Edit tour

Windows Analysis Report
VMail_39200330.svg

Overview

General Information

Sample name:	VMail_39200330.svg
Analysis ID:	1640967
MD5:	3a5b974454085bf4c58d0a50223e4816
SHA1:	257565da2a2c04502a549a621215864725df2a5b
SHA256:	217636b9631803bd7addf757c55cf77943243eae2d4ad800d6e4bf5af2841a06
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Found malware configuration

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish10

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 8028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,411843096288798292,9555603388791790738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1972 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VMail_39200330.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

Threatname: Tycoon2FA

{"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "TSqgga", "emailcheck": "ce6azz@dxzvthq.co", "webname": "rtrim(/web9/, '/')", "urlo": "/ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_123	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security

HTML

Source	Rule	Description	Author
2.12.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.5.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.5.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
2.9..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
3.14..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
3.14..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
3.19.d.script.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
2.4.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
3.15..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.4.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
3.15..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
3.21..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.4.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.4.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.3.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.5.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
3.8.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
3.7.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.4.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.3.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.5.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
3.8.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
3.7.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
3.8.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.3.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 22 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 3.19.d.script.csv

Malware Configuration Extractor: Tycoon2FA {"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "TSqgga", "emailcheck": "ce6azz@dxzvthq.co", "webname": "rtrim(/web9/, '/')", "urlo": "/ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7"}

Phishing

AI detected phishing page

Source: https://providentfundquery.in/vmail/	Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'providentfundquery.in' does not match the legitimate domain for Microsoft., The domain 'providentfundquery.in' does not have any obvious connection to Microsoft., The use of a generic domain name unrelated to Microsoft is suspicious., The presence of an input field asking for an email on a non-Microsoft domain increases the risk of phishing. DOM: 1.1.pages.csv
Source: https://providentfundquery.in/vmail/	Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'providentfundquery.in' does not match the legitimate domain for Microsoft., The domain 'providentfundquery.in' does not contain any recognizable association with Microsoft., The URL uses a generic term 'providentfundquery' which is unrelated to Microsoft, raising suspicion., The domain extension '.in' is not typically associated with Microsoft's global operations., The presence of an unrelated email domain 'dxzvthq.co' in the input fields further suggests phishing. DOM: 1.2.pages.csv
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'abc.lyraxw.es' does not match the legitimate domain for Microsoft., The URL uses an unusual domain extension '.es' which is not typically associated with Microsoft., The URL contains an unrelated string 'lyraxw', which is suspicious and indicative of phishing., The email domain 'dxzvthq.co' in the input fields does not match any known Microsoft domains. DOM: 3.7.pages.csv
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'abc.lyraxw.es' does not match the legitimate domain for Microsoft., The domain 'lyraxw.es' is not associated with Microsoft and appears suspicious., The use of a seemingly random subdomain 'abc' and the domain 'lyraxw.es' suggests potential phishing., The URL does not contain any recognizable Microsoft-related terms or subdomains. DOM: 3.8.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML

Yara detected Invisible JS

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 3.21..script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_123, type: DROPPED

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 3.19.d.script.csv, type: HTML
Source: Yara match	File source: 2.12.d.script.csv, type: HTML
Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 2.9..script.csv, type: HTML
Source: Yara match	File source: 3.14..script.csv, type: HTML
Source: Yara match	File source: 3.15..script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://providentfundquery.in/vmail/

Joe Sandbox AI: Page contains button: 'Listen to Voicemail' Source: '1.2.pages.csv'

AI detected suspicious Javascript

Source: 2.5.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking common keyboard shortcuts, disabling right-click context menus, and using a debugger trap to redirect the user to an unrelated website. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing the user from interacting with the page or redirecting them to a phishing site.
Source: 2.12.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including disabling common keyboard shortcuts, preventing right-click context menus, and using a debugger-based technique to detect and redirect the user to an external domain. These behaviors are highly suspicious and indicate potential malicious intent, likely to bypass security measures or engage in unwanted user interactions.
Source: 1.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://providentfundquery.in/vmail/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script decodes a URL and then redirects the user to that URL with the user's email address as a query parameter, which could be used for malicious purposes such as phishing or data collection. Additionally, the use of an encoded worker URL is a common technique used to hide the true destination of the redirect. Overall, this script demonstrates a high level of risk and should be thoroughly investigated.
Source: 2.11..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://abc.lyraxw.es/HX1rTg/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code, the presence of a debugger, and the attempt to override the context menu and keyboard events further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat.
Source: 2.3..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://abc.lyraxw.es/HX1rTg/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending user data to an untrusted domain, which poses a significant risk of data theft or other malicious activities. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 2.4.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution using `eval()` and potential data exfiltration. The obfuscated code and use of proxy objects further increase the risk. This script should be considered highly suspicious and potentially malicious.

Source: https://providentfundquery.in/vmail/	HTTP Parser: Number of links: 0
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Number of links: 0

Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://abc.lyraxw.es/HX1rTg/#Xce6azz@dxzvthq.co

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...

Source: https://providentfundquery.in/vmail/	HTTP Parser: Title: Voicemail Notification does not match URL
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Title: Secure Access To Account does not match URL

Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Invalid link: Terms of use
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Invalid link: Privacy & cookies
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Invalid link: Terms of use
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: Invalid link: Privacy & cookies

Source: https://abc.lyraxw.es/HX1rTg/	HTTP Parser: function ozvtadgbeg(){rivpjewqeo = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+t2zmawnlidm2nsbeb2n1bwvudgf0aw9upc90axrszt4kicagidxzdhlszt4kicagicagicbib2r5ihskicagicagicagicagzm9udc1myw1pbhk6iefyawfslcbzyw5zlxnlcmlmowogicagicagicagicbsaw5llwhlawdoddogms42owogicagicagicagicbtyxjnaw46idiwchg7ciagicagicagfqogicagicagiggxlcbomib7ciagicagicagicagignvbg9yoiajmky1ndk2owogicagicagih0kicagicagicb1bcb7ciagicagicagicagigxpc3qtc3r5bgutdhlwztogc3f1yxjlowogicagicagih0kicagicagicbhihskicagicagicagicagy29sb3i6icmwmdc4rdq7ciagicagicagicagihrlehqtzgvjb3jhdglvbjogbm9uztskicagicagicb9ciagicagicagytpob3zlcib7ciagicagicagicagihrlehqtzgvjb3jhdglvbjogdw5kzxjsaw5lowogicagicagih0kicagidwvc3r5bgu+cjwvagvhzd4kpgjvzhk+ciagica8ade+r2v0dgluzybtdgfydgvkihdpdgggt2zmawnlidm2ntwvade+ciagica8cd5pzmzpy2ugmzy1iglzigegy2xvdwqtymfzzwqgc3vpdgugb2ygchjvzhvjdgl2axr5ihrvb2xzigrlc2lnbmvki...
Source: anonymous function	HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "tsqgga";var emailcheck = "ce6azz@dxzvthq.co";var webname = "rtrim(/web9/, '/')";var urlo = "/ajjtao6wix5onvbznrozg467ijmtplstvbzf4nadq7h61axcb4rm4y7";var gdf = "/ijxqr0tgqzflzgejhmwxtxneuabhmof1pggxmnab120";var odf = "/gh7ztlktiliiyepqwpahwsfw4zezwxqzlguunkggycd643";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent.m...

Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/VMail_39200330.svg	HTTP Parser: No favicon
Source: https://providentfundquery.in/vmail/	HTTP Parser: No favicon
Source: https://providentfundquery.in/vmail/	HTTP Parser: No favicon
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No favicon
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No favicon

Source: https://providentfundquery.in/vmail/	HTTP Parser: No <meta name="author".. found
Source: https://providentfundquery.in/vmail/	HTTP Parser: No <meta name="author".. found
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No <meta name="author".. found
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No <meta name="author".. found

Source: https://providentfundquery.in/vmail/	HTTP Parser: No <meta name="copyright".. found
Source: https://providentfundquery.in/vmail/	HTTP Parser: No <meta name="copyright".. found
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No <meta name="copyright".. found
Source: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.92.235.25:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.92.235.25:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.15.59.240:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.15.59.240:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.58:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.58:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.220.176:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.220.176:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: dawn-dust-7616.kpapp.workers.dev to https://abc.lyraxw.es/hx1rtg/#xce6azz@dxzvthq.co

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 13.33.187.14 13.33.187.14
Source: Joe Sandbox View	IP Address: 104.26.1.100 104.26.1.100

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 184.86.251.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.2
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.2
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vmail HTTP/1.1Host: providentfundquery.inConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vmail/ HTTP/1.1Host: providentfundquery.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://providentfundquery.in/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: providentfundquery.inConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://providentfundquery.in/vmail/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?email=ce6azz%40dxzvthq.co HTTP/1.1Host: dawn-dust-7616.kpapp.workers.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://providentfundquery.in/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /HX1rTg/ HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://providentfundquery.in/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /HX1rTg/ HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://providentfundquery.in/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImNJdW1OcWE4UVlXR3BoN1dOOUZONGc9PSIsInZhbHVlIjoiTzh4LzB5M3dBNkNGdlRjeVhSb1NzeVgxY1JmU0t1amtIUUhIQ1lQM0xob1lCdjA1aVE3dE5QNEpLUW1sV0FBbjY5QWptUnprUnJkMWZzbW9XbldCSElTR0lMU2RJYTc5bHNvWHRmK2szZE81eGc4azByMWJONDB5eURHMExQSXIiLCJtYWMiOiI4NTU2YTdhNzMxNmM2NDM4Yzk5NjllZTAzMTc2Mzg5YTQwNzFhZTkyMjJkNTRhN2JlYzk4OTcxNjI1NGRlMmM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJPa211bFlxL0FGeTY5OEdpUFJVcnc9PSIsInZhbHVlIjoiQWtKZGNyb2UzV3VoTVJVQ3diN0FJbGFMUWVGVmdXQmRWMndsVEE2WWtXWTVYS1Z0eXhKa1E0UnFocWZsYmJJWWR6U3FteWsrTlZWU1dQdFZKblJQeWdwelpLd1VTK1BjNUNyMkhMNGJ4TStObWNpOXh5WXh6RnZXNWxmUXFwRTkiLCJtYWMiOiJjYWE4NGRiNGJhN2ZmNmMwNzkxMjQwNzhkYWRkZGNjM2FkNjdmZTYxMWFjYWQ2Nzc0ODJjMTI1NWE2YzYyNmMyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=EQVQ6zEm.5nbnDD5ZBV1.eOUFMUj1mqbBvhAv1CIcwA-1742249498-1.0.1.1-TwuNIYql_C5XaauB1ZUTFrQBzcXSBPWHnq8MrtEo5dB3KML8mJFcGYuilTLwpulDPFZrAnQJHmzHOzw9KMACb3I7JNWTe74b17YLT_FTGvU
Source: global traffic	HTTP traffic detected: GET /bhanchod$4uyqregl HTTP/1.1Host: pb7t0b.jnfemo.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://abc.lyraxw.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bhanchod$4uyqregl HTTP/1.1Host: pb7t0b.jnfemo.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /HX1rTg/ HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://abc.lyraxw.es/HX1rTg/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImNhdkREZFpxR1lzOUh3NGZRV0RNMXc9PSIsInZhbHVlIjoiV1BCaCtVd2p2MkJIbk40UkV2dnhMSTBHYnhsOVFtZkl4RXlqMXVqOFpGeHI2K2lpb1BNWHpJTDdXemVFNkk3RGVuUXRYS2FxVEdCWXBzZmVyUXVXbXpQRVB6L09raERIYzVpMS9NV3BlUUE4TUlEQVFSZVNqVGhFU3kzbnFQbnkiLCJtYWMiOiI4YWNmMDkxNDIxYzVkNmNjY2JkZGI2MGQ5Zjk3ZGNhODZjNDZhYTM2MmZhMmZlYTg1ZTE5ZDYyOTBjNWRjOThlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imgvbko4WDZOQVFqTEhjV2RsejIrOUE9PSIsInZhbHVlIjoiNFEvc1piRUhjKzE5ZThkM003NzdKZzczTnFBSUhuTnQ3ZytMK0tBS2FZbFZ6SmhDKy8rSENXbTQ4VTdsWkFNdzFUY0ZXQlE4Uk1YOHhlTkRZZnIyWHoyS2lhNXFaZ0FMYkVnbTkvdGhhUmRseGlOMFhNU0p1ODBaM1FzZ0h1N1AiLCJtYWMiOiJjYmYzZmZmMjBkYmM3NWE5ZjM3NWI4Mjk1YzJiNTg3NWNmN2RiNzQyZTY5YWUzOWRlMjYwYjI3ZDZhNjdjOTgwIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /glBytjKUIFd02UrOLpXRLqo HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImNhdkREZFpxR1lzOUh3NGZRV0RNMXc9PSIsInZhbHVlIjoiV1BCaCtVd2p2MkJIbk40UkV2dnhMSTBHYnhsOVFtZkl4RXlqMXVqOFpGeHI2K2lpb1BNWHpJTDdXemVFNkk3RGVuUXRYS2FxVEdCWXBzZmVyUXVXbXpQRVB6L09raERIYzVpMS9NV3BlUUE4TUlEQVFSZVNqVGhFU3kzbnFQbnkiLCJtYWMiOiI4YWNmMDkxNDIxYzVkNmNjY2JkZGI2MGQ5Zjk3ZGNhODZjNDZhYTM2MmZhMmZlYTg1ZTE5ZDYyOTBjNWRjOThlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Imgvbko4WDZOQVFqTEhjV2RsejIrOUE9PSIsInZhbHVlIjoiNFEvc1piRUhjKzE5ZThkM003NzdKZzczTnFBSUhuTnQ3ZytMK0tBS2FZbFZ6SmhDKy8rSENXbTQ4VTdsWkFNdzFUY0ZXQlE4Uk1YOHhlTkRZZnIyWHoyS2lhNXFaZ0FMYkVnbTkvdGhhUmRseGlOMFhNU0p1ODBaM1FzZ0h1N1AiLCJtYWMiOiJjYmYzZmZmMjBkYmM3NWE5ZjM3NWI4Mjk1YzJiNTg3NWNmN2RiNzQyZTY5YWUzOWRlMjYwYjI3ZDZhNjdjOTgwIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/HX1rTg/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImhMOXRET0ZDdEJtZytaM3h0Z3hlWXc9PSIsInZhbHVlIjoiaEZDTkVOTWJaS3dWUy9RdWtnQllLZVF3K1R2WlVMZ1p5MW0yOW5meEM5OU9jU1U1YzNrMzdaSEp1ZDl6QjFmOHcvV2xnc2doTERXS2ZlRDVjbHpTc01rMHl5ZTNQNjZ4RWM4S1FjWEdjUjlSUllGcE5WUk1GaDlKbVFFRzlOUE4iLCJtYWMiOiJkZmY3YWE2NmYzOTQ1MjE1Yzc3ZGY3YzcxMDU0OTY0Y2UwNTJjZTk0ZGYzMGI0NGQ5YmY4ZmYxOGZiOGE3ZDgwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilo1aUU3cTFnNUpWTDNZek9od0dpd3c9PSIsInZhbHVlIjoiS1FNVVQ3bzFPYWFWZFRTOXI1UE8xL0NENzZkNXZzZTAvR3ErVkJPMFppTlFoTi9oRldkWWJYZWxsK0J3Wks1YU9KeEtFTUlHazNUUGJCYWRwTXhsTHZLL0RCQmJhd2ZhSVhHYWthSjBKM2p5UFFldFVpcXFMeHFSczVFTlN6YXEiLCJtYWMiOiI4YTU2ZWZmMThiMTBjZGNjYzZkYTZmNmE3YzVlZThlZjg4ZmE1MzViNzdkNDdkOGQ2ZmNiNzczOWFhOWYwYjk2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /kfAVOnbCDOBJsIbpoSXWLv0fluppYIKFpulqbrGKTCRx378hottrq0jy HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkdnY09NcFMzZjh1QkdsdCtDNlpvUkE9PSIsInZhbHVlIjoicVFHUWZ6bXRSQmFrc3hRVWZzdG0vU1hwUFVNRW5uMytLMFdLc05nMzZ1ektyekNoejRLbVc1RU5OZ0tPdll3NFNuMUxYdE9hd25MdGc5RzZDNFRIR2Npdm84WUw2YUpQWnRNOFo0V0RLOGFVd3EyZ3RibEh1NmZ0V2hQa1pSKzgiLCJtYWMiOiI2NDE4ZmU3MWFmNTgwNTI2MDQ3NDhmYzQ2ZTgwOTAwZWNiODYwYjc5ZTU2MWNlMjVhMzg3ZDdlOTBiMTZkYzM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InNkT2x1M0RoakRZMCtMUTk3M0xSNWc9PSIsInZhbHVlIjoiOFVhdHNCdGdWYlliZHNDVFZTbk9mYzJwcUw3UmwrT2crNFZEbmYrZUNrZmZ2ZFI0dmJQdEZhbEJxYXFWemVlSTJIY1N1aHdQVnh3bkprMzZudjMxRWwvRU9jUkowR0cxWTlrZmtBbm5Geml5OVExZ1NKQlpEajRVRXdxRS9xYkUiLCJtYWMiOiJiZGFkZGNiMGEwYjlhY2E4ZTA4ZmM1ZWRhYTM4ZGRlNDYwYzhmOTVhY2QxZDM3ZjIxZjRhOTk1YjdlMGExOTA0IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMH HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://abc.lyraxw.es/HX1rTg/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkdnY09NcFMzZjh1QkdsdCtDNlpvUkE9PSIsInZhbHVlIjoicVFHUWZ6bXRSQmFrc3hRVWZzdG0vU1hwUFVNRW5uMytLMFdLc05nMzZ1ektyekNoejRLbVc1RU5OZ0tPdll3NFNuMUxYdE9hd25MdGc5RzZDNFRIR2Npdm84WUw2YUpQWnRNOFo0V0RLOGFVd3EyZ3RibEh1NmZ0V2hQa1pSKzgiLCJtYWMiOiI2NDE4ZmU3MWFmNTgwNTI2MDQ3NDhmYzQ2ZTgwOTAwZWNiODYwYjc5ZTU2MWNlMjVhMzg3ZDdlOTBiMTZkYzM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InNkT2x1M0RoakRZMCtMUTk3M0xSNWc9PSIsInZhbHVlIjoiOFVhdHNCdGdWYlliZHNDVFZTbk9mYzJwcUw3UmwrT2crNFZEbmYrZUNrZmZ2ZFI0dmJQdEZhbEJxYXFWemVlSTJIY1N1aHdQVnh3bkprMzZudjMxRWwvRU9jUkowR0cxWTlrZmtBbm5Geml5OVExZ1NKQlpEajRVRXdxRS9xYkUiLCJtYWMiOiJiZGFkZGNiMGEwYjlhY2E4ZTA4ZmM1ZWRhYTM4ZGRlNDYwYzhmOTVhY2QxZDM3ZjIxZjRhOTk1YjdlMGExOTA0IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /56sBd2wacdImcQvY8914 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /abtGFSFdrsecd30 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250317%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250317T221038Z&X-Amz-Expires=300&X-Amz-Signature=5037b9df5fdbe8af77d0b9aab7afedd840381dccd8dfeb6ba76cac84adf0e38e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /34C7V2eBuqSuT957ghm7Ry8Vg2Gs89110 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveOrigin: https://abc.lyraxw.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijWWLDoCvTuJ44YEia1IBKMedjsDXwWtKcXBKxZktSxItF89dEWcOT1enMOcUvvj6675q516tMvwyz224 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mn9u9NZ6Felt7yEip0cFn6xwU8gUwijZP89BUtiYsxUKm1Vj0rK3Twx220 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wx3AdDnumR1SJPrIXuqrAlc1Jb57I0zYo34124 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opWvCCAu7xUYPr7WbScGZJUSefbrtaCJjMgkfF4NxP9Oh45139 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wx3AdDnumR1SJPrIXuqrAlc1Jb57I0zYo34124 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mn9u9NZ6Felt7yEip0cFn6xwU8gUwijZP89BUtiYsxUKm1Vj0rK3Twx220 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnVedtOixL38C0BJgkDMR9Zcc6T8uvYDaAtVGM7H3Hzsxk78148 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijWWLDoCvTuJ44YEia1IBKMedjsDXwWtKcXBKxZktSxItF89dEWcOT1enMOcUvvj6675q516tMvwyz224 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ilh5WGhjM25QN1o3aEpwaDZVV25lZkE9PSIsInZhbHVlIjoiT0Fmd1NqYThnTVdzKzZlczd1aWNMdCtFU2JxeUhoTTFKSXBMYmpYZ1hEd1Z3am9kaEpKU25qZVIwRm9sZVpWMGxEKzNDQ0huUWl5Ui9nNjBIWlVNQWNaNmdpUWZla1V2T29YN2puczNYSEFPRFZrcDZ4TnF1TXpDTTlYWWlMcWwiLCJtYWMiOiIzODBlNzIxOGQxZGZhNjllMWI1Y2I5OGY3OWQxNDFmMWYyM2JkN2Y4MWI0YzQwM2U0NTczY2Y4M2VjYzI5OGI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijg2TU5Keko1QVJUS3pIWVVvMll0MlE9PSIsInZhbHVlIjoidmxndnBOMlNiVTIxaGVtWTVyTXFYVWhWTGxyYTdsbWJwY1pVbnlPazgySnNacEZuNkdSSHp5UGJLalNiSW9aV1hwZ3hiKzIwaC94QnJOeVFIekxYZlM1UC8rYTROTzJKM0FqYjlJYmg3K2tuaVVuMlkrUmVqYWtDUGluV3k1T3oiLCJtYWMiOiJhMzMzMjBhMDdmYzgzMTM0YTBmMGI1NzRlMTc3NDkzMzAzZmNhNDk4ZTU1OWRmZGY5OTE1MTdiYzY5NWUwYjYzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijBaFXznSRZpB4rxWfYzXd4UXITsz20T7km6cMcd5LcjyGcbr2O7E1Yh78170 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yz9nJ96mWPUqO6569NQJB0Iyka1bclYFfgrsFPonTi9mJHOHEJawYZsI3b5RB90178 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsqrVzJ7QK65jRHLycjIYghj33nYSEsxUcPMwlKOLP8XVH4MDzef200 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opWvCCAu7xUYPr7WbScGZJUSefbrtaCJjMgkfF4NxP9Oh45139 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ijW78iIiuhQnn0hD6UAXP8rijvjumg5JcYu3qTVfxyWNgT2xJBXSqwmsDk12210 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrREBqPeNoelpv49Od09z906k7WJcuvJwJCmk7DVVdKeFXpaUSfnzOlCcd240 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stiRdjwTAfcfqX13ewSylqUppklsJ6WztZmnEnkMlJskW0aEtfb5u50hjkAeWfsztjqwa6Dgh260 HTTP/1.1Host: abc.lyraxw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://abc.lyraxw.es/EDDLEAYLUCAVPFWYREJUVOODWCFOKf4h3d3itoesnyibz7kg1p4?MPVRWMLSKAIKYAZQBISUNMHAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yz9nJ96mWPUqO6569NQJB0Iyka1bclYFfgrsFPonTi9mJHOHEJawYZsI3b5RB90178 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijBaFXznSRZpB4rxWfYzXd4UXITsz20T7km6cMcd5LcjyGcbr2O7E1Yh78170 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnVedtOixL38C0BJgkDMR9Zcc6T8uvYDaAtVGM7H3Hzsxk78148 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsqrVzJ7QK65jRHLycjIYghj33nYSEsxUcPMwlKOLP8XVH4MDzef200 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ijW78iIiuhQnn0hD6UAXP8rijvjumg5JcYu3qTVfxyWNgT2xJBXSqwmsDk12210 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrREBqPeNoelpv49Od09z906k7WJcuvJwJCmk7DVVdKeFXpaUSfnzOlCcd240 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stiRdjwTAfcfqX13ewSylqUppklsJ6WztZmnEnkMlJskW0aEtfb5u50hjkAeWfsztjqwa6Dgh260 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImFub3hEVk91WFZ1bVdQVkVwQVhPM2c9PSIsInZhbHVlIjoiK1Z3dHMrbTVaQVZaNmR2ejh2K0J6MUpVOEIvZHU1MFA0OHJyWFc1bDIwcnBQSG9GRGVDdkpIeDNxZXUyeElSTXR2NCtLcHhWY25BMFY5ZjI4QTJvT1JCOEJJczB5MFptTVRqdmJtaUZiYkt2cFIvb2MzemZ1czYvNnJQZzcrSlQiLCJtYWMiOiJlODMyNWU5MDcxYmIwNzljMzdlYjVjODQ2ZjY3ODk3NWU0ODVmNmIxYjAyYTQ2NDNlMjEwMzBlMjIxMGI4YzQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9ic2RkQnc4Snl5ZzRQVTNKY3Nzemc9PSIsInZhbHVlIjoiTksrcHZzOExUbUc3eU9RQkw5REFxSkxsSS9QM2tseWpBSzZKT0E3ZVEzREhYREswb2wycmYyZHpwUE84ZEZMRmdiY3R1dU41WE9BQ05pYmFjdzN3bi9GZEl5REVQR3FNUFZQbXRwRENlOThOVVF0ekZRc3BiUGhsbjhUNUNLdXoiLCJtYWMiOiJjMTE2MTM0NTVjNGIzZTI3OTAzOTNkMDllOTgyZGZkZWEzMDU3MGU4MmRhMjMwYjQwMTdjMTMyYjg4NGExYmJhIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://abc.lyraxw.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://abc.lyraxw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpqeunK3xgHPu34dpmimwx33 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7 HTTP/1.1Host: abc.lyraxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImVnTDNPWjM3QStsUDU3cDBocWNMTGc9PSIsInZhbHVlIjoib0lndE1tdDN5U1VZVVVScXI4aXpUcURPcDBFT2ZrNFBVY3dHRktiSWRVL0c4UEJQbDB3ZW5FcFRKeGRCbFFDRWtoOGwyTDVESXhEYXEzNFJyNTRDUy9laFoxeHloajNXTUMzajRjdnZzRitOZjNGU3hobVg3eG5POFBEUXlUT3kiLCJtYWMiOiIxN2NiNTY0NWNkMzhkNDM3N2JjZDM5YmJjYzQ0NzgwZTA2MTcxZmNiNjc3ZDc2NDBkMWJhYTdmMGE4NGMwYTQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InJlR1prNzZqcXpkcVlGbmYwVDNxUkE9PSIsInZhbHVlIjoiRnd2VFdCbUhQdC9PSnpPUTZnMHdUc2VjUHk5T3lPSVFGcVZscnZ4SDNXWVM1RDhLOE5yNjVmbVpKNXNNZ3VBanM0RXh4c0FUYTNVU1c0NTNlUUovRHdpNVA0L3NhSFJaTGR3bDQ1clhSb3ovTlc1bDlRbFNWcTV5eHJkZU9CYlIiLCJtYWMiOiJlMmNmMTAyZTdjNTRlMjJhNzU3Mzk2ZWJiZDE4OGZmZjdkZGQwZjA1MGUxYzc5ZmNiMTY3ZTk4NjUyYWU3NzA5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsmwMyx3FgeT34QTOgwx38 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsq0ok40NGZ34PKfeom9uv38 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrs6UEPLqURRIba3gyzUolauv31 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsK5uuBVO0sNLyGyzowUuv35 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsacEon9vYb0AY12RFuv40 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpquQcWqb4344q30c2uv40 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsuIc7gwm84Tln1iFPd12QJTwx40 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsVAOY0KR4bN34t5uv40 HTTP/1.1Host: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: providentfundquery.in
Source: global traffic	DNS traffic detected: DNS query: upload.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: dawn-dust-7616.kpapp.workers.dev
Source: global traffic	DNS traffic detected: DNS query: abc.lyraxw.es
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: pb7t0b.jnfemo.ru
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: get.geojs.io
Source: global traffic	DNS traffic detected: DNS query: t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es

Source: unknown

HTTP traffic detected: POST /report/v4?s=VvPCnh2rp8aGjM9swHgIa1LAYJwV7Oal7Uee%2B7q2N6kdISS2vaEp8Po4%2FAfUvJsBXa94ZrtyvXGCNaKo%2FBeTFnYamSMvoag65vZtY3kbEJd4Gp9MwyxzIPNdVvx0rRCkXl2Z HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 458Content-Type: application/reports+jsonOrigin: https://abc.lyraxw.esUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 22:11:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUP0zyfjD6BXLyvFVbZUjAXdDTfaceJOwD4D6w79GR2BtdCfubvL5Hx7ZWyCxbJJJ39jMfVWsxmuhi5kR%2Fc0Wu5TPftwgjzM01XijIE3vIn8tBz8TrwvXGCXF6%2BFadYDX0sY"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1598&min_rtt=1588&rtt_var=464&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2035&delivery_rate=1773423&cwnd=251&unsent_bytes=0&cid=21baf905533b76d4&ts=115&x=0"Server: cloudflareCF-RAY: 921fd4026ebd4308-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1726&rtt_var=666&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1695&delivery_rate=1621321&cwnd=217&unsent_bytes=0&cid=6adc2519bcc03b52&ts=420&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 22:11:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HND%2BO3o3t4P4y%2FfmUzNn9O32xgsgXfXCbXbD1nzJ7XVBekGH9F1GNlioYJH5W%2FlacXZc75bW7%2FFXLaV7OZaz05mdyc7qyQFMGrO8kqlPco7%2F6v7jyVXV7DSJnKM9Tj1bVFsz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1633&rtt_var=585&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2230&delivery_rate=1722784&cwnd=251&unsent_bytes=0&cid=87fea849fa2bf927&ts=125&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 921fd40879405ed0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1702&min_rtt=1682&rtt_var=671&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1891&delivery_rate=1583514&cwnd=130&unsent_bytes=0&cid=3285359aef89306b&ts=444&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 22:11:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y9OgSStjDfz615p4WEQYKFdqxCJLbq1NkzZyk6i7eT%2FM474EOspDf1feA%2BQJyBo8%2F6sYowYErJMcUJuuzIIdlW%2FVQ2OyArtk2jQ0CC9coDqRoHF2YbO%2BZ1HIB0oUjzaJHLMi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1138&min_rtt=1129&rtt_var=327&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2067&delivery_rate=2492254&cwnd=251&unsent_bytes=0&cid=5563a55b08f35127&ts=116&x=0"Server: cloudflareCF-RAY: 921fd40bcdd8c356-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=1567&rtt_var=593&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1728&delivery_rate=1838790&cwnd=163&unsent_bytes=0&cid=949cfaecc6f1ac8f&ts=422&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 22:11:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k84NlDOMhSgzT86HwzmUEs%2BLnbMpXPSCPmDpiZUhOAYQoBWyoE3SM%2BXdJHev9AdLftN0lkAiM0nha1hmbK9gBsSfOAfdvpHIUSZwcPqAVhu44qqIY1ofp6TpfYoUFR7SB9yc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=5099&min_rtt=4657&rtt_var=1688&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2065&delivery_rate=615123&cwnd=251&unsent_bytes=0&cid=1a48dd45bd31fe0d&ts=87&x=0"Server: cloudflareCF-RAY: 921fd422f9150c8e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1733&min_rtt=1554&rtt_var=711&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1727&delivery_rate=1879021&cwnd=171&unsent_bytes=0&cid=fbeef6f7d1a7f3ac&ts=411&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 22:12:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G3U4rf%2BvdnzkzbEwSf4lacg9Skj0KAJ%2FA61UaVRalGq3fwxNwD0HYGbY3aDoPMbogcXNeug5BdiNYwkFE%2F9wmWEVCdCcVPM6uYMOguL%2FXO0RIB8pDWZK3ddutC1ep0tw3WqY"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1107&min_rtt=1099&rtt_var=325&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2066&delivery_rate=2520452&cwnd=251&unsent_bytes=0&cid=8b6dc158dfffab42&ts=122&x=0"Server: cloudflareCF-RAY: 921fd47cbc93422d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1573&rtt_var=612&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1727&delivery_rate=1754807&cwnd=214&unsent_bytes=0&cid=f303c61b7e0f1a67&ts=432&x=0"

Source: chromecache_111.2.dr	String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_111.2.dr	String found in binary or memory: https://github.com/fent)
Source: VMail_39200330.svg	String found in binary or memory: https://providentfundquery.in/vmail
Source: chromecache_87.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg
Source: chromecache_100.2.dr	String found in binary or memory: https://www.walmart.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.92.235.25:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.92.235.25:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.15.59.240:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.15.59.240:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.58:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.58:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.220.176:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.220.176:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir8028_1757592397

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8028_1757592397

Jump to behavior

Source: classification engine

Classification label: mal100.phis.evad.winSVG@25/85@48/20

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,411843096288798292,9555603388791790738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1972 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\VMail_39200330.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,411843096288798292,9555603388791790738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1972 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 3.14..script.csv, type: HTML
Source: Yara match	File source: 3.15..script.csv, type: HTML
Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
VMail_39200330.svg	0%	Virustotal		Browse

Source	Detection	Scanner	Label
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsVAOY0KR4bN34t5uv40	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/rsqrVzJ7QK65jRHLycjIYghj33nYSEsxUcPMwlKOLP8XVH4MDzef200	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/ijWWLDoCvTuJ44YEia1IBKMedjsDXwWtKcXBKxZktSxItF89dEWcOT1enMOcUvvj6675q516tMvwyz224	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/stiRdjwTAfcfqX13ewSylqUppklsJ6WztZmnEnkMlJskW0aEtfb5u50hjkAeWfsztjqwa6Dgh260	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/56sBd2wacdImcQvY8914	0%	Avira URL Cloud	safe
https://pb7t0b.jnfemo.ru/bhanchod$4uyqregl	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/abtGFSFdrsecd30	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsq0ok40NGZ34PKfeom9uv38	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/glBytjKUIFd02UrOLpXRLqo	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/mnVedtOixL38C0BJgkDMR9Zcc6T8uvYDaAtVGM7H3Hzsxk78148	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/VMail_39200330.svg	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-regular.woff2	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-vf.woff2	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/favicon.ico	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsK5uuBVO0sNLyGyzowUuv35	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsuIc7gwm84Tln1iFPd12QJTwx40	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsmwMyx3FgeT34QTOgwx38	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrs6UEPLqURRIba3gyzUolauv31	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/mn9u9NZ6Felt7yEip0cFn6xwU8gUwijZP89BUtiYsxUKm1Vj0rK3Twx220	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-bold.woff	0%	Avira URL Cloud	safe
https://providentfundquery.in/vmail	0%	Avira URL Cloud	safe
https://dawn-dust-7616.kpapp.workers.dev/?email=ce6azz%40dxzvthq.co	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpquQcWqb4344q30c2uv40	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/HX1rTg/	0%	Avira URL Cloud	safe
https://providentfundquery.in/favicon.ico	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-bold.woff2	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/kfAVOnbCDOBJsIbpoSXWLv0fluppYIKFpulqbrGKTCRx378hottrq0jy	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/yz9nJ96mWPUqO6569NQJB0Iyka1bclYFfgrsFPonTi9mJHOHEJawYZsI3b5RB90178	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-regular.woff	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrs2jB9kfsda6CqQyz1yHRwx40	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/wx3AdDnumR1SJPrIXuqrAlc1Jb57I0zYo34124	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFrsacEon9vYb0AY12RFuv40	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/34C7V2eBuqSuT957ghm7Ry8Vg2Gs89110	0%	Avira URL Cloud	safe
https://t4e6yt0fqnq1spaecdwkrsj1djrgbqw0guy0pbiqepctmd4lwsrd.koaxw.es/NoPmujdULrkQCeYeYsQSHCDZBJJTBZZLCYAJUUNQMLVINJQNBHNVHRQJUHMPNBQQNQUXQZABEJUPKLMFpqeunK3xgHPu34dpmimwx33	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/GDSherpa-vf2.woff2	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/ijBaFXznSRZpB4rxWfYzXd4UXITsz20T7km6cMcd5LcjyGcbr2O7E1Yh78170	0%	Avira URL Cloud	safe
https://abc.lyraxw.es/ajjTaO6WIX5onvbznROzG467IJMTplstVbZF4nADQ7h61aXCb4RM4y7	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dawn-dust-7616.kpapp.workers.dev	172.67.177.58	true	false	unknown
abc.lyraxw.es	104.21.80.1	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
developers.cloudflare.com	104.16.4.189

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
VMail_39200330.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tycoon2FA

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report VMail_39200330.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tycoon2FA

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Windows Analysis Report
VMail_39200330.svg