84.1	true
googleads.g.doubleclick.net	64.233.177.157	true
www3.l.google.com	74.125.138.102	true
outspot2-ams.adx.opera.com	82.145.213.8	true
dorpat.geo.iponweb.net	35.207.24.140	true
an.yandex.ru	87.250.250.90	true
cm.g.doubleclick.net	173.194.219.154	true
www.google.com	142.250.105.147	true
user-data-us-east.bidswitch.net	35.211.178.172	true
windowsupdatebg.s.llnwi.net	69.164.42.0	true
match.adsrvr.org	52.223.40.198	true
sync.teads.tv	unknown	unknown
t.adx.opera.com	unknown	unknown
a.rfihub.com	unknown	unknown
px.owneriq.net	unknown	unknown
fundingchoicesmessages.google.com	unknown	unknown
www.temu.com	unknown	unknown
e.dlx.addthis.com	unknown	unknown
t.pswec.com	unknown	unknown
beacon.walmart.com	unknown	unknown
x.bidswitch.net	unknown	unknown
rtb.mfadsrvr.com	unknown	unknown
cms.quantserve.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	false	high
https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6818625889483991&fa=3&ifi=8&uci=a!8&btvi=4	false	high
https://a.nel.cloudflare.com/report/v4?s=edOgSkCqL94WQdnTia6aP2wfi2lZoNVzA2CjnwlTovPNuoJ4CgMPxURclB9YbkwMfPazK7hsLsopnH0dcoBuumO5gc7%2BBd%2BS%2B6lz1t6TUqrzlb%2BbIt%2FbZbtSRKxRyejK557Q6Uh%2B	false	high
https://aid.send.microad.jp/g/asr?google_gid=CAESEJW-h_A-pCGkiK90-9eBUw8&google_cver=1&google_push=AXcoOmTJfD_M3HqZ7skkR_tlHN3OfwPj4pakrZ4D2I1DHC7uZ-tv6U-9-Ur3IcJkxscLn_DMra1B-hbQwxH1ft3N6GrPefuRP2lQCwA	false	high
https://reallyfreegeoip.org/json/90.76.249.101	false	unknown
about:blank	false	low
https://googleads.g.doubleclick.net/pagead/adview?ai=CE6TlkGgeZtDMN4DNrr4PkLWkgA6CyK_CdtDY_bqOEuzI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAECqQJYMhVuI9BJPqgDAcgDyQSqBNQBT9Df1R1VpmY1SHVcte1mp8OcHIS8AdPArkb-KIdQWInwC15N440VUNNSlDhCW9BI-7qYF6--hf_Wuz5KkTS34uDs6552bp3evPSt9IQz17xXiQkFGSmuKHvn-CRV87qE3k78Tg5bqphDxKcJIQBEIYLNcxOImjjVmEYnyQpD45q-OBHnTb0otJLiV6G9C4iL74QRIjK7gy5EtTc9IoAaP5kLWiQQvZ9JcRftz4VVNnaBEbDVOh-kW54H-r2WNiH_mXH4VSwLNivxLUOcOXzRT1ufbELABM3Pi7vcA4gF1fuQnjeSBQQIBBgBkgUECAUYBKAGAoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCKpVnSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYnra0-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEPCmlvzfgaWhhAESAgED2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYAiIBAOgYAQ&sigh=HoVhKm2fa_w&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6	false	high
https://reallyfreegeoip.org/json/	false	unknown
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSxv5fD1Tm04uAwlAEDb-tAHm5RhfiBheN86s48UnhGlNMLilIH2se34uidJa4wlZ-Vpq4yvhFJAJm22u9hss8v8jU0Kg	false	high
https://t.pswec.com/bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1	false	unknown
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2311&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=117	false	high
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTiBIKzKNuETr1w-l3sy0eTeL_ip62zou988OofscCVBxqxvfaNUkLBtKel17ykNjbLqmwE2gxISOCsLNrYwux2sEUsRA	false	high
https://reallyfreegeoip.org/json/81.181.57.52?callback=myFunction	false	unknown
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw	false	unknown
https://reallyfreegeoip.org/	false	unknown
https://aid.send.microad.jp/g/asr?google_gid=CAESEGxxjB0aJlj08TJSAayUtos&google_cver=1&google_push=AXcoOmSc3_LHItao7R2MVc2KER3Lt3DcpBT4W5HrzuPDMe1b0aSL6X7Jhaie6aP_WobB5X6BaKZOeestTSMORBBzynKXHY6dIMAVcCc	false	high
https://reallyfreegeoip.org/bulk	false	unknown
https://match.adsrvr.org/track/cmf/google?google_gid=CAESECqq3lhmL1MW8wwHo1rWmlU&google_cver=1&google_push=AXcoOmTVcCQcvLdnCFjE1DHHToNIELy_nDBPPxkqCmHIakZyiIJvFyatt6BIX8Iftr7Q4dptK6eBWt8ytwljV78pUBaDw6gwe4BF_w8	false	high
https://googleads.g.doubleclick.net/pagead/adview?ai=CCIHqk2geZvzzG_vlrr4P5N24SILIr8J2k4e3gpISzfWxwJVAEAEgt4G9I2DJtt2M4KSEFKAB98u4wgLIAQmpAlgyFW4j0Ek-qAMByAPLBKoE2gFP0PF6M3Ogx_7fe1QOsvZNUHHgbtesYqjEkRg6ICz3vhdYAoNPwWJnUPxiLIyXUQUYFQUCNhYng2zrDCZsZjfBfqZHHhxn1n_MqGT5NsMOUqmgclQCtQiVqHy5xXQwavCIERGSm4sjtps9X83Joq7ciLf_lak8Th2V2M_bnsDEnN6AKz-GW0XAxj4JBj05wlCkYGpiMOxSjam1Mhvhf5S8VX07eZgYGipAZYUwxbbEWJkZdq7szW8b54tZmKqRH7EJirmwWtN3wmnTr3hYx6Xjq-7ABwgwWcdL48AE0eboo6MEiAXV-5CeN5IFBAgEGAGSBQQIBRgEoAYugAfxs8e9AagH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAf3wrEC2AcA8gcEEO_VQtIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlj47M_518aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ8NvRqaPl3N2TARICAQPYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBguIgEA6BgB&sigh=ZqlnWtPV_Zw&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqZEAQd2owvRcE7P40MvaagF3YuWULXVpdj35FKAcw_4sGCqiCg1Gexg3SgWOxwZKReitVzVBXzBgB&template_id=5000&cbvp=2&vis=1&nis=6	false	high
https://s.uuidksinc.net/match/47/?remote_uid=CAESEBwhUKF8xsr4PPyPvnMAMRk&c_param1=AXcoOmRj8J-30DvSH5JN2JPulQaxH6eJzSg1-10TbNeMtW3jm1e2l3G3W-1zH3PcSNgNBLLje_jC9YIFF4dnC_YYW8CMLOnEfHaoe_Il&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1	false	high
https://reallyfreegeoip.org/assets/roboto.woff2	false	unknown
https://reallyfreegeoip.org/favicon.ico	false	unknown
https://reallyfreegeoip.org/favicon.png	false	unknown
https://t.adx.opera.com/pub/sync?pubid=pub6871767557696&google_push=AXcoOmQHJVWeykoC-nW61BgbLOc9wXd5V1LOINOlkq8MTdGZK5-I-1JL7gfAPDbzY8Oql_T1eKwrjh6Y4Seae7t2kxHxIsTkpOFsXHrn&google_gid=CAESEFpq0tLyqvK6T3uzR9UOJfk&google_cver=1	false	high
https://an.yandex.ru/resource/spacer.gif	false	high
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2601&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=131	false	high
https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-6818625889483991&fa=1&ifi=10&uci=a!a&btvi=6	false	high
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M	false	high
https://reallyfreegeoip.org/xml/81.181.57.52	false	unknown
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx	false	unknown
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw	false	unknown
https://googleads.g.doubleclick.net/pagead/adview?ai=CM2axkGgeZtHMN4DNrr4PkLWkgA6CyK_Cdt3znJGwEezI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAEBqQJYMhVuI9BJPqgDAcgDywSqBNUBT9AfEIS2mQx97CYSSizLqCZKbTIQAcQ2gEagf2m8AXUwvW7eEIdQwrCDSkXVL2Beo8T7vtKWlyv2Rdz6_ulev6ndQHmJicIXWTe53Pkog_PinykfRVguCDkpYAc41D-PMn7Zh3EcMxTj-Mv8qzy2__dn_M5mqdzqWv1t8Doq5tqJnr2DSW6HTCyqar3XHikeZHYx2Ws4nA1G2G6wTne9fpy26HR523ZFim2B7hHnTgm17hwaVGqf58Q6sGuVa1vUivMZuqMaF3wxzWVCTwo4hMYZj_PEwATNz4u73AOIBdX7kJ43kgUECAQYAZIFBAgFGASAB_Gzx70BqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ7_ynAdIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlietrT418aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ0KPSh5GYr9-lARICAQPYEwKIFATQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBgBIgEA6BgB&sigh=Ru6vvddGZwE&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6	false	high
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	false	high
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CaoeE%7C&abl=CA&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1054	false	high
https://um.simpli.fi/gp_match?google_gid=CAESEJnF8qVUeNA3yH447KsdHmA&google_cver=1&google_push=AXcoOmT-nqrzjzceulmNlSqL6Dq9pkeL-RDIp1YVkXvSbPHi9fGUVHCLLooe8eiNtU3_z8dKJu4yYC2Jxxy1gQczEsEfqMxzReSBtec	false	high
https://an.yandex.ru/mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1	false	high
https://fundingchoicesmessages.google.com/el/AGSKWxVgT1hlUkfpkechve4br5WoRjHGfIpMAUZNEg8jPYqGg16XM2vTt94CbeBC2I2cgdCcHRYE4WXC2ifh_RT1OiDwaM-wfPCUmVTX8JwaypFz38aZTw-vEtWZ5OC3qmOHBtufA_2fxw==	false	high
https://www.google.com/recaptcha/api2/aframe	false	high
https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html	false	high
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=1384&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=109	false	high
https://reallyfreegeoip.org/csv/81.181.57.52	false	unknown
https://fundingchoicesmessages.google.com/f/AGSKWxVu_J9GMFsCwnVUzP_dpbBHcRgK7fFwH6VPFQo3gqGMGA-u0DrC_HGrdb2OQhOrZ906TBTm6bXTxeqxNKimBeqdYoe1tZuYIOJVvqRMgQm7sI8qn2twsQc3rRIxnnEcFZbJvd0OZg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgyLDMyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmVhbGx5ZnJlZWdlb2lwLm9yZy9idWxrIixudWxsLFtbOCwiZWNKSG94Sl9YOHciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMjAsIltudWxsLG51bGwsWzk1MzI5ODQzXSwxNCwxM10iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0	false	high
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELXya2SqvMwLvBDTBcImRyY&google_cver=1&google_push=AXcoOmScn2dKTIYbuYoxAt_hIQ0zW0tTwhlyVVlURjnDvFXx3QRu8bYNKS8PIaa-oYW1FqEhCXR70BY5TxTmamrJKuFYo3vJJ9WkrdgW	false	high
https://ums.acuityplatform.com/tum?umid=4&uid=CAESEHemRA7j9x_ZFSV3EmiTAtE&google_cver=1&google_push=AXcoOmSj-OWwdxfjcvZfEBQylR1fRj276GLjaDY4n8fkKNtkExS_l32_MbRNlk16vi0HXacJp4NFgiA5-BWFlXHz4fh4Gzdu7Gzclo3W	false	unknown
https://t.pswec.com/ul_cb/bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1	false	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&lmt=1713268878&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=250x816_l%7C250x816_r&format=0x0&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&pra=7&wgl=1&easpi=0&asro=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877974&bpp=5&bdt=1156&idt=1069&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=686x280&nras=1&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1096	false	high
https://yandex.ru/an/mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?redir-setuniq=1&ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1	false	high
https://s.uuidksinc.net/match/47/?remote_uid=CAESEJmHsLofe6i8ILkHO_AzbaE&c_param1=AXcoOmSVB6nPiklpxmQF8XmGAFV2BEqDuTrwUGyl19lRkJzA00Omm3fK0tPIBH3tq-QtBGwARvzTGCVNBRf-cqofVRKanjVNR-sF90Rf&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1	false	high
https://reallyfreegeoip.org/90.76.249.101	false	unknown
https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEEaj-IKrJFj6IN4REVHViIk&google_cver=1&google_push=AXcoOmR77Y9HP1up4Y5IZEtV30mRb24AozZHkxu3YAcuM-rpWqgGp5TMExtV3qryDy7dUJCUqznibGUMOCDA6VAY9PrCU_3sar67FY3E	false	unknown
https://www.google.com/pagead/drt/ui	false	high
https://googleads.g.doubleclick.net/pagead/adview?ai=CAZWlk2geZvOwHcDmrr4Py72IsAuCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9ByN_V40mYKRG3Ttf7xoJ2kh6ZoOL70EzLB_eOcUdeBm_a7Q3V5t0GfPeKU2dO9HT4nUVU9yM2EJqcFoT3JprF34ed438sxgJ1_FWzLlPhQycdRDxaBaPHz_rWFjlIeELencWxKCWUYH4jUT5Rbb-S4p_RZEEnQLsVzDBHJTU_AOy-bVlnHsaXrOtt5RFAoz76qVn50U44MCix5EgjMrc54p_3KkL8Bviqvzn0mAhMkoBtleXcSRj2V6btbr29Aa1CqdMYoeK9tgGZvEec4vLkGiCTABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCP737SCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYqZnR-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEJC9jbHhh97gvgESAgEDuBPkA9gTAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02ODE4NjI1ODg5NDgzOTkxGACyGAkSArhQGC4iAQDoGAE&sigh=RNHCxa6OB1o&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqltTZogJnZX4x4Q2N3yir7Sec5fuAPgXWrlPBKo7QaXRxBWGInXGvI1KhfkDQSo9S_jWNoP_pGRgB&template_id=484&cbvp=2&vis=1&nis=6	false	high
https://googleads.g.doubleclick.net/pagead/adview?ai=CFf_Ek2geZor4HPyirr4Pz6OP-AGCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9Bu7CMA3dg9Hj4Ri3r8-bjLSteZQ3ueEv59HTes_xdCnLUNfyPZ4hS44jJj3ULz0BaWLt9CX4JJEprIvKT6wVqOW5jh4Ujy_eC4EuEzg-bKu5JPe5qBLcpVey7dC9r5_RAzJqlQohOYnF2OOmkI1eiJ3f2MESkPyZVYP3RodUK9GH097IEtIBBTSMR-QAgL140F1FlSevTsuDHFtyfEg0REHQQttDJVBNISyToDTFoEXwLAm4GvLdxWSjWVlUknogqZ6SlLJTbHCuOCKrU062HX5cbABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBDWpivSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpY-vPQ-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEJD_mp7Z9PqhTBICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=xWDdWWB5EpA&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqnM9NGOp93WvJClMIzRrhBpWGjwIsbjza7_6f_xw_-HlQwaWrfgoER6ajBoWHTlW0yOdPUSrtDRgB&template_id=484&cbvp=2&vis=1&nis=6	false	high
https://fundingchoicesmessages.google.com/f/AGSKWxW87iMTYAA9JxIgnDNwCAoD-MvbbeYkPo6YFFiSTwTWDmGY_ykyBp9Af6t-sQxU23M2UK6WEo-v4osGSjO6rM5mZluvcFDXECcJN-TtSmA7-HAbX9cH_6ASshcs7OLkY-UcdhcFGg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgxLDc4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ	false	high
https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6818625889483991&fa=4&ifi=9&uci=a!9&btvi=5	false	high
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M&tc=1	false	high
https://fundingchoicesmessages.google.com/f/AGSKWxUHmnjoKVF7OGzM2eYE9Em3SpiATp2t78QswjGRNcNPnM016p005hG3WLPouC4UyY75CDCgY-F2L9IbcjpHo6ckLhv1pj1NtAfiCTlaJBc9DzrGZYCQNrwQaCofNHFw_hie_okycw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODg0LDM2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ	false	high
https://googleads.g.doubleclick.net/pagead/adview?ai=COWD9kGgeZuaqN9uWrr4Pu6aSqAeCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNcBT9DJsdQtBDXGZGjmkNccPeq5aj1rqHH2QQ1ytIk8_7pr96uOJj9vfjLc-56o-_pgJV_gWVGQ4zY7obxGNsUSdGBDL-oTPXuU_8pCPa0Ubf54Tst-YyPTWq9g1kDmsWA4chOvYVvL_F-ce8-daTWYwYAcWTsca2C26hf4DunW6mx2urp6C4Uv1-XlgQdvynA9YFQoGOiQh2Kgn2G9-El23iyNgADz7tNHwNDoJAICpDFBQt8MOwXCdNYB71kH6zb9kSYtPPwN_j0dJaq7iy2eJVnygJHw5QHABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCj80TSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYyvmz-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEKDk5YiG8MyKbRICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=TiU2P5DEuak&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqoRm0Fk8gaRNlJVydO-AcgX-ex_0w0yph4vyK7Rujr9KZ2Ks_58E900rfhiznrSrvz9eEPtGiIv3MhEz7LRHZEHwT49RQnYFUZwEYAQ&template_id=484&cbvp=2&vis=1&nis=6	false	high
https://fundingchoicesmessages.google.com/i/ca-pub-6818625889483991?ers=2	false	high
https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-6818625889483991&fa=8&ifi=7&uci=a!7	false	high
https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx	false	unknown
https://reallyfreegeoip.org/json/81.181.57.52	false	unknown
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg	false	high
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg&tc=1	false	high
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQskQMkYWVqjzvmoqZsI475nztg5bC81gq-VXB49XRTpFz4dBlxb1d6y7bMRCjbUCu4eql7BhOgFexRoiRj_ejCDizwbg	false	high
https://fundingchoicesmessages.google.com/el/AGSKWxX_tYMqUoII9GLUksj__m7aEJtgzovGAH0WoPYdPkDrC5tkCi2M9qcAp_EgoTz4ZJGlh50KEb4FFq5x1fYguHXgzDaMzyZGzYx0h_uruslEKmQu1MFDzhCmX3USIVyMdNDX1IKGmA==	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 11:00:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	84FEA3920DB0F711DA85A375F62F566F	2B24CA095B1DF16181AC997061DDDB79428C1F0C	671AF59C405022F36CBDE61617DB9406A5653FEE16192B9C3567AA5BBE80C20A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 11:00:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F55B3C9EA99472C705033309DC1EF117	8D11E37E3CDAA332F5B0BF1C60E47EC7AFD9A4AD	4D9E01B1ED6ECF12096B401A61372A4C01800560AB70C5333D81F5BC79332F7D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	94D71582B982D003BE1E27A7FFCE3E08	D188FC7F70D2FA6103A23E19EE42831FC606252F	FB7F17D21707B4E34A610959FC8FB294F4AE12D833DB8203AB48358D0E34262B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 11:00:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	89658A1F0934F3017E618AF000D30822	3B85E281591E31F71B6810E7EE5AA80085A8CAEA	8CC091DC2B70F5AAE683E1BC012C3762F35875D8AAB65EFDAD1B08C74A9655BD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 11:00:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	959175257F287531763D160ACE32E158	4DEFE488961C22E8B38D4B5B40B2F26731940C9B	C054D62A4CCAAF08F1DD8E7C246A184F52ED5E9A93B2C015F3C016FF4FF0B31C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 11:00:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	353E7CFE9BD3253D50BD43CCF67B20E4	F9C17442BCD5C4B337E627B7C73E86F3E7E07B68	DA2E3DB4C6E8E4FBF1A3961E1A0BA7DFBC1EFA9003F2108D705A9E99C3ED9BB9
C:\Users\user\Downloads\8bb97a7e-e181-4414-b469-e04d513a6c8f.tmp	ASCII text, with CRLF line terminators	4EF60232E6C1601CDF815E77209B2267	8F8FDA7FB52C3F1462659E4DB38771A407F8D64D	50A1194DA42664CA49BBA501CED1EAECAFFC82B9BE4CD07BC39D3A1C099292C7
C:\Users\user\Downloads\reallyfreegeoip.org.csv (copy)	ASCII text, with CRLF line terminators	4EF60232E6C1601CDF815E77209B2267	8F8FDA7FB52C3F1462659E4DB38771A407F8D64D	50A1194DA42664CA49BBA501CED1EAECAFFC82B9BE4CD07BC39D3A1C099292C7
C:\Users\user\Downloads\reallyfreegeoip.org.csv.crdownload (copy)	ASCII text, with CRLF line terminators	4EF60232E6C1601CDF815E77209B2267	8F8FDA7FB52C3F1462659E4DB38771A407F8D64D	50A1194DA42664CA49BBA501CED1EAECAFFC82B9BE4CD07BC39D3A1C099292C7
Chrome Cache Entry: 121	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 122	ASCII text, with very long lines (2950)	732405998536FE484EA49DBE7C6E6E5A	D6033F261F431D5E22A202CC171F72190A55A140	8C04B9A14B5022B429617794E8732840D0CE3BA0E1A77CC296BAD062850ACF84
Chrome Cache Entry: 123	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 124	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	9182D180C3E5D64479C8B2DC239F675D	43D3E8B5902D844221CD1976E8BEDEB0E421E601	2735F68FAC873CBB19F28E452130FE8EFAA8869E69BE49A8D197A10B7929BB52
Chrome Cache Entry: 125	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 126	GIF image data, version 89a, 1 x 1	58A7930CD4577FC33C35828C271EAB8F	406E57F86DC101E10F3A57BE1E2F7B93C4580474	8D70B3E6BADB6973663B398D297BB32EAEDD08826A1AF98D0A1CFCE5324FFCE0
Chrome Cache Entry: 127	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 128	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 129	ASCII text, with very long lines (2888)	308A5F23E118C0CF9F688A5D70F90C6F	3E1C92A62743FE1A8B42C7498D792CD47C235281	9709CAAEB47935E01F79E18B93611C0CACD448454BE40C3A3D99D7B041A59C3C
Chrome Cache Entry: 130	ASCII text	6681847A7D4FD80519FA2B44B68DC8D8	F86837F630FE7A3183CB2C4E94F035B365EC828F	53AF91039B0ECCC0E91789E3D919D79979293F2A187DBCF2217B507FF4A02F8E
Chrome Cache Entry: 131	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 132	HTML document, ASCII text	E4E31B474D3E0B577B3C8856E91F8659	A81311F7FCFA9B6B23A24D4E5C976D5F75B1B9B7	18088C10E79C926292732AF98A0CE470E90F3FBCBA4BB4896AB3310C2D94E421
Chrome Cache Entry: 133	ASCII text, with very long lines (3920)	1F612EBFE35EB5DCA11432AD7EEF0D9A	55AF87258D32EF6CCBBF8B6857E1D9D934A3DBAB	3F49A33CDCD3D6D7030B573F0883379E28AE279BE94D6EF1D77AB9A447C1EC84
Chrome Cache Entry: 134	PNG image data, 120 x 600, 8-bit colormap, non-interlaced	FF73BE2CE733BD0182EA1995CD91138D	242F92FAE08B82E350AE893A3320470E3AB2E641	6C3F5BBD13D60038D1489CA953C5826DB1ADEC46F0ECE323B12B650690AAF262
Chrome Cache Entry: 135	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 136	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 137	HTML document, ASCII text, with very long lines (32065), with CRLF, LF line terminators	5E2C7F98DA655162951454253E5A6EF4	8BD2577B3664ADEB56515ACF386F09AC4385C462	F6AA7EBD08412CCC53BF60D14944B0E7CADE24A34278E2C7ABAD8369A0971DF6
Chrome Cache Entry: 138	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 139	ASCII text, with no line terminators	2067B57414C0F867EBC057F5AE68D4AB	DB5051DE3F4AB523F467D8FB12C58502437AFE52	F4443A7F7F9B6280CCE373AFD56C8D83B57BF7AE0FFAB549A361081247AB741C
Chrome Cache Entry: 140	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 141	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 142	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 143	ASCII text, with very long lines (1321)	2CC87E9764AEBCBBF36FF2061E6A2793	B4F2FFDF4C695AA79F0E63651C18A88729C2407B	61C32059A5E94075A7ECFF678B33907966FC9CFA384DAA01AA057F872DA14DBB
Chrome Cache Entry: 144	JSON data	3F6447FCADE046FAA6DA7A665563CDEF	1B91503FC57ECB38A26027D70BF01391C966FA42	584912584A8337031E8FF75EC0C34111B6AAC96086F27E648070823BC6E61FB0
Chrome Cache Entry: 145	ASCII text, with very long lines (2573)	AD1DDA460B76B599261F3BF327C10D91	A9B0BD95540ABC0F56648321B524D1BE2600298B	95E0C57F4091483E93ABD651204DE103EC759518C1C84391CD92731898C0D5F6
Chrome Cache Entry: 146	JSON data	89733CBD78171457CD7B9E83A54E42C0	919A5649380434403F9718084977E77908AEF7C5	BA34E4CA2E1D3A804440BF38611461F7C066243190A79424D8D647F66926A688
Chrome Cache Entry: 147	HTML document, ASCII text, with very long lines (32065), with CRLF, LF line terminators	514FF85022738916D7F1678A32DCCAED	BC85403073C02D92F6F2E3E0D477B2F545A52B9F	F8C0F81A3DB245615DB03F4B92272889D1E70C72C0F148EE0C11A48C889AB7DD
Chrome Cache Entry: 148	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 149	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 150	HTML document, ASCII text, with very long lines (2020)	1D3D22DF067F5219073F9C0FABB74FDD	D5C226022639323D93946DF3571404116041E588	55A119C0394F901A8A297E109C17B5E5402689708B999AB10691C16179F32A4A
Chrome Cache Entry: 151	ASCII text	181ECEF1D086455EB9F56BF245CA4204	4548BD77FEF6191DEB5398CD43B57C2EE64622CB	8753541A3A44842CD815D81C4F8C589E0A0D763112D622F3088CD6F064E825FD
Chrome Cache Entry: 152	ASCII text, with very long lines (1054)	9EF158292B617D358506529B02C73629	843852D8ADDBF1A7F96C5607179E1C9423ED8A4C	3164DB7EF9EFC7121CE85192340A653C6CB87E34CAA05849C8FD47B7872F9FC5
Chrome Cache Entry: 153	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 154	ASCII text, with CRLF line terminators	4EF60232E6C1601CDF815E77209B2267	8F8FDA7FB52C3F1462659E4DB38771A407F8D64D	50A1194DA42664CA49BBA501CED1EAECAFFC82B9BE4CD07BC39D3A1C099292C7
Chrome Cache Entry: 155	C++ source, ASCII text, with very long lines (2402)	1235EA95B1643DFC06B47A36D3F258CA	6784E82D0E4C3489003584751ECF30E47EE87DA6	1793356142359C056D5868272A9D05F9AFF268D1BA0AFF283F47171BE15B6A12
Chrome Cache Entry: 156	ASCII text, with very long lines (2374)	3877408E605FF49D481AECBE47802253	69C809CF2B8098C1B361F2176077C8412E2C5035	72C2AA8A48D89277E585C9D82756CA6766384AB817FB11B977C492AD2EF2BEA4
Chrome Cache Entry: 157	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 158	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 159	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 160	ASCII text, with very long lines (4068)	CBD486318FFA85815385AB487F05DEEE	AAAB00399AD9019826E1D11447A2FD852A34FEB5	CF9F76704FDBAC4B4BF104244E467F55E3571598F2A9B5AACEFADDDC9DF6604D
Chrome Cache Entry: 161	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 162	ASCII text, with very long lines (786)	391C73545274E78E6615C6449FF6FF1D	C9D581335ABDBFD51679827E8B24F9896CA1DA16	41D2526E9C4595FC1FC747555BDA18A041033A863A9B2ED180E7B5836918FACD
Chrome Cache Entry: 163	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 164	ASCII text, with very long lines (3920)	989488BA925AC8FBA587063AB40AE2D9	434D21D4E9C77B6FB076F6F63D6AE32908FADEF9	C771BA69F1344A02B0C2333D0845D8D50BCCBCA7B778D82B1E446D55DB38ADC7
Chrome Cache Entry: 165	Web Open Font Format (Version 2), TrueType, length 15860, version 1.0	E9F5AAF547F165386CD313B995DDDD8E	ACDEF5603C2387B0E5BFFD744B679A24A8BC1968	F5AEBDFEA35D1E7656EF4ACC5DB1F243209755AE3300943EF8FC6280F363C860
Chrome Cache Entry: 166	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 167	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 168	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced	8344C6C96248501ED1C8B61F289098EF	3AFD2BEF5AB05C8E0B0AD4973A30BEA42BFF639E	DCDE2E47656DEAECD3F8F95E9283FC2D3C97924567594E800E391658C8C97FAB
Chrome Cache Entry: 169	HTML document, ASCII text, with very long lines (65536), with no line terminators	303E7A09F9FB0B8D8EF6267EB3DAECEB	15909BE62E85294DBFB634CA51897D27BC7A0D4D	1909FBD620AAC7F378848DF29FD03E01371D565EEC5C114F5CBE45E294B5F863
Chrome Cache Entry: 170	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 171	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 172	JSON data	3F6447FCADE046FAA6DA7A665563CDEF	1B91503FC57ECB38A26027D70BF01391C966FA42	584912584A8337031E8FF75EC0C34111B6AAC96086F27E648070823BC6E61FB0
Chrome Cache Entry: 173	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 174	ASCII text, with very long lines (1595)	E82FE4654667294C3F3E977DB2D1995D	7E2BA8BCF7A598D125B3BACBF912CA26CAB2EFC6	D67570E6EAC285B35DBB7E4E942474A71B78B82AA41BEF296D24AD9086BC58C1
Chrome Cache Entry: 175	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 176	Web Open Font Format (Version 2), TrueType, length 15744, version 1.0	15D9F621C3BD1599F0169DCF0BD5E63E	7CA9C5967F3BB8BFFEAB24B639B49C1E7D03FA52	F6734F8177112C0839B961F96D813FCB189D81B60E96C33278C1983B6F419615
Chrome Cache Entry: 177	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 178	ASCII text	1645C7E7BC7FEFF6E6AAE044BB82AC1B	FFD3C8ABFEBA7955C29614600AB20C45FBB3771C	A6EE58F60C407B083623FDC4586AE66D10F4586920A825A74E26762BC262EEFD
Chrome Cache Entry: 179	JSON data	3F6447FCADE046FAA6DA7A665563CDEF	1B91503FC57ECB38A26027D70BF01391C966FA42	584912584A8337031E8FF75EC0C34111B6AAC96086F27E648070823BC6E61FB0
Chrome Cache Entry: 180	JSON data	3EF16AD0D901AD7E467630F3490F72E6	B25B95AD84502106369C29A3612817402B77F0E0	838F09EB1D493D6BDD458B71E84DB5ACE2C24E6B3DDEC6BFBF0ECAE5082EA18B
Chrome Cache Entry: 182	Web Open Font Format (Version 2), TrueType, length 34108, version 1.0	C15D33A9508923BE839D315A999AB9C7	D17F6E786A1464E13D4EC8E842F4EB121B103842	65C99D3B9F1A1B905046E30D00A97F2D4D605E565C32917E7A89A35926E04B98
Chrome Cache Entry: 183	ASCII text, with very long lines (1838)	750A6696501DE2660A7314EEFA743E35	44BBB73AD150C90AC8F75404F378B09650E86052	03CB124BAA3C20AC73A8D9B951899E875BC6A3ABF3DA0D6C1577EA28D434F119
Chrome Cache Entry: 185	ASCII text, with no line terminators	46DF3E5E2D15256CA16616EBFDA5427F	BE8F9B307E458075DA0D43585A05F1D451469182	AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
Chrome Cache Entry: 186	ASCII text, with very long lines (2364)	2CED7D23180E5DE68BAF5D8FF496EB99	BF867ACA0020E12F36D40F5C7BCF18FA21BD9521	9D0B590FFF9C4143EF05D325D176C97419E0A305E6E23E07C9B5FA86DA407BDF
Chrome Cache Entry: 187	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 188	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 189	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 190	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 191	PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced	69086D511369A33613522B5A9CCF4F65	CFF45AFAA64E3C428C89F9A45BF927B59B28C43D	EC804E984764FFD5114B6B3553D8102101519BF9D2EFDDC8836870260EBE082F
Chrome Cache Entry: 192	JSON data	7E018F01743ED503CE4A54B967A6B416	68D8CED2EBC21A6A386FDD74B556622363D47FB7	EA56EC07EF88FF61EBFD8BF6C25FF407B87B6B299B76B9DBD296CCED044FD8B1
Chrome Cache Entry: 193	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	4087858E2C9DB9AA8F6A840AEDCFB533	D1FFE861DA6BD0E95FD1A365B0C3D3CEB6CD58A3	4D45982F2DC34F36C9045EE46A75A1943666BB7FD64E103CAC8C7429E7012840
Chrome Cache Entry: 194	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 195	HTML document, ASCII text, with very long lines (634)	2FE2B1F17888E326B010A8CDA72D48D3	59CBBEEDE4C472024C482BAE8529144119BBBD27	9A9B7FB32E01FD70747F32EFDBD0472FD681C85EEBB0C42D10C7A514820A0062
Chrome Cache Entry: 196	ASCII text, with very long lines (5285)	BD8F32022EC1E6D3BE50163D026917D9	55ECC3BF93E17E311EA19F0D673C31AD3225F3F8	52C866B3228E202A70FB729CCA6A7A90A69789FED17F8EDF62E24FFA833A2A69
Chrome Cache Entry: 197	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	7BD42E5A35B5FB3FF852D6EA9191CA83	8A141EB392A05A2DEA3DCD83B97940EF70A81EBC	5C4A713EE4250851232BE9F9F68D41586BE39B299528CFC7266E0B0E7E582E1B
Chrome Cache Entry: 198	JSON data	7E018F01743ED503CE4A54B967A6B416	68D8CED2EBC21A6A386FDD74B556622363D47FB7	EA56EC07EF88FF61EBFD8BF6C25FF407B87B6B299B76B9DBD296CCED044FD8B1
Chrome Cache Entry: 199	GIF image data, version 89a, 1 x 1	58A7930CD4577FC33C35828C271EAB8F	406E57F86DC101E10F3A57BE1E2F7B93C4580474	8D70B3E6BADB6973663B398D297BB32EAEDD08826A1AF98D0A1CFCE5324FFCE0
Chrome Cache Entry: 200	HTML document, ASCII text, with very long lines (65536), with no line terminators	8F67D0182CADFCF1A91215F5653BC2EA	255E6EAF7C42907D6530AE4BD2A204A9C29481EF	C9E2312F543276637FB4750B2E4F801E0BB7FDA1C03ED7305A5040CB8A18274A
Chrome Cache Entry: 201	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 202	PNG image data, 120 x 600, 8-bit colormap, non-interlaced	FF73BE2CE733BD0182EA1995CD91138D	242F92FAE08B82E350AE893A3320470E3AB2E641	6C3F5BBD13D60038D1489CA953C5826DB1ADEC46F0ECE323B12B650690AAF262
Chrome Cache Entry: 203	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 204	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 205	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	7BD42E5A35B5FB3FF852D6EA9191CA83	8A141EB392A05A2DEA3DCD83B97940EF70A81EBC	5C4A713EE4250851232BE9F9F68D41586BE39B299528CFC7266E0B0E7E582E1B
Chrome Cache Entry: 206	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	9182D180C3E5D64479C8B2DC239F675D	43D3E8B5902D844221CD1976E8BEDEB0E421E601	2735F68FAC873CBB19F28E452130FE8EFAA8869E69BE49A8D197A10B7929BB52
Chrome Cache Entry: 207	HTML document, ASCII text, with very long lines (65536), with no line terminators	AF474A27310AF22FFBB2D283016E25A5	5E8A649AC7246D725C210AEF9A5DEEBC3E30D090	5990F9A70F3E9F1951359701CB9C904D1A09D50BFC8CEBCA48C88E9610196A36
Chrome Cache Entry: 208	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 399x209, components 3	3479EFFBCBA18E721A414AD1D51E4AB3	E62F1F2C1ABA0A058B7E5C42F737A76DC5087203	1532C2130E4D6F3AAB03C2B9A5CA4473FB9D7088A6066BD8C5474C8A6289C6A9
Chrome Cache Entry: 209	HTML document, ASCII text	5E27A6E8013F90D189CC9167664647D9	38542EF150D04271498D4D526CB877373D1500BB	6272A728AE1B42FE46718A5FF9510DB98E03A8BDC96CA9C9900BE07AA4E142D4
Chrome Cache Entry: 210	ASCII text, with very long lines (39767)	32FF062FB4C72EB84D01C191F52206FB	6A84479EBD3B91BA4FABB5223534230E0D844934	2F42C2A27681CC2739EFB05918D8333F76E0F3B7C5E6F841F7E6B4ECCE13C3AA
Chrome Cache Entry: 211	Web Open Font Format (Version 2), TrueType, length 15920, version 1.0	3A44E06EB954B96AA043227F3534189D	23CEF6993DDB2B2979E8E7647FC3763694E2BA7D	B019538234514166EC7665359D097403358F8A4C991901983922FB4D56989F1E
Chrome Cache Entry: 212	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced	8344C6C96248501ED1C8B61F289098EF	3AFD2BEF5AB05C8E0B0AD4973A30BEA42BFF639E	DCDE2E47656DEAECD3F8F95E9283FC2D3C97924567594E800E391658C8C97FAB
Chrome Cache Entry: 213	Web Open Font Format (Version 2), TrueType, length 14556, version 2.0	8CE598834DCDE808AE5A52930D2F198C	83DE5A57B879975A2194BE1DDF0583DEF16B70CF	C690531A3203DBBC1EA81F0F7339AEE50D05CC23D309B8D9143667D99354E01C
Chrome Cache Entry: 214	HTML document, ASCII text, with very long lines (829), with no line terminators	3CC7E6BDF803452C4F873284DE2EB911	1A9378EFBC5E89203310C7AD965A716A179D47D0	642A8D2C0A4A58ABD40D587C0D78979E64238FA7BE52274D1CD04DECB262228A
Chrome Cache Entry: 215	HTML document, ASCII text, with very long lines (65536), with no line terminators	8555475D9B977B85B200DA071999675A	13701BFD757A901D16494F62BB11C10239BAFA8E	BC1F138535BB1B0651D810E70DF1CE41866CD858C087B537EDC959162E361C73
Chrome Cache Entry: 216	C++ source, ASCII text, with very long lines (3386)	53F140417DA1E44C588A037ABD5527EB	DB0FAFE6C8F288A00BBF655EBDBB3FD0C8699DA1	DF7A397B8CE58F6251A395E02608B4F620E934A958BDFE6702C6F2033593EED0
Chrome Cache Entry: 217	HTML document, ASCII text, with very long lines (65536), with no line terminators	A9746535C348A0C076D20CCEEC9BF35C	F609CB431E25C0103F1A45E01753C4F12AB76C63	E267C55F7DD8CCF78DDFE1881C1CB4849BF9D10E06FD6FFD9280F4FD143D8B89
Chrome Cache Entry: 218	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 219	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x314, components 3	5DE7BFDDD2CBD7DC7A1E67398167FC74	5D062AACF19D669FCD134330C0C630F4A38BB7CF	C8958336E77C83DF92E3819C390E423EEA3BDD15DD18E73DE5F85743DC81D4B1
Chrome Cache Entry: 220	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 399x209, components 3	3479EFFBCBA18E721A414AD1D51E4AB3	E62F1F2C1ABA0A058B7E5C42F737A76DC5087203	1532C2130E4D6F3AAB03C2B9A5CA4473FB9D7088A6066BD8C5474C8A6289C6A9
Chrome Cache Entry: 221	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 222	PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced	69086D511369A33613522B5A9CCF4F65	CFF45AFAA64E3C428C89F9A45BF927B59B28C43D	EC804E984764FFD5114B6B3553D8102101519BF9D2EFDDC8836870260EBE082F
Chrome Cache Entry: 223	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 224	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 225	ASCII text, with no line terminators	1A440296835C37E0528FF234B089DC5D	61F4A82D77DF2B818DE558D5B69022E61A5B4F3D	2BA575EEB8E250E3D1C110CFE9EF6750D9062BB1F29ECF0896B41F717F6F9237
Chrome Cache Entry: 226	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	E7673C60AF825466F83D46DA72CA1635	FC0FCBEE0835709BA2D28798A612BFD687903FB5	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
Chrome Cache Entry: 227	ASCII text, with very long lines (5955)	1543649D5622BEAB2BC1F5B81373A979	45E25D6BFC6818C7CE00B53A023B13AE9AE8383D	8C1456DF0389AE47C76FE1A472D6605948E59F20020092D91B65AA1F4CDA0798
Chrome Cache Entry: 228	ASCII text, with very long lines (2937)	98B6A9274DDF80FD0842599E2D17D3E5	D59B8ABEF04701E8C95CBC0A68F8875B8D422786	821C2B34BA1425AAC89E76F1E8226A71518A54DECF4E2E061D670881B202BC82
Chrome Cache Entry: 229	ASCII text, with very long lines (2553)	7FBC48EABE9BB1BEF523CF346C9E5363	FAB1C4A60DD82A0EA5EC61EE75A9D3D9DBA2472B	51586EC2D56DC12C32B65B0612D89695B3A5B7D0C91592ACAD6EC8A04F8701AA
Chrome Cache Entry: 230	ASCII text	4E3C0364981FEF592C32B4E469B7A715	49A51C52BC78D231B6F0CC2705BE21FB2570DCEE	396BD1AB182A204C8C227C5D6AEF6CBE3A3481500E816635B408DA715695DFA1
Chrome Cache Entry: 231	HTML document, ASCII text, with very long lines (32065), with CRLF, LF line terminators	2866258D87BB38F3484A5CC30417395F	FFFCFB4F5EAA0723555914A3E2E7CEA276F0F663	5D123B881E960B54B40834E8A6292E7EC0F4D6A9F62C592032734466C7F9DCE4
Chrome Cache Entry: 232	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	4087858E2C9DB9AA8F6A840AEDCFB533	D1FFE861DA6BD0E95FD1A365B0C3D3CEB6CD58A3	4D45982F2DC34F36C9045EE46A75A1943666BB7FD64E103CAC8C7429E7012840
Chrome Cache Entry: 233	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x314, components 3	5DE7BFDDD2CBD7DC7A1E67398167FC74	5D062AACF19D669FCD134330C0C630F4A38BB7CF	C8958336E77C83DF92E3819C390E423EEA3BDD15DD18E73DE5F85743DC81D4B1
Chrome Cache Entry: 234	ASCII text, with very long lines (51588)	9DBCD35B60F237453458216D31DCD0FE	A3DE6728B0C191CA40CB27AA3407DA582BDBFFF1	8C48F6AFA8BA6EC734541EAE1E8414410DBDE3B9736DCE4082F9622E3B2FEF34

HTML body with high number of embedded images detected

Source: https://reallyfreegeoip.org/	HTTP Parser: Total embedded image size: 31266
Source: https://reallyfreegeoip.org/90.76.249.101	HTTP Parser: Total embedded image size: 31266

HTML page contains hidden URLs or javascript code

Source: https://reallyfreegeoip.org/	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/json/81.181.57.52	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/90.76.249.101	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/json/81.181.57.52?callback=myFunction	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://reallyfreegeoip.org/bulk	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=89...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6818625889483991&fa=3&ifi=8&uci=a!8&btvi=4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6818625889483991&fa=3&ifi=8&uci=a!8&btvi=4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-6818625889483991&fa=8&ifi=7&uci=a!7	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6818625889483991&fa=4&ifi=9&uci=a!9&btvi=5	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6818625889483991&fa=4&ifi=9&uci=a!9&btvi=5	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-6818625889483991&fa=1&ifi=10&uci=a!a&btvi=6	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49952 version: TLS 1.2

Source: excel.exe

Memory has grown: Private usage: 1MB later: 25MB

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/roboto.woff2 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://reallyfreegeoip.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reallyfreegeoip.org/json/81.181.57.52Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /json/90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://reallyfreegeoip.org/90.76.249.101Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga_8ZQ5H1Y672=GS1.1.1713268820.1.0.1713268820.0.0.0; _ga=GA1.1.1290037316.1713268821
Source: global traffic	HTTP traffic detected: GET /json/90.76.249.101 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /json/81.181.57.52?callback=myFunction HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /csv/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /xml/81.181.57.52 HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /bulk HTTP/1.1Host: reallyfreegeoip.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1290037316.1713268821; _ga_8ZQ5H1Y672=GS1.1.1713268820.1.1.1713268833.0.0.0
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CaoeE%7C&abl=CA&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1054 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&lmt=1713268878&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=250x816_l%7C250x816_r&format=0x0&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&pra=7&wgl=1&easpi=0&asro=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877974&bpp=5&bdt=1156&idt=1069&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=686x280&nras=1&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1096 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-6818625889483991?ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=1384&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=109 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2311&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=117 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2601&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQbvm&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=131 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20240411/r20110914/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxW87iMTYAA9JxIgnDNwCAoD-MvbbeYkPo6YFFiSTwTWDmGY_ykyBp9Af6t-sQxU23M2UK6WEo-v4osGSjO6rM5mZluvcFDXECcJN-TtSmA7-HAbX9cH_6ASshcs7OLkY-UcdhcFGg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgxLDc4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=COWD9kGgeZuaqN9uWrr4Pu6aSqAeCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNcBT9DJsdQtBDXGZGjmkNccPeq5aj1rqHH2QQ1ytIk8_7pr96uOJj9vfjLc-56o-_pgJV_gWVGQ4zY7obxGNsUSdGBDL-oTPXuU_8pCPa0Ubf54Tst-YyPTWq9g1kDmsWA4chOvYVvL_F-ce8-daTWYwYAcWTsca2C26hf4DunW6mx2urp6C4Uv1-XlgQdvynA9YFQoGOiQh2Kgn2G9-El23iyNgADz7tNHwNDoJAICpDFBQt8MOwXCdNYB71kH6zb9kSYtPPwN_j0dJaq7iy2eJVnygJHw5QHABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCj80TSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYyvmz-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEKDk5YiG8MyKbRICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=TiU2P5DEuak&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqoRm0Fk8gaRNlJVydO-AcgX-ex_0w0yph4vyK7Rujr9KZ2Ks_58E900rfhiznrSrvz9eEPtGiIv3MhEz7LRHZEHwT49RQnYFUZwEYAQ&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6818625889483991&output=html&h=280&slotname=3601043988&adk=1035231763&adf=365811147&pi=t.ma~as.3601043988&w=686&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&format=686x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268877967&bpp=7&bdt=1150&idt=1033&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=569516815409&frm=20&pv=2&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=289&ady=789&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&pvsid=1770005119173300&tmod=1121539662&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CaoeE%7C&abl=CA&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1054Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVu_J9GMFsCwnVUzP_dpbBHcRgK7fFwH6VPFQo3gqGMGA-u0DrC_HGrdb2OQhOrZ906TBTm6bXTxeqxNKimBeqdYoe1tZuYIOJVvqRMgQm7sI8qn2twsQc3rRIxnnEcFZbJvd0OZg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODgyLDMyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcmVhbGx5ZnJlZWdlb2lwLm9yZy9idWxrIixudWxsLFtbOCwiZWNKSG94Sl9YOHciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMjAsIltudWxsLG51bGwsWzk1MzI5ODQzXSwxNCwxM10iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/s?v=r20120211 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaQskQMkYWVqjzvmoqZsI475nztg5bC81gq-VXB49XRTpFz4dBlxb1d6y7bMRCjbUCu4eql7BhOgFexRoiRj_ejCDizwbg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaSxv5fD1Tm04uAwlAEDb-tAHm5RhfiBheN86s48UnhGlNMLilIH2se34uidJa4wlZ-Vpq4yvhFJAJm22u9hss8v8jU0Kg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaTiBIKzKNuETr1w-l3sy0eTeL_ip62zou988OofscCVBxqxvfaNUkLBtKel17ykNjbLqmwE2gxISOCsLNrYwux2sEUsRA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVU52TAQJRTlRvb1_bqi_QFqk_kM73rC9baqjUab81gJ0GxN-vF4Pi0XPimMRK4gC8qyZ0_jgGchTGTNcWrdNztGfr5MwJxRhJfX_cxFkjQf9rHPP-ejH-0zwDK2SHHZw6eIdDNx2lA3RZXAXcq3-JaXfE7HswNmuKtuAh8Qc5JVY8HmRESwluJCD8r/__468x6o_&adname=/adtop300./internet_ad_/redirect?tid= HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CCIHqk2geZvzzG_vlrr4P5N24SILIr8J2k4e3gpISzfWxwJVAEAEgt4G9I2DJtt2M4KSEFKAB98u4wgLIAQmpAlgyFW4j0Ek-qAMByAPLBKoE2gFP0PF6M3Ogx_7fe1QOsvZNUHHgbtesYqjEkRg6ICz3vhdYAoNPwWJnUPxiLIyXUQUYFQUCNhYng2zrDCZsZjfBfqZHHhxn1n_MqGT5NsMOUqmgclQCtQiVqHy5xXQwavCIERGSm4sjtps9X83Joq7ciLf_lak8Th2V2M_bnsDEnN6AKz-GW0XAxj4JBj05wlCkYGpiMOxSjam1Mhvhf5S8VX07eZgYGipAZYUwxbbEWJkZdq7szW8b54tZmKqRH7EJirmwWtN3wmnTr3hYx6Xjq-7ABwgwWcdL48AE0eboo6MEiAXV-5CeN5IFBAgEGAGSBQQIBRgEoAYugAfxs8e9AagH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAf3wrEC2AcA8gcEEO_VQtIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlj47M_518aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ8NvRqaPl3N2TARICAQPYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBguIgEA6BgB&sigh=ZqlnWtPV_Zw&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqZEAQd2owvRcE7P40MvaagF3YuWULXVpdj35FKAcw_4sGCqiCg1Gexg3SgWOxwZKReitVzVBXzBgB&template_id=5000&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source;navigation-source, triggerReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=9752778&pi=t.aa~a.786254476~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4774&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0&nras=2&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=1384&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RFjZRCoEzMsSQ
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CFf_Ek2geZor4HPyirr4Pz6OP-AGCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9Bu7CMA3dg9Hj4Ri3r8-bjLSteZQ3ueEv59HTes_xdCnLUNfyPZ4hS44jJj3ULz0BaWLt9CX4JJEprIvKT6wVqOW5jh4Ujy_eC4EuEzg-bKu5JPe5qBLcpVey7dC9r5_RAzJqlQohOYnF2OOmkI1eiJ3f2MESkPyZVYP3RodUK9GH097IEtIBBTSMR-QAgL140F1FlSevTsuDHFtyfEg0REHQQttDJVBNISyToDTFoEXwLAm4GvLdxWSjWVlUknogqZ6SlLJTbHCuOCKrU062HX5cbABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBDWpivSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpY-vPQ-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEAoKEJD_mp7Z9PqhTBICAQO4E-QD2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYLiIBAOgYAQ&sigh=xWDdWWB5EpA&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqnM9NGOp93WvJClMIzRrhBpWGjwIsbjza7_6f_xw_-HlQwaWrfgoER6ajBoWHTlW0yOdPUSrtDRgB&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger;navigation-source, event-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=1992864447&pi=t.aa~a.3071472229~rp.1&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280%2C700x280&nras=4&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2601&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mm
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CAZWlk2geZvOwHcDmrr4Py72IsAuCyK_CdpOHt4KSEs31scCVQBABILeBvSNgybbdjOCkhBSgAffLuMICyAEJqQJYMhVuI9BJPqgDAcgDywSqBNQBT9ByN_V40mYKRG3Ttf7xoJ2kh6ZoOL70EzLB_eOcUdeBm_a7Q3V5t0GfPeKU2dO9HT4nUVU9yM2EJqcFoT3JprF34ed438sxgJ1_FWzLlPhQycdRDxaBaPHz_rWFjlIeELencWxKCWUYH4jUT5Rbb-S4p_RZEEnQLsVzDBHJTU_AOy-bVlnHsaXrOtt5RFAoz76qVn50U44MCix5EgjMrc54p_3KkL8Bviqvzn0mAhMkoBtleXcSRj2V6btbr29Aa1CqdMYoeK9tgGZvEec4vLkGiCTABNHm6KOjBIgF1fuQnjeSBQQIBBgBkgUECAUYBKAGLoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAPIHBBCP737SCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYqZnR-dfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEJC9jbHhh97gvgESAgEDuBPkA9gTAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02ODE4NjI1ODg5NDgzOTkxGACyGAkSArhQGC4iAQDoGAE&sigh=RNHCxa6OB1o&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAB7FLtqltTZogJnZX4x4Q2N3yir7Sec5fuAPgXWrlPBKo7QaXRxBWGInXGvI1KhfkDQSo9S_jWNoP_pGRgB&template_id=484&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger=navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-6818625889483991&output=html&h=280&adk=2968995696&adf=3012990119&pi=t.aa~a.361413772~rp.4&w=700&fwrn=4&fwrnh=100&lmt=1713268878&rafmt=1&to=qs&pwprc=3568082181&format=700x280&url=https%3A%2F%2Freallyfreegeoip.org%2Fbulk&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713268881591&bpp=1&bdt=4773&idt=-M&shv=r20240411&mjsv=m202404150101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df83b9080ae7c5c1b%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaS9dDUB4sCGvRvSzjkth-zAnuMWQ&gpic=UID%3D00000ddf8ead9cd1%3AT%3D1713268880%3ART%3D1713268880%3AS%3DALNI_MaLRWrIb736NF6jEIKIY-xAPBnydw&eo_id_str=ID%3D8ad260a50f7e8846%3AT%3D1713268880%3ART%3D1713268880%3AS%3DAA-AfjZhYn5g4MYS4kxGt0kr7Xlv&prev_fmts=686x280%2C0x0%2C700x280&nras=3&correlator=569516815409&frm=20&pv=1&ga_vid=1290037316.1713268821&ga_sid=1713268879&ga_hid=1944407695&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=282&ady=2311&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C95329427%2C31082799%2C95320377%2C95329830%2C31081718&oid=2&psts=AOrYGsmWFHh6A3_v6k_at-rztDupCuopbKpA-ZTjODfRKVJwHHt12i9pEbKbxKprH6JeP1mmCTWIWJe0RF
Source: global traffic	HTTP traffic detected: GET /sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx HTTP/1.1Host: rtb.mfadsrvr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/adx/cm/pixel?google_gid=CAESEEBmP9OrHQviXPQMC1KfLq4&google_cver=1&google_push=AXcoOmSH5LsMIsFYGinmA9-qHpfLR6DdKaRdUijwcAtyrgrE5gi_aC7ai7Ap1y9_iFBscEVahM5c6pBnLgPM-WEc3vWN1KZt4mjoL0at HTTP/1.1Host: www.temu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ju/cs/google?google_gid=CAESEEaj-IKrJFj6IN4REVHViIk&google_cver=1&google_push=AXcoOmR77Y9HP1up4Y5IZEtV30mRb24AozZHkxu3YAcuM-rpWqgGp5TMExtV3qryDy7dUJCUqznibGUMOCDA6VAY9PrCU_3sar67FY3E HTTP/1.1Host: gtrace.mediago.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tum?umid=4&uid=CAESEHemRA7j9x_ZFSV3EmiTAtE&google_cver=1&google_push=AXcoOmSj-OWwdxfjcvZfEBQylR1fRj276GLjaDY4n8fkKNtkExS_l32_MbRNlk16vi0HXacJp4NFgiA5-BWFlXHz4fh4Gzdu7Gzclo3W HTTP/1.1Host: ums.acuityplatform.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/cmf/google?google_gid=CAESECqq3lhmL1MW8wwHo1rWmlU&google_cver=1&google_push=AXcoOmTVcCQcvLdnCFjE1DHHToNIELy_nDBPPxkqCmHIakZyiIJvFyatt6BIX8Iftr7Q4dptK6eBWt8ytwljV78pUBaDw6gwe4BF_w8 HTTP/1.1Host: match.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gp_match?google_gid=CAESEJnF8qVUeNA3yH447KsdHmA&google_cver=1&google_push=AXcoOmT-nqrzjzceulmNlSqL6Dq9pkeL-RDIp1YVkXvSbPHi9fGUVHCLLooe8eiNtU3_z8dKJu4yYC2Jxxy1gQczEsEfqMxzReSBtec HTTP/1.1Host: um.simpli.fiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/47/?remote_uid=CAESEBwhUKF8xsr4PPyPvnMAMRk&c_param1=AXcoOmRj8J-30DvSH5JN2JPulQaxH6eJzSg1-10TbNeMtW3jm1e2l3G3W-1zH3PcSNgNBLLje_jC9YIFF4dnC_YYW8CMLOnEfHaoe_Il&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1Host: s.uuidksinc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/47/?remote_uid=CAESEJmHsLofe6i8ILkHO_AzbaE&c_param1=AXcoOmSVB6nPiklpxmQF8XmGAFV2BEqDuTrwUGyl19lRkJzA00Omm3fK0tPIBH3tq-QtBGwARvzTGCVNBRf-cqofVRKanjVNR-sF90Rf&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1Host: s.uuidksinc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1 HTTP/1.1Host: an.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELXya2SqvMwLvBDTBcImRyY&google_cver=1&google_push=AXcoOmScn2dKTIYbuYoxAt_hIQ0zW0tTwhlyVVlURjnDvFXx3QRu8bYNKS8PIaa-oYW1FqEhCXR70BY5TxTmamrJKuFYo3vJJ9WkrdgW HTTP/1.1Host: cms.quantserve.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEJW-h_A-pCGkiK90-9eBUw8&google_cver=1&google_push=AXcoOmTJfD_M3HqZ7skkR_tlHN3OfwPj4pakrZ4D2I1DHC7uZ-tv6U-9-Ur3IcJkxscLn_DMra1B-hbQwxH1ft3N6GrPefuRP2lQCwA HTTP/1.1Host: aid.send.microad.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEGxxjB0aJlj08TJSAayUtos&google_cver=1&google_push=AXcoOmSc3_LHItao7R2MVc2KER3Lt3DcpBT4W5HrzuPDMe1b0aSL6X7Jhaie6aP_WobB5X6BaKZOeestTSMORBBzynKXHY6dIMAVcCc HTTP/1.1Host: aid.send.microad.jpConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pub/sync?pubid=pub6871767557696&google_push=AXcoOmQHJVWeykoC-nW61BgbLOc9wXd5V1LOINOlkq8MTdGZK5-I-1JL7gfAPDbzY8Oql_T1eKwrjh6Y4Seae7t2kxHxIsTkpOFsXHrn&google_gid=CAESEFpq0tLyqvK6T3uzR9UOJfk&google_cver=1 HTTP/1.1Host: t.adx.opera.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U
Source: global traffic	HTTP traffic detected: GET /ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEL1U9PSETpBc57kRP3tnvVY&google_cver=1&google_push=AXcoOmRPecVpPkCkEkhMVs7RrEscDoLWpuAkfwSBwiHS8xZwU_S6aaIO4Nci1uE1Ub8KMjH5zES6GzTKf2WWVZKEllLtdx2HZ_62VHUx HTTP/1.1Host: rtb.mfadsrvr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=35f380bf-64e9-4347-89e8-2f5e9a479a02; c=1713268885; tuuid_lu=1713268885
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUHmnjoKVF7OGzM2eYE9Em3SpiATp2t78QswjGRNcNPnM016p005hG3WLPouC4UyY75CDCgY-F2L9IbcjpHo6ckLhv1pj1NtAfiCTlaJBc9DzrGZYCQNrwQaCofNHFw_hie_okycw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzMjY4ODg0LDM2MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9yZWFsbHlmcmVlZ2VvaXAub3JnL2J1bGsiLG51bGwsW1s4LCJlY0pIb3hKX1g4dyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjk4NDNdLDE0LDEzXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ul_cb/sync?ssp=google&google_gid=CAESEM6lxBOc1FdAG1PhFDSNrmQ&google_cver=1&google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=64a1af68-e378-4141-af74-9ecad6be1ba1; c=1713268885; tuuid_lu=1713268885
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /track/cmf/google?google_gid=CAESECqq3lhmL1MW8wwHo1rWmlU&google_cver=1&google_push=AXcoOmTVcCQcvLdnCFjE1DHHToNIELy_nDBPPxkqCmHIakZyiIJvFyatt6BIX8Iftr7Q4dptK6eBWt8ytwljV78pUBaDw6gwe4BF_w8 HTTP/1.1Host: match.adsrvr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=Cx5igkGgeZs_MN4DNrr4PkLWkgA6CyK_CdtDY_bqOEuzI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAECqQJYMhVuI9BJPqgDAcgDyQSqBNQBT9Csnt6TMkA26-lAf1Mgj1Ww57dJQOIawVXTrBTjMygh_d45G2pmxVv6QbpPgcGGPByGKRHNjANa1d9cYmgakRsy4HmN1DGyrYmFtQXPmYAxQrA4PrtDHdAFh4Cg_tueisk2HVSipjxnVlzkouc_41bfn25r3ZC2dcR_4f4eZnLycwVhY2IO58vShriukcMDv8Wq_286fXeO0fjKNr8qVNBm4vzgGg8ylQyyUefm4pAC42nZScQzJ3rxlBZFNPsaU7GDNxTom2mOxnvx866labb56QrABM3Pi7vcA4gF1fuQnjeSBQQIBBgBkgUECAUYBKAGAoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBD-inPSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYnra0-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLENC2rZqUyN7D9AESAgED2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYAiIBAOgYAQ&sigh=mFiBZ3VwL7E&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_br&google_gid=CAESEAr2PuWl0cXxfkp_IdZEsjg&google_cver=1&google_push=AXcoOmS0e5AnpVmFTTw8t00BAxuCo7-6hyyalGdVEMIzhnzfQpLb7QRp_EiskmaaiVybEces8uqc9dPjxDW-eE_T2f98BQlAuTDCn-M&tc=1 HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: g=vCBeCmo09GH0HI2qNdeU_1713268885773; ts=1713268885
Source: global traffic	HTTP traffic detected: GET /cm-notify?pi=adxab&google_nid=rtb_house_us&google_gid=CAESEMY_t0JvEC7FV31G0FF9Prs&google_cver=1&google_push=AXcoOmRqK9Gv9_63g-Ie5PdI51IX_a6U4niKaHFHqkGHHOacHaT8Mse9CBSS77CLITWa74i6w3II5qO60SYg17BzwbTgxk9tnjdUCdIzDg&tc=1 HTTP/1.1Host: creativecdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ts=1713268885; g=QnqJ0DNTnMzXHjp6qt74_1713268885778
Source: global traffic	HTTP traffic detected: GET /pagead/drt/si?st=NO_DATA HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1 HTTP/1.1Host: t.pswec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /an/mapuid/google/CAESEF8Q23zzrafPh1KSr938-VE?redir-setuniq=1&ext-param=AXcoOmSiazq0BMGVUO4TPVvYtUH8uHR6Gjz7652XElM_rPFcGWgGpyovsiwjDF6hXSTfO1wATC0Sq0-zDb8Jhu4qol9iVDx0MrkmgDQ9Ww&partner-tag=yandex_ag&google_cver=1 HTTP/1.1Host: yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CE6TlkGgeZtDMN4DNrr4PkLWkgA6CyK_CdtDY_bqOEuzI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAECqQJYMhVuI9BJPqgDAcgDyQSqBNQBT9Df1R1VpmY1SHVcte1mp8OcHIS8AdPArkb-KIdQWInwC15N440VUNNSlDhCW9BI-7qYF6--hf_Wuz5KkTS34uDs6552bp3evPSt9IQz17xXiQkFGSmuKHvn-CRV87qE3k78Tg5bqphDxKcJIQBEIYLNcxOImjjVmEYnyQpD45q-OBHnTb0otJLiV6G9C4iL74QRIjK7gy5EtTc9IoAaP5kLWiQQvZ9JcRftz4VVNnaBEbDVOh-kW54H-r2WNiH_mXH4VSwLNivxLUOcOXzRT1ufbELABM3Pi7vcA4gF1fuQnjeSBQQIBBgBkgUECAUYBKAGAoAH8bPHvQGoB9m2sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCKpVnSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYnra0-NfGhQOaCVBodHRwczovL3d3dy5tYW5hZ2VlbmdpbmUuY29tL3Byb2R1Y3RzL3NlcnZpY2UtZGVzay9scC9zZXJ2aWNlLWRlc2stc29sdXRpb24uaHRtbIAKAcgLAdoMEQoLEPCmlvzfgaWhhAESAgED2BMC0BUBmBYBgBcBshccChoIABIUcHViLTY4MTg2MjU4ODk0ODM5OTEYALIYCRICuFAYAiIBAOgYAQ&sigh=HoVhKm2fa_w&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: not-navigation-source, trigger, event-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEJW-h_A-pCGkiK90-9eBUw8&google_cver=1&google_push=AXcoOmTJfD_M3HqZ7skkR_tlHN3OfwPj4pakrZ4D2I1DHC7uZ-tv6U-9-Ur3IcJkxscLn_DMra1B-hbQwxH1ft3N6GrPefuRP2lQCwA HTTP/1.1Host: aid.send.microad.jpConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /g/asr?google_gid=CAESEGxxjB0aJlj08TJSAayUtos&google_cver=1&google_push=AXcoOmSc3_LHItao7R2MVc2KER3Lt3DcpBT4W5HrzuPDMe1b0aSL6X7Jhaie6aP_WobB5X6BaKZOeestTSMORBBzynKXHY6dIMAVcCc HTTP/1.1Host: aid.send.microad.jpConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ul_cb/bsw_sync?ssp=google&bsw_user_id=64a1af68-e378-4141-af74-9ecad6be1ba1 HTTP/1.1Host: t.pswec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=bed4daf3-99c0-4ccf-b8cc-3b26211c2b9d; c=1713268886; tuuid_lu=1713268886
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=CM2axkGgeZtHMN4DNrr4PkLWkgA6CyK_Cdt3znJGwEezI__jbKRABILeBvSNgybbdjOCkhBSgAffLuMICyAEBqQJYMhVuI9BJPqgDAcgDywSqBNUBT9AfEIS2mQx97CYSSizLqCZKbTIQAcQ2gEagf2m8AXUwvW7eEIdQwrCDSkXVL2Beo8T7vtKWlyv2Rdz6_ulev6ndQHmJicIXWTe53Pkog_PinykfRVguCDkpYAc41D-PMn7Zh3EcMxTj-Mv8qzy2__dn_M5mqdzqWv1t8Doq5tqJnr2DSW6HTCyqar3XHikeZHYx2Ws4nA1G2G6wTne9fpy26HR523ZFim2B7hHnTgm17hwaVGqf58Q6sGuVa1vUivMZuqMaF3wxzWVCTwo4hMYZj_PEwATNz4u73AOIBdX7kJ43kgUECAQYAZIFBAgFGASAB_Gzx70BqAfZtrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwUQ7_ynAdIIJAiAYRABGB8yAooCOgmAQIDAgICAoChIvf3BOlietrT418aFA5oJUGh0dHBzOi8vd3d3Lm1hbmFnZWVuZ2luZS5jb20vcHJvZHVjdHMvc2VydmljZS1kZXNrL2xwL3NlcnZpY2UtZGVzay1zb2x1dGlvbi5odG1sgAoByAsB2gwRCgsQ0KPSh5GYr9-lARICAQPYEwKIFATQFQGYFgGAFwGyFxwKGggAEhRwdWItNjgxODYyNTg4OTQ4Mzk5MRgAshgJEgK4UBgBIgEA6BgB&sigh=Ru6vvddGZwE&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtq49onUFUEPR1wMU5fs9VGwi74IlymFcLgqpPkG099tmfB-y3aypk17up9TkcCgudMyKjkBXOSqQjhYRTVqkBzCMa4-AQCjOoTsAIYAQ&cbvp=2&vis=1&nis=6 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger, event-source;navigation-sourceReferer: https://googleads.g.doubleclick.net/pagead/html/r20240411/r20110914/zrt_lookup_fy2021.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmdyLv_8Tj3e0aiyQl61j5_4Jtz1pwo20hWbHbXELTaxNHIfw-dRBpAZDj6i1U; DSID=NO_DATA
Source: global traffic	HTTP traffic detected: GET /sync?dsp_id=2&user_id=bed4daf3-99c0-4ccf-b8cc-3b26211c2b9d&expires=3&user_group=1&ssp=google HTTP/1.1Host: x.bidswitch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=64a1af68-e378-4141-af74-9ecad6be1ba1; c=1713268885; tuuid_lu=1713268886; google_push=AXcoOmQCLBnddGtpk0IUZLMch6PubdmLVKy36F1llg1uKJ5KbZL-AISMvUs0pT0-Is-kgZkLIaJXBp2aFEcklS4ED9TvUTBRM--FoPw
Source: global traffic	HTTP traffic detected: GET /resource/spacer.gif HTTP/1.1Host: an.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885; receive-cookie-deprecation=1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://reallyfreegeoip.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resource/spacer.gif HTTP/1.1Host: an.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yuidss=5031997861713268885; i=1EL/BNO8MEJw/+/XZX8Plvu4Sl3AqObgEfFTF1riMYyUyBbTsogKyWyI0THD5Pe8vdpdE24W1PGXStqvG7jwRre2gzE=; yandexuid=2116646591713268885; yashr=7714199661713268885
Source: global traffic	HTTP traffic detected: GET /fs/4.39/flatFontAssets.pkg HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: fs.microsoft.com

Source: chromecache_227.2.dr, chromecache_196.2.dr

Source: unknown

DNS traffic detected: queries for: reallyfreegeoip.org

Source: unknown

Source: global traffic

Source: chromecache_183.2.dr	String found in binary or memory: http://google.com
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: chromecache_183.2.dr	String found in binary or memory: http://mathiasbynens.be/
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: chromecache_228.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_147.2.dr	String found in binary or memory: http://www.dynamicdrive.com.
Source: chromecache_147.2.dr	String found in binary or memory: http://www.dynamicdrive.com/
Source: chromecache_133.2.dr, chromecache_164.2.dr	String found in binary or memory: https://adsense.com.
Source: chromecache_227.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_227.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_183.2.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_183.2.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: chromecache_183.2.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_178.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_183.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_183.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_178.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RP
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_151.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_151.2.dr, chromecache_230.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_183.2.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/%
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: chromecache_183.2.dr, chromecache_186.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_150.2.dr, chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/bg/%
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&bin=7&v=
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=error&name=invalid_geo&context=10
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=extra&rnd=
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fetch&later&lidartos
Source: chromecache_228.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=
Source: chromecache_129.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_160.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_150.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224
Source: chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_133.2.dr, chromecache_164.2.dr, chromecache_160.2.dr, chromecache_183.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_214.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chromecache_150.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224
Source: chromecache_143.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225
Source: chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/90.76.249.101
Source: chromecache_147.2.dr	String found in binary or memory: https://reallyfreegeoip.org/bulk
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/81.181.57.52
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/csv/90.76.249.101
Source: chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/81.181.57.52
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/81.181.57.52?callback=myFunction
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/90.76.249.101
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/json/90.76.249.101?callback=myFunction
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: chromecache_147.2.dr, chromecache_231.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.57.52
Source: chromecache_137.2.dr	String found in binary or memory: https://reallyfreegeoip.org/xml/90.76.249.101
Source: chromecache_183.2.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: chromecache_227.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_227.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_143.2.dr	String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_183.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: chromecache_143.2.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Source: chromecache_143.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_133.2.dr, chromecache_164.2.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_183.2.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_132.2.dr	String found in binary or memory: https://www.google.com/pagead/drt/ui
Source: chromecache_143.2.dr, chromecache_183.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_183.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_228.2.dr	String found in binary or memory: https://www.googleadservices.com/pagead/managed/js/activeview/
Source: chromecache_227.2.dr, chromecache_196.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_147.2.dr, chromecache_137.2.dr, chromecache_231.2.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-P55S3CL
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/arrow_left_24px_grey_800.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/close_24px_grey_700.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_blue_600.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_grey_800.svg
Source: chromecache_183.2.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/%
Source: chromecache_227.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_147.2.dr	String found in binary or memory: https://zenorocha.github.io/clipboard.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.5:49952 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@30/201@70/28

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{105CBBD4-FDCC-474B-B032-45F0792EE2C6} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2524,i,10992271263540220420,14325751845824133788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reallyfreegeoip.org"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Downloads\reallyfreegeoip.org.csv"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2524,i,10992271263540220420,14325751845824133788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

ID:	1426709
Product:	CloudBasic
Start time:	13:59:24
Start date:	16.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://reallyfreegeoip.org

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://reallyfreegeoip.org

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://reallyfreegeoip.org