Windows Analysis Report
https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==

Overview

General Information

Sample URL: https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3
Analysis ID: 1431758
Infos:

Detection

HTMLPhisher
Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
HTML page contains suspicious base64 encoded javascript
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL
HTTP GET or POST without a user agent
Invalid T&C link found
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw== SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 3.5.pages.csv, type: HTML
HTML page contains suspicious base64 encoded javascript
Source: https://efe.q39r.com/efe/#Xmaria.wojciechowski@co.monmouth.nj.us HTTP Parser: Base64 decoded: <script>
HTML body contains low number of good links
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden URLs or javascript code
Source: https://efe.q39r.com/efe/#Xmaria.wojciechowski@co.monmouth.nj.us HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...
HTML title does not match URL
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Title: ylVjeegzJE does not match URL
Invalid T&C link found
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Invalid link: Terms of use
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Invalid link: Privacy & cookies
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Invalid link: Terms of use
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: Invalid link: Privacy & cookies
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: <input type="password" .../> found
Source: https://efe.q39r.com/efe/#Xmaria.wojciechowski@co.monmouth.nj.us HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normal HTTP Parser: No favicon
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No favicon
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No favicon
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No <meta name="author".. found
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No <meta name="author".. found
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No <meta name="copyright".. found
Source: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49790 version: TLS 1.2
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: global traffic HTTP traffic detected: GET /cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw== HTTP/1.1Host: web.lehighvalleychamber.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw== HTTP/1.1Host: sanemedia.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sanemedia.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /efe/ HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sanemedia.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879faccbfe8fb06a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/efe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVuTjhpYXZwWDVORVBLMVRKWWJva0E9PSIsInZhbHVlIjoieEdkZ1drMVdXMzNIV2JOSW9iQnBaaVlYcDFXNDBxWjllbm9WWGkzMWlVdlBMaU0rcC9KYkZudkRtcnk4dlEycnVrL1Y2d0hiVW5ZYkRHNEpCemNSMUpYYkJzZ0k2U2JsS1YrSEVrLzlrbDVCMHBoSkpNcTk2cnpjUldSTzcvcVIiLCJtYWMiOiJiMWMzYjljZThiNDcwMmQ0M2E3ZmQ1YTUyYTRjMjJhODc2ZjI1NDU0YzkwYzUyNDIwNWU0ZDNiYTQ3NTA5NzllIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlhNTVJWE5STkZJenE5bTlJMGhzV1E9PSIsInZhbHVlIjoia3llOWIyNUR6ZVM0TEZVRE9jL25PZnNLTytUa0ZxQjgyQWk1cUJpVmZOcVg1YmVoMjdWR21ZK3NWbG9zalE1RzJIREZIUUExaXF2L2VxeStySnU2cWxqM1poQWQwazhwbjBLY0d3eUhOUkJIaFJ5NnFWdWVDT1Z4RkJBdWJlKzYiLCJtYWMiOiI5ZjdkNDFmYjFiMmZjMzk2NWNiN2I0MDY0ZjI3NTNhZjZlNGNiYTc2ZDA4ODAyZWJhZDQ4ZGZiODY3ODczMGUwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1173002416:1714059007:O_UCrCaeb8fNz4-lYcCa6LDflfcxd0RCynsCpjLLiq4/879faccbfe8fb06a/f892c8713b88792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879faccbfe8fb06a/1714062180713/RjvXT6k7-qXYQHs HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879faccbfe8fb06a/1714062180713/RjvXT6k7-qXYQHs HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/879faccbfe8fb06a/1714062180714/7a2eef3f3a2ffe6b8118994333b3f4d3ec1e526af4efd68e8961fa2dd086f191/MGHiH1uFJDsfTgO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1173002416:1714059007:O_UCrCaeb8fNz4-lYcCa6LDflfcxd0RCynsCpjLLiq4/879faccbfe8fb06a/f892c8713b88792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9KOl2MdB5OHyWcF&MD=cOMbbLl7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1173002416:1714059007:O_UCrCaeb8fNz4-lYcCa6LDflfcxd0RCynsCpjLLiq4/879faccbfe8fb06a/f892c8713b88792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /efe/ HTTP/1.1Host: efe.q39r.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://efe.q39r.com/efe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImpkKzB1R3RuTkNrTlkvMTdHL0hkL0E9PSIsInZhbHVlIjoiOEYvZEkyeHZHREhpTmZNSHFOREJaUGJzdnN4R080R3cvMXMvMVpWYmt1K3RaUmN4d0FkMUVGUURjM3N5VXQvVzYxMk9Vb1FRZG9yTHBYUllISjdQWWdKN0d2Y3p4WWYwVnJCSkgrWUZSSk4ycENobElmdUdzS0pSL0NkbEFZWHAiLCJtYWMiOiI0YTc3M2MwMTU5MjNjZWMxMmEyMWNiZWJlMDQ5YjQ1MzMwNjY0ZTE2MTVmZWFkNDRiMGExNzhmZDYzZTllNWY1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktFODFBSUdIaHJYVWhneVo5bUo1a0E9PSIsInZhbHVlIjoiek1jU3VTT0VHcGE4VUxvbGxxanpKcjNDS2tOYjF2aWRtTlgydTB0dUpkSnIvTHFib0Jub2pJWnVxcjZFUGV3YzFqdnNJZkF5c1pnZ2Q0cGhxaFVleFZGRzcxZlkrdG5GSVMzYXhIQzM1c3RkVTI3RXRSMEkvS0F6VVpKell5MWIiLCJtYWMiOiIzMjY3NDYwYjI5NjhmZmU0MTM4ODUxNmM5MjY2N2UwMDAxYmY5ODkzNTExY2E1NWZjMDQyZjc5ZjIxNWZkNDAyIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /clKkFwlBHiHVSJ8Pe6bssjJAax4UIk5BlbqZlpC0mNq48 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImpkKzB1R3RuTkNrTlkvMTdHL0hkL0E9PSIsInZhbHVlIjoiOEYvZEkyeHZHREhpTmZNSHFOREJaUGJzdnN4R080R3cvMXMvMVpWYmt1K3RaUmN4d0FkMUVGUURjM3N5VXQvVzYxMk9Vb1FRZG9yTHBYUllISjdQWWdKN0d2Y3p4WWYwVnJCSkgrWUZSSk4ycENobElmdUdzS0pSL0NkbEFZWHAiLCJtYWMiOiI0YTc3M2MwMTU5MjNjZWMxMmEyMWNiZWJlMDQ5YjQ1MzMwNjY0ZTE2MTVmZWFkNDRiMGExNzhmZDYzZTllNWY1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktFODFBSUdIaHJYVWhneVo5bUo1a0E9PSIsInZhbHVlIjoiek1jU3VTT0VHcGE4VUxvbGxxanpKcjNDS2tOYjF2aWRtTlgydTB0dUpkSnIvTHFib0Jub2pJWnVxcjZFUGV3YzFqdnNJZkF5c1pnZ2Q0cGhxaFVleFZGRzcxZlkrdG5GSVMzYXhIQzM1c3RkVTI3RXRSMEkvS0F6VVpKell5MWIiLCJtYWMiOiIzMjY3NDYwYjI5NjhmZmU0MTM4ODUxNmM5MjY2N2UwMDAxYmY5ODkzNTExY2E1NWZjMDQyZjc5ZjIxNWZkNDAyIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efe/?xXmaria.wojciechowski@co.monmouth.nj.us HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://efe.q39r.com/efe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InpTcm9QdUpMMjAwRzQ4MUZzNmZsT2c9PSIsInZhbHVlIjoiZGNNNmIyQnd2M1N2RWh3WFZOdlhlQW1VSDZGUHFjK0ZmZ21HdzlKSk10UFJTcVVkVlp5ZGJEUEczeWNDSzdRb05uM3g0UExtbktqaE1FekkySmdqaXE0NzQ1VlM4Rld3TXRWYVR1dzNNUUZCdm9TZzNLSnlJNE9VUHZoMEVrYmUiLCJtYWMiOiIyOWUxNDFmNGJiNzhhYzU1ZGZmMmIzMDA4MGEyMTc3ZTAwYmIzNTcyYTU3MTUzYWU1YTdhMGQyZGQyNWIxY2NlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1iOUJZTEJIUjI5RzRkR2pOYkxGK3c9PSIsInZhbHVlIjoiTlFrK01nU2xGN2dST1RlWmNkdVlHRU00S3N1Mmg4S1BDa1N4RmlPQlY4WVFMZmp0SWpzdm5Wd2RmK2pOcWhTL0F5NFE0NVBFQjkxL0FxU3ZreTRhNTF2MExQT2Z5YmZQbjJMcFdnYUlyVUtmUVAvUjJDc1Nucmw3ak9VVzVERkEiLCJtYWMiOiJmMzcyOGQzOTgyYTFmNzkwYjJhMDIyMjFhNjFhMTIwZjY4MjI4MDMwZWYyN2JlNzhlNzEyOTEyZjY0ODE3Yzc3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://efe.q39r.com/efe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImNVbGFybGt1NFBzbWhMY3lGNmZURlE9PSIsInZhbHVlIjoiRWRCVm8yM0pBVUlGWkhjdEovQmtsZHpsN3dkYytMdXVVOUhBRkFBcXE4RnMyM05VRno1WUh4MjVNdlN5R0tJSlZSYmdsb2Q5MTNVcjhSVmlMRGNrT0tzR0ViSm1uN2toV0hXQ2VWVVRCODkyV2JsUWFuVEQrcnREbDU5TUFWUGciLCJtYWMiOiJhNTc4ODMyM2ViNjRlM2E2OTJiNDlkZjZmNzAzMzI5N2FiNjg5NmE1MWE4ZGQ4ZTFkMGU5Y2NkNDcwMjIwZWIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBKUDRCd1RZbzdtSHIyUFNMOExIYXc9PSIsInZhbHVlIjoienJzeWFYekUwbXBpRlhXL3JmRHY5YmhEVXl2MWN3MHYvNjZNU0xOWU42Vld3OHlRRUwyKzBNSDA2ZmhCU3h4ZWk0KzVSdGs1cFA1VWdJK1lQRlhvbFBUc3JTRUxYQlNHdHV5a3cxTVBtTjc5Kys0ZHFzWDdTa25OY215YTgya1YiLCJtYWMiOiI2NGQ2NmM1MzAwYzNmYzdlZTQ4Zjk5ZDMyOTc2MmViNzU1YjVlNjhmYjFjMzJjNjdiZjBjMDQ3NzJkY2VhYzg3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /34fI8EabNdid6714 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /abx86uorshef28 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /pq6n4pZVF34fr6WWmmuv39 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /12YCk90LK56Se1ynKqr42 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56wgt99Sy67foh23sxX40uDyhst60 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /23Y1SlAfZUj5ab3gLTPxy70 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCLnKzQEIitPNAQjB1M0BCLrYzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /90XMoG7YJNQ48AE7R9RefBV2W3ZP0TRtab71 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efIbTPq3F3E9M4tIsfj78N3gmAo2XLQkl100 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://efe.q39r.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /345AebFBkUb4itsJp2dEx9Nz1WrklGGnhP4AVwQmYV89110 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3DSec-WebSocket-Key: auTwnBOXmEbtU7werxzLsA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /pqlrdvXLDxx8n6V4MJcB2ydokZwphsRQHgstygzowxnkE7IJ6fkdR23LED0BEqORerGVIm4SyEOoIaiiUvfdh4OuMUbyF2Lroiop420 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxW67qXyrj6Vx0Tfu5cRa39uRp3UsvPq5ft22uk0KSw6D3TMfkrP5uXt2IKdP788HXJHkiwXCVeDyNaZS41ShN0mtBkm7fjNwOySWbWl1KwtDzywab430 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IldYRVJsTFZEZWZONDlYV1d2RzZqMGc9PSIsInZhbHVlIjoicnZDSWhZNTlyYkc0MHpvTXdhT0xsSzBJWmExZjdZdzZUVWxIL1FwMU4vMEFycGRnMWIwMFJ4V29pSDN5bXdLc01hUnRLM3dFY2U4Q1gzV2c4dUZub1ZWSS9IQ3Y5bEtGbkFWdExrQ3ZMeElDSm8yWGN5aXVST1lFTk9XbjNlc2YiLCJtYWMiOiI1NWUxMDJhNWM5MzE3MDdiMDU0MDBmMTZkOWFjYTY2NzFjM2UyMzAyN2FkNDMxM2IwMjA2MTQxMjYzOTZhYTNiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZBVGlDV3lyOWJXMG1yTlp4cHEwTGc9PSIsInZhbHVlIjoiTEFOL3N6L0xQOWpWc3NYWm1tME1hZ0crZk41QkQrTEZJWTB5VTJmVFpndUdzVVRXTGpBQVUyeFFpY3NYNVY3VnN2NXRIaXVWbEY3NUNONHRIczlKdys4WWZTbTdHaWk1eE1QRzllNVl6V1JlWXpSMy9FV2htbVk4eHRGc3RlNGIiLCJtYWMiOiIyMGQ1OGU3MTNkZDUyZmZlNGQ0MWVmZDc2NzZkNTk4MzM2ZDNiNDg4NWRlZTc5MjRlNzMwNmM4N2QyMGJlMTM0IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ajNyX2SU9rhFeYXrhcFSd76xsstnihCYYJkPQp8lDwn8pe HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /pqlrdvXLDxx8n6V4MJcB2ydokZwphsRQHgstygzowxnkE7IJ6fkdR23LED0BEqORerGVIm4SyEOoIaiiUvfdh4OuMUbyF2Lroiop420 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvZWUFt0UROOoXt5vmcKSao6QR2TqrxxiF9by3n8nEXUy2s5T34126 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opz2A7ILaAyWzSXkUtICNncurtvkgh8DhYFpMx2Oxlzsq9KrZPNl45140 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mn2YUCVnR8vQa9aF2S75S9IkijyLIGjmjHd6iKoP0ehtuyRPp90150 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ij50onkMRoXybYnI2RW73cdrhB5AKLQ1WQTq7e8mc2L3pvwh78164 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxasWsJm1F7lSOv2iLafEmnGnUVfWsJLmbqt2Gkyab175 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxW67qXyrj6Vx0Tfu5cRa39uRp3UsvPq5ft22uk0KSw6D3TMfkrP5uXt2IKdP788HXJHkiwXCVeDyNaZS41ShN0mtBkm7fjNwOySWbWl1KwtDzywab430 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opkZKWoBXgK4XlaBoarjPDswkBdr2NIUBC8D3VyslijyXn8FWJLDbkTI32Kpccd196 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mn2YUCVnR8vQa9aF2S75S9IkijyLIGjmjHd6iKoP0ehtuyRPp90150 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghZkYyc0mYIKciokhMyZ3rmnOyD3C9NSbJEMXI7KFs37Tbx9uncef210 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opDozZ86DfeH93KodasaV6JoKAz0XdnqsnPjlpZlIO7stX2Hqwxgyu5mt9zG3Ft9LdS3Ohi89ehtoHb0ef232 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvZWUFt0UROOoXt5vmcKSao6QR2TqrxxiF9by3n8nEXUy2s5T34126 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ij50onkMRoXybYnI2RW73cdrhB5AKLQ1WQTq7e8mc2L3pvwh78164 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opz2A7ILaAyWzSXkUtICNncurtvkgh8DhYFpMx2Oxlzsq9KrZPNl45140 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvxA6m2pQcdHLo4WKfz3QsT75VfK9cbZD4b2TOjfhbMFDRNv8v45kfQyaKb32Svg5rtqF2tTrZgh254 HTTP/1.1Host: efe.q39r.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxasWsJm1F7lSOv2iLafEmnGnUVfWsJLmbqt2Gkyab175 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opkZKWoBXgK4XlaBoarjPDswkBdr2NIUBC8D3VyslijyXn8FWJLDbkTI32Kpccd196 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvxA6m2pQcdHLo4WKfz3QsT75VfK9cbZD4b2TOjfhbMFDRNv8v45kfQyaKb32Svg5rtqF2tTrZgh254 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opDozZ86DfeH93KodasaV6JoKAz0XdnqsnPjlpZlIO7stX2Hqwxgyu5mt9zG3Ft9LdS3Ohi89ehtoHb0ef232 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghZkYyc0mYIKciokhMyZ3rmnOyD3C9NSbJEMXI7KFs37Tbx9uncef210 HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3DSec-WebSocket-Key: bcs4vSyRabcBE/1HxukJOA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9KOl2MdB5OHyWcF&MD=cOMbbLl7 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3DSec-WebSocket-Key: g9kI22xxf0cCPk9QAAfzSA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAYPwOLpZD9YPgfrPMf4AeuVLP4KhHN5JW4ZGuoCajahei29Yr4XAvSjo2GPcYQ6ZQfUEQ65l0UpJr5ELA9YbC6aDcfw9byGLR55fg3QE6LpVwB1hIRMQQz%2B8XLjfq1HJSLzI0aPcJRVrUnoq1UsMgbgQmboGwzXKYE3xX%2BmJYuEMa5JIE0RNQGt%2Bb4TRUkyTfk67ddzgXjjpr46msoNA8Lb6qp2RTb39zVnEwQEXjJBfYOg6Mn4yv7MIfIcljCfobMbUmzl4dEwGrgR%2BOzdEe%2BB/SVSihwBPpRPQ3m0R/J3/nTUilxdT1BoiimQhq092UWOV2vGktBCAP6PbrwHj9KQDZgAACMsEQqgi6x8rqAHlMn6l0ukonYgeKuPu1CFsZejFYmSbzagTo5/XhtTabZb1ZO6yoUjfrImR5ADhcBWQq8BCf9F62mDi/s1Ybaza0J3FT4EHOZXX8dk3DgxP/dSBpH14Ow5cFWECZsBa%2B4zcQcr6uUw0ADdf1t6Uvhaeh7SWLWJdtVV4Y%2B6GJmxCapwwypCgDFPU6HDkwgrMIKmMporwxNSsKob/i/9UWoYJct9ZQI0wn155wgeDHJXDTxRkJtX5NjS4B7jzR1T5WoDNfapV3lH8qp3eXpwfjpaKXo%2B8QlUmgJcus/BbqCW15VZ%2Bk1INPyr/Y7cHOF1ZZvhZqbCXmPFjzjHNOCe5c3nJ/u3E84GsYIPBCtO2S7g95Oq91FAAu3wUR81W4ExibwWrsJRClVThXdKgISNvzqTdqj8dPOEgKUZGvJnhTHT6GzRMeyoucNLssj6JPDDANIr3Cn8ir/awGI21RMH3WQIVe7GFFEGK1bi8bBgjlHbC99BD1zU/IuZXaQBV1nqPgx9H0kthhHUgYjTt81auOMy5fw88Q9U7kGVjcU88LOy5Ko//AsBACSDW2gE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714062227User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 9555A92DE7EE4ED1A2C38905CA034190X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFFNjNBVFZGSjBsYUpNK1Fuc2dLTEE9PSIsInZhbHVlIjoiTDRZN1BPSVVBOGF6Zlp0NXU4d0xZUzUrQ1lPOHNyOWF5YUVFTk44Y3B2SnE3RVd3ODJ4OHU2eVhrNHVmV0QzMFhlSGtyWGRveTFvK0UxU2plWHJ1K1M2anhUZWR6bUo1b0NwUTcxVVJFeU9hZHpqL2ltUzZDcHdTOVFXWWRuYWIiLCJtYWMiOiJiYmRjNzhmYzNjY2RkODg5NzFlOTYyMjQzMmJiMjVlMjc4ZmMyZGQzY2NhNWY0MmU5YTYyZjk5MDFmNjAzN2I3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNoTERwKy9CUFBtWFNIVERtZ2ZvNGc9PSIsInZhbHVlIjoiY2tMR0YwTU9xRFoybm9aWm9FN3g0TVpDOGJDZ0gxblJFT0pERFo2MUFiU1MrMlp1T21XRlNVUXNnYTlpdGNKUUF4bkc1d3BpRytGK0hBVGdwZ2Jmc0VsN0tHTW5pZFh5UjNuZ0JDaVFKQXVMcTB3SFNrNERqM1RsTjlGejg5TGsiLCJtYWMiOiIwZjdiNzBiMDVjNjg1YmRlYWY0NGUwMWVmNmI3YTY5ODBkMGYzYThkNTMzNzNiYmNmMGVkM2FkNDBmODUzMjZjIiwidGFnIjoiIn0%3DSec-WebSocket-Key: 9MXYgq9kG2JILXmcJ99WsA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://efe.q39r.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajNyX2SU9rhFeYXrhcFSd76xsstnihCYYJkPQp8lDwn8pe HTTP/1.1Host: efe.q39r.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjZYaHZCU0tFYk5McldIcTFLcHB2a1E9PSIsInZhbHVlIjoieUczamRrLzYrZENCcVZNUXR1bk1RZGVGU1V1dkIrb2dQZUhzRGF2MEtkLzRGQTI1QWJGY2llMGRTT3VZa3JYeWcyS21ReFlGeGZ0cm5NYk9sOFNEOHJjWWxIMW1XeS96d2ZodFpEa29zS2lmUkM1ckRTRk9IV0VBS0R6K045blYiLCJtYWMiOiJmMGEzYWNlMjg5NmQ0NWQzNjNjZTZjNjVlMDBhYjc4YTVmNDc1YWE1MWEyNDM1ZTdlZTliMDA2ZmU5ZWI5ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imtnd3prWURzME9KNmFXU01vQkw2OVE9PSIsInZhbHVlIjoiTUl0bHhndTlRN2UzNlFBdTBsdE15bUo5R1QvamtmSXJ1ZHJISzJ6d0RmUVcxTTN4SHpQZkFzTkl1TlJFU1ZySnBOMzd0YzZlSlZ2VU5vbE9iQ3hENVVGQ3NYR25QbzBTd0xVaVhzQUpwQ1dsTHBvWDVrQk14Lzc0V2ZleWF2UHQiLCJtYWMiOiJmZmQ3ZDBmNmJkMTk0YWVlZTFmYWM0ZTYxNjc1NWU4ZDA5MDI1N2FlMTMxMDJlY2EwNDllYzhiMmJhYmVkYmE1IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /185.152.66.230/json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://efe.q39r.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://efe.q39r.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjZYaHZCU0tFYk5McldIcTFLcHB2a1E9PSIsInZhbHVlIjoieUczamRrLzYrZENCcVZNUXR1bk1RZGVGU1V1dkIrb2dQZUhzRGF2MEtkLzRGQTI1QWJGY2llMGRTT3VZa3JYeWcyS21ReFlGeGZ0cm5NYk9sOFNEOHJjWWxIMW1XeS96d2ZodFpEa29zS2lmUkM1ckRTRk9IV0VBS0R6K045blYiLCJtYWMiOiJmMGEzYWNlMjg5NmQ0NWQzNjNjZTZjNjVlMDBhYjc4YTVmNDc1YWE1MWEyNDM1ZTdlZTliMDA2ZmU5ZWI5ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imtnd3prWURzME9KNmFXU01vQkw2OVE9PSIsInZhbHVlIjoiTUl0bHhndTlRN2UzNlFBdTBsdE15bUo5R1QvamtmSXJ1ZHJISzJ6d0RmUVcxTTN4SHpQZkFzTkl1TlJFU1ZySnBOMzd0YzZlSlZ2VU5vbE9iQ3hENVVGQ3NYR25QbzBTd0xVaVhzQUpwQ1dsTHBvWDVrQk14Lzc0V2ZleWF2UHQiLCJtYWMiOiJmZmQ3ZDBmNmJkMTk0YWVlZTFmYWM0ZTYxNjc1NWU4ZDA5MDI1N2FlMTMxMDJlY2EwNDllYzhiMmJhYmVkYmE1IiwidGFnIjoiIn0%3DSec-WebSocket-Key: tQkN5eRpdabnc76NFv/lNg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /185.152.66.230/json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: efe.q39r.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://efe.q39r.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjZYaHZCU0tFYk5McldIcTFLcHB2a1E9PSIsInZhbHVlIjoieUczamRrLzYrZENCcVZNUXR1bk1RZGVGU1V1dkIrb2dQZUhzRGF2MEtkLzRGQTI1QWJGY2llMGRTT3VZa3JYeWcyS21ReFlGeGZ0cm5NYk9sOFNEOHJjWWxIMW1XeS96d2ZodFpEa29zS2lmUkM1ckRTRk9IV0VBS0R6K045blYiLCJtYWMiOiJmMGEzYWNlMjg5NmQ0NWQzNjNjZTZjNjVlMDBhYjc4YTVmNDc1YWE1MWEyNDM1ZTdlZTliMDA2ZmU5ZWI5ZmJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imtnd3prWURzME9KNmFXU01vQkw2OVE9PSIsInZhbHVlIjoiTUl0bHhndTlRN2UzNlFBdTBsdE15bUo5R1QvamtmSXJ1ZHJISzJ6d0RmUVcxTTN4SHpQZkFzTkl1TlJFU1ZySnBOMzd0YzZlSlZ2VU5vbE9iQ3hENVVGQ3NYR25QbzBTd0xVaVhzQUpwQ1dsTHBvWDVrQk14Lzc0V2ZleWF2UHQiLCJtYWMiOiJmZmQ3ZDBmNmJkMTk0YWVlZTFmYWM0ZTYxNjc1NWU4ZDA5MDI1N2FlMTMxMDJlY2EwNDllYzhiMmJhYmVkYmE1IiwidGFnIjoiIn0%3DSec-WebSocket-Key: bdfzC/19kvk12b7+Vn2qKw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic DNS traffic detected: DNS query: web.lehighvalleychamber.org
Source: global traffic DNS traffic detected: DNS query: sanemedia.ca
Source: global traffic DNS traffic detected: DNS query: efe.q39r.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: ipapi.co
Source: unknown HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1173002416:1714059007:O_UCrCaeb8fNz4-lYcCa6LDflfcxd0RCynsCpjLLiq4/879faccbfe8fb06a/f892c8713b88792 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2629sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: f892c8713b88792sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 16:22:53 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 16:23:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ozS%2FD%2BlhebByb9jaBaCRWoAEncGPbHpc01bkEyWlR9QzWHR%2FB9s%2F%2F50q%2BwlKuLB0VLH2U6N5aT1m2TFYtnVn1eP3Skjt1q0M%2BCesyWR3U00ru6Y6S3N5kKqF3Fs%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: HITAge: 12358Server: cloudflareCF-RAY: 879facd2bd13134d-ATL
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 16:23:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S70y7M7sbBCjNfy%2Bh18yCp7ZP%2BnBLknkOkMCIUGJfhUSN0FD0YzzOHsKROjwT3NpyoHn3yO5UkIPHBxCm9vvLsb3c8whbL4LqAjyMrGuvyJmjdL90tqIENKySvrVTg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 879fad962c094566-ATL
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 16:23:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yOOtdBSOKx0sZypcN3StNOWiItbWD7Q8R10yGvQIv4EiHazNO6O6z3MkB7m3xEJlPfKnmejAFVF%2Bejz0uh7O2rL5qRf07Th%2B%2Fp7pvrk7rLMvWUtx7NR3ly13Z4UHnA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 879fada9abb444f6-ATL
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 16:24:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDQLz7RdfVLYq8Sp4uObxws6uuK%2FDpH9%2B4j5xh8V2xvz12OMeYg7XayxT%2FLwZRTQ6tAVkZJZ%2FtbPHQkjSBkIB%2Bd%2BRLOGetjc1QRnBZwb6XYz%2F1z7ZXSIORFGDlPCQQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 879faef5cd9753d5-ATL
Source: chromecache_94.1.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_94.1.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_94.1.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_94.1.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_94.1.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_94.1.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_94.1.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_94.1.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_94.1.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_94.1.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_94.1.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_94.1.dr String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_94.1.dr, chromecache_112.1.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_94.1.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_112.1.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49790 version: TLS 1.2
Source: classification engine Classification label: mal60.phis.win@18/87@36/16
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1972,i,5865964949357321470,7222999334076516600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1972,i,5865964949357321470,7222999334076516600,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431758 URL: https://web.lehighvalleycha... Startdate: 25/04/2024 Architecture: WINDOWS Score: 60 13 www.google.com 2->13 27 Antivirus / Scanner detection for submitted sample 2->27 29 Yara detected HtmlPhish10 2->29 31 HTML page contains suspicious base64 encoded javascript 2->31 7 chrome.exe 10 2->7         started        signatures3 process4 dnsIp5 15 192.168.2.17, 138, 443, 49348 unknown unknown 7->15 17 192.168.2.4 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 10 chrome.exe 7->10         started        process6 dnsIp7 21 sanemedia.ca 162.241.120.242, 443, 49703, 49704 UNIFIEDLAYER-AS-1US United States 10->21 23 www.google.com 142.250.9.104, 443, 49711, 49792 GOOGLEUS United States 10->23 25 13 other IPs or domains 10->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
108.156.152.114
 d2vgu95hoyrpkh.cloudfront.net United States
16509 AMAZON-02US false
3.221.38.252
 unknown United States
14618 AMAZON-AESUS false
142.250.9.104
 www.google.com United States
15169 GOOGLEUS false
172.67.218.12
 efe.q39r.com United States
13335 CLOUDFLARENETUS false
151.101.130.137
 code.jquery.com United States
54113 FASTLYUS false
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
64.233.177.103
 unknown United States
15169 GOOGLEUS false
104.18.247.141
 lehighvalleypacoc.weblinkconnect.com United States
13335 CLOUDFLARENETUS false
34.196.110.25
 httpbin.org United States
14618 AMAZON-AESUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
162.241.120.242
 sanemedia.ca United States
46606 UNIFIEDLAYER-AS-1US false
104.17.2.184
 unknown United States
13335 CLOUDFLARENETUS false
172.67.69.226
 ipapi.co United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.17
192.168.2.4

Contacted Domains

Name IP Active
ipapi.co 172.67.69.226 true
a.nel.cloudflare.com 35.190.80.1 true
code.jquery.com 151.101.130.137 true
d2vgu95hoyrpkh.cloudfront.net 108.156.152.114 true
lehighvalleypacoc.weblinkconnect.com 104.18.247.141 true
efe.q39r.com 172.67.218.12 true
challenges.cloudflare.com 104.17.3.184 true
www.google.com 142.250.9.104 true
sanemedia.ca 162.241.120.242 true
httpbin.org 34.196.110.25 true
web.lehighvalleychamber.org unknown unknown
cdn.socket.io unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://efe.q39r.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket false
  • Avira URL Cloud: safe
 unknown
https://efe.q39r.com/clKkFwlBHiHVSJ8Pe6bssjJAax4UIk5BlbqZlpC0mNq48 false
  • Avira URL Cloud: safe
 unknown
https://efe.q39r.com/efe/?xXmaria.wojciechowski@co.monmouth.nj.us false
  • Avira URL Cloud: safe
 unknown
https://efe.q39r.com/345AebFBkUb4itsJp2dEx9Nz1WrklGGnhP4AVwQmYV89110 false
  • Avira URL Cloud: safe
 unknown
https://efe.q39r.com/uvxA6m2pQcdHLo4WKfz3QsT75VfK9cbZD4b2TOjfhbMFDRNv8v45kfQyaKb32Svg5rtqF2tTrZgh254 false
  • Avira URL Cloud: safe
 unknown
https://code.jquery.com/jquery-3.6.0.min.js false
    		high
    https://efe.q39r.com/wxasWsJm1F7lSOv2iLafEmnGnUVfWsJLmbqt2Gkyab175 false
    • Avira URL Cloud: safe
    		 unknown
    https://efe.q39r.com/90XMoG7YJNQ48AE7R9RefBV2W3ZP0TRtab71 false
    • Avira URL Cloud: safe
    		 unknown
    https://efe.q39r.com/favicon.ico false
    • Avira URL Cloud: safe
    		 unknown
    https://efe.q39r.com/12YCk90LK56Se1ynKqr42 false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879faccbfe8fb06a/1714062180714/7a2eef3f3a2ffe6b8118994333b3f4d3ec1e526af4efd68e8961fa2dd086f191/MGHiH1uFJDsfTgO false
      		high
      https://efe.q39r.com/pq6n4pZVF34fr6WWmmuv39 false
      • Avira URL Cloud: safe
      		 unknown
      https://efe.q39r.com/opz2A7ILaAyWzSXkUtICNncurtvkgh8DhYFpMx2Oxlzsq9KrZPNl45140 false
      • Avira URL Cloud: safe
      		 unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1173002416:1714059007:O_UCrCaeb8fNz4-lYcCa6LDflfcxd0RCynsCpjLLiq4/879faccbfe8fb06a/f892c8713b88792 false
        		high
        https://efe.q39r.com/efIbTPq3F3E9M4tIsfj78N3gmAo2XLQkl100 false
        • Avira URL Cloud: safe
        		 unknown
        https://efe.q39r.com/ij50onkMRoXybYnI2RW73cdrhB5AKLQ1WQTq7e8mc2L3pvwh78164 false
        • Avira URL Cloud: safe
        		 unknown
        https://efe.q39r.com/uvZWUFt0UROOoXt5vmcKSao6QR2TqrxxiF9by3n8nEXUy2s5T34126 false
        • Avira URL Cloud: safe
        		 unknown
        https://efe.q39r.com/mn2YUCVnR8vQa9aF2S75S9IkijyLIGjmjHd6iKoP0ehtuyRPp90150 false
        • Avira URL Cloud: safe
        		 unknown
        https://www.google.com/recaptcha/api.js false
          		high
          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
            		high
            https://efe.q39r.com/56wgt99Sy67foh23sxX40uDyhst60 false
            • Avira URL Cloud: safe
            		 unknown
            https://a.nel.cloudflare.com/report/v4?s=4ozS%2FD%2BlhebByb9jaBaCRWoAEncGPbHpc01bkEyWlR9QzWHR%2FB9s%2F%2F50q%2BwlKuLB0VLH2U6N5aT1m2TFYtnVn1eP3Skjt1q0M%2BCesyWR3U00ru6Y6S3N5kKqF3Fs%2FQ%3D%3D false
              		high
              https://efe.q39r.com/ghZkYyc0mYIKciokhMyZ3rmnOyD3C9NSbJEMXI7KFs37Tbx9uncef210 false
              • Avira URL Cloud: safe
              		 unknown
              https://efe.q39r.com/opkZKWoBXgK4XlaBoarjPDswkBdr2NIUBC8D3VyslijyXn8FWJLDbkTI32Kpccd196 false
              • Avira URL Cloud: safe
              		 unknown
              https://sanemedia.ca/favicon.ico false
              • Avira URL Cloud: safe
              		 unknown
              https://efe.q39r.com/8571576472544462333778VmFvuqqgHOSOUIYLXDGJJKMTFCREDTXYXKXYYKGCLIZVNPFMHJGINBHVI?cbGXAgLMlUOzbXZpUQbIQpEphcjVBYMFBGIONZWCNGREHXQKOLNDMQG false
                		unknown
                https://efe.q39r.com/23Y1SlAfZUj5ab3gLTPxy70 false
                • Avira URL Cloud: safe
                		 unknown
                https://efe.q39r.com/ajNyX2SU9rhFeYXrhcFSd76xsstnihCYYJkPQp8lDwn8pe false
                • Avira URL Cloud: safe
                		 unknown
                https://ipapi.co/185.152.66.230/json/ false
                  		high
                  https://efe.q39r.com/wxW67qXyrj6Vx0Tfu5cRa39uRp3UsvPq5ft22uk0KSw6D3TMfkrP5uXt2IKdP788HXJHkiwXCVeDyNaZS41ShN0mtBkm7fjNwOySWbWl1KwtDzywab430 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw== false
                    		unknown
                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2uyjt/0x4AAAAAAAYIhGTHgfwrnf2u/auto/normal false
                      		high
                      https://efe.q39r.com/efe/ false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://efe.q39r.com/34fI8EabNdid6714 false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://httpbin.org/ip false
                        		high
                        https://efe.q39r.com/pqlrdvXLDxx8n6V4MJcB2ydokZwphsRQHgstygzowxnkE7IJ6fkdR23LED0BEqORerGVIm4SyEOoIaiiUvfdh4OuMUbyF2Lroiop420 false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://efe.q39r.com/efe/#Xmaria.wojciechowski@co.monmouth.nj.us true
                          		unknown
                          https://efe.q39r.com/abx86uorshef28 false
                          • Avira URL Cloud: safe
                          		 unknown
                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw== true
                            		unknown
                            https://cdn.socket.io/4.6.0/socket.io.min.js false
                              		high
                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879faccbfe8fb06a false
                                		high
                                https://efe.q39r.com/opDozZ86DfeH93KodasaV6JoKAz0XdnqsnPjlpZlIO7stX2Hqwxgyu5mt9zG3Ft9LdS3Ohi89ehtoHb0ef232 false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879faccbfe8fb06a/1714062180713/RjvXT6k7-qXYQHs false
                                  		high