Edit tour

Windows Analysis Report
https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC

Overview

General Information

Sample URL:	https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC
Analysis ID:	1441887
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Detected suspicious crossdomain redirect

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.8.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

LLM: Score: 8 brands: Microsoft Reasons: The URL 'https://auth-signon.com' does not match the legitimate domain for Microsoft services, which typically use 'microsoft.com', 'live.com', or similar Microsoft-owned domains. The use of a misleading domain name that sounds official but is unrelated to Microsoft is a common tactic in phishing to deceive users. The webpage visually mimics a legitimate Microsoft Outlook login page, which is a social engineering technique designed to trick users into providing sensitive information. DOM: 4.8.pages.csv

Phishing site detected (based on favicon image match)

Source: https://auth-signon.com	Matcher: Template: microsoft matched with high similarity
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTTP Parser: Number of links: 0

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://login.live.com/	HTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://login.live.com/ppsecure/post.srf?contextid=DFB08B3ACF125A61&opid=7818FCDDCB07054A&bk=1715768986&uaid=995218afb6f343f1bc96cce1af797a6e&pid=0	HTTP Parser: Title: Sign in to your Microsoft account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://devbook.net/cloudflare/	HTTP Parser: No favicon
Source: https://devbook.net/cloudflare/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC	HTTP Parser: No favicon
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No favicon
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/ppsecure/post.srf?contextid=DFB08B3ACF125A61&opid=7818FCDDCB07054A&bk=1715768986&uaid=995218afb6f343f1bc96cce1af797a6e&pid=0	HTTP Parser: No <meta name="author".. found

Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/ppsecure/post.srf?contextid=DFB08B3ACF125A61&opid=7818FCDDCB07054A&bk=1715768986&uaid=995218afb6f343f1bc96cce1af797a6e&pid=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49782 version: TLS 1.2

Networking

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: api-internal.weblinkconnect.com to https://devbook.net/cloudflare
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: devbook.net to https://docusign-auth.com/?fyimjfzx
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: docusign-auth.com to https://auth-signon.com?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl2f1dggtc2lnbm9ulmnvbsisimrvbwfpbii6imf1dggtc2lnbm9ulmnvbsisimtlesi6ilbwbhzgddvjywtdncisinfyyyi6bnvsbcwiawf0ijoxnze1nzy4otq2lcjlehaioje3mtu3njkwnjz9.nnsghqsg_2nbauwg_kmi0uto9267vpcrwl3qgtyyjnq
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: auth-signon.com to https://login.live.com

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.28.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC HTTP/1.1Host: api-internal.weblinkconnect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloudflare HTTP/1.1Host: devbook.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloudflare/ HTTP/1.1Host: devbook.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1Host: devbook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://devbook.net/cloudflare/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: devbook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://devbook.net/cloudflare/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: devbook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js HTTP/1.1Host: devbook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/1b3559406bc8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: devbook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1Host: devbook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=884271607aa96c88 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1Host: devbook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/884271607aa96c88/1715768925700/2b4abb7dfe105cce433a6a6a12536fdcd8f761acca8889db61e5e61d15fa7710/RjjDHre3dg8-STn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/884271607aa96c88/1715768925702/yY6ExGikJ7c6Dn2 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/884271607aa96c88/1715768925702/yY6ExGikJ7c6Dn2 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gKOO7F6MB1sWXxb&MD=pOnmsKRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?fyimjfzx HTTP/1.1Host: docusign-auth.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2F1dGgtc2lnbm9uLmNvbSIsImRvbWFpbiI6ImF1dGgtc2lnbm9uLmNvbSIsImtleSI6IlBWbHZGdDVjYWtDNCIsInFyYyI6bnVsbCwiaWF0IjoxNzE1NzY4OTQ2LCJleHAiOjE3MTU3NjkwNjZ9.nNSgHQSG_2NbAUWg_kMi0uto9267VPcrwl3qgtyYjNQ HTTP/1.1Host: auth-signon.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: auth-signon.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: auth-signon.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk
Source: global traffic	HTTP traffic detected: GET /?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC HTTP/1.1Host: auth-signon.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://devbook.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NCAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; fpc=AlrpU4jK5apPocsVmrpixSc; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8PyMzybaclfwVAj9kacmQy42SGq57BI4R7UBeFNGU3zgtnN7bY-o3h-313iaMu08jWFc8T5NTd1S6ABLi9OscscnJnsDEbpit6OvCiCpjkwdTw_3LtDj7O46xjSi7sEqyQLWP7Em2IJgBY0NQCpjEMSQoiQkW5GuA9NJIuPasJ0YgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=true HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NCAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; fpc=AlrpU4jK5apPocsVmrpixSc; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8PyMzybaclfwVAj9kacmQy42SGq57BI4R7UBeFNGU3zgtnN7bY-o3h-313iaMu08jWFc8T5NTd1S6ABLi9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NCAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; fpc=AlrpU4jK5apPocsVmrpixSc; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8PyMzybaclfwVAj9kacmQy42SGq57BI4R7UBeFNGU3zgtnN7bY-o3h-313iaMu08jWFc8T5NTd1S6ABLi9OscscnJnsDEbpit6OvCiCpjkwdTw_3LtDj7O46xjSi7sEqyQLWP7Em2IJgBY0NQCpjEMSQoiQkW5GuA9NJIuPasJ0YgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://auth-signon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gKOO7F6MB1sWXxb&MD=pOnmsKRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: auth-signon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NjVmNGQ4MjEtMmI0OC01NTc2LTFkNTctYTViNTY4ZDFhYjNkJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxMzY1NzQ4ODgyNTUxOC4yOWY3MmRlNy0zMDI5LTQ3ZjUtODU0MS0yMDNiMzdjY2ZmNDAmc3RhdGU9RGNzN0ZvQXdDQURCUkpfSHdSQS1RbzZqVVZwTHJ5X0ZiTGUxbExLbUpWWE1GRHZZdGZPaEp1NU9xdDEzR21GMFB3YU1ORUFzRkZ5bEF5RmZiSE5HQ05aOHRfWi1aX3NC&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: auth-signon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=PVlvFt5cakC4; qPdM.sig=XX5LDOMxURVcQzCO-Dsf3z5HTlk; ClientId=0E3889A6774F4BB9BC9E9D8135180334; OIDC=1; OpenIdConnect.nonce.v3._FKRxduflEUxSHJifiZI0_XECsvCTdNfyC4JoAM7380=638513657488825518.29f72de7-3029-47f5-8541-203b37ccff40; X-OWA-RedirectHistory=ArLym14Brlzb2sl03Ag; esctx-RpIJK5TnTeA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IioAWOpTXn8Y_Q6EJ4veqllxWGTimhg2R0FJAtutm7rotfM4gAhV3Z9dHIMB46m43s6j7EOgS_Tj3WO5D7AjWrtYKhVwgsbWi4drBq21MS7WMVz8s8ZB2XTYZ-OZ27jfpx0UdAnFj6LtranMpotgCiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8nWyxe1fBhu8rBvyALJuQKx5m4WyvUbdAsCa216mlRKQYeEHfK30yMm6Pa66Nyg5VQgnKFYa4jPOft58N_g_mkaaoLBHtOVUb_KqzcmiG8KEgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8gxamGhECuG03zP-fPdSGkkal3z7AWhyXJaFQURAWDJMkCmeDK5W_oUQq2JlSyAkzr9XOA66k18K9sgZ6U0PrXU6ihqmWgWibKIdHkR_2FovG2Z_4XAOylhsTgb038YHhl0pbEyp7LyXNrmL1CscpHXo0YWkb2EVd2aNF1RBS5IogAA; esctx-tSBx784SOI=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8DZpX4uP3BVZrrIOGpkcIzpmqqkW9ST0CVKzshnQo3CvJYLgD2rcz4-KEzzDBtcO5JSAU_jeBfzjzysoeVC4U7_BB--SpcFD4X7Jy9SWKq1KEB6VW12VazDX9rrxbvFrMk9CR8alCtVFEYglXSS850CAA; fpc=AlrpU4jK5apPocsVmrpixSeerOTJAQAAAHaF1t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /shared/5/js/login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30208.15/images/favicon.ico HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30208.15/images/favicon.ico HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/arrow_left_a9cc2824ef3517b6c416.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/arrow_left_a9cc2824ef3517b6c416.svg HTTP/1.1Host: logincdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d9&oit=1&cp=2&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d&oit=1&cp=1&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=doc&oit=1&cp=3&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docu&oit=1&cp=4&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docus&oit=1&cp=5&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusig&oit=1&cp=7&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /search?q=docusign&rlz=1C1ONGR_enUS1110&oq=docusig&gs_lcrp=EgZjaHJvbWUqEAgAEAAYgwEY4wIYsQMYgAQyEAgAEAAYgwEY4wIYsQMYgAQyEwgBEC4YgwEYxwEYsQMY0QMYgAQyDQgCEAAYgwEYsQMYgAQyBggDEEUYOTINCAQQABiDARixAxiABDIECAUQBTIGCAYQRRg8MgYIBxBFGDyoAgCwAgA&pf=cs&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Purpose: prefetchSec-Purpose: prefetchAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=O5sXsMOWCvnVtNbbAbHw4nwbO6Sn4RrUY7REJZgvyMsAiy_u_ugnKXZ9tX9wqock1JWHETHn5mNPLv1ZfXlcZjG8ZbAOvmGbE-4kMEX8PLsuAf06ErbYkDJctsN5YF8OJ-CYTM_30nY1qm3pUPCDyPAGTg7KHpF7gqrDGR_WywU
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-&oit=1&cp=9&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=vfCP3jIwfNnZ0gWtbPxYiV33FEWH7HquxhjjdzeZk7D4DdEDzzCjNB3PxgHSWqz174EA5eDtkK1cb5NxwWK5aF3y6UGDMXj8xXPn_-E1heIofGo1_6v6nzGziuKU8Ku1WPtKhSFw2eBkq5UmnlBZQe5KoL4TDr59GRWjpP_LHs4
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-a&oit=1&cp=10&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=vfCP3jIwfNnZ0gWtbPxYiV33FEWH7HquxhjjdzeZk7D4DdEDzzCjNB3PxgHSWqz174EA5eDtkK1cb5NxwWK5aF3y6UGDMXj8xXPn_-E1heIofGo1_6v6nzGziuKU8Ku1WPtKhSFw2eBkq5UmnlBZQe5KoL4TDr59GRWjpP_LHs4
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-au&oit=1&cp=11&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=514=vfCP3jIwfNnZ0gWtbPxYiV33FEWH7HquxhjjdzeZk7D4DdEDzzCjNB3PxgHSWqz174EA5eDtkK1cb5NxwWK5aF3y6UGDMXj8xXPn_-E1heIofGo1_6v6nzGziuKU8Ku1WPtKhSFw2eBkq5UmnlBZQe5KoL4TDr59GRWjpP_LHs4

Source: chromecache_124.1.dr	String found in binary or memory: </span><span class="f">20 hours ago</span></div></div></div></div></g-inner-card></div></div></div><div class="fy7gGf"><div class="fy7gGf"><div class="dHOsHb nlkcvc APo4S KtfA8c" jscontroller="DeqxPd" data-author="0" data-init-vis="true" data-is-desktop="1" jsname="fNqNNe" jsaction="rcuQ6b:npT2md" data-hveid="CFIQAA" data-ved="2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQ-YgBKAB6BAhSEAA"><g-inner-card class="zf84ud THG0oc wdQNof" jsname="IlOKIe"><div jsname="O2za3e" jsaction="a6xS0c:KoToPc;d7GKPc:l2hxcf"><g-image-section aria-hidden="true"><a href="https://twitter.com/DocuSign/status/1790025492579438866?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet" tabindex="-1" ping="/url?sa=t&source=web&rct=j&opi=89978449&url=https://twitter.com/DocuSign/status/1790025492579438866%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255Eserp%257Ctwgr%255Etweet&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQ_1N6BAhSEAE&sqi=2"><div class="cUVNae" style="text-align:center;z-index:2;position:relative"><img class="Jyc17b" id="tsuid_79" src="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" style="width:202px;height:113px" alt="" data-deferred="1"><span class="OhQAn z1asCe UIgqBe" style="height:48px;line-height:48px;width:48px"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-2 14.5v-9l6 4.5-6 4.5z"></path></svg></span></div></a></g-image-section><div class="Brgz0 tw-res" style="padding:8px 16px 0" data-ved="2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQ_VMoAHoECFIQAg"><a jsname="AL7mg" class="h4kbcd" href="https://twitter.com/DocuSign/status/1790025492579438866?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet" style="bottom:0" aria-label="Twitter" ping="/url?sa=t&source=web&rct=j&opi=89978449&url=https://twitter.com/DocuSign/status/1790025492579438866%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255Eserp%257Ctwgr%255Etweet&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQglR6BAhSEAM&sqi=2"></a><div class="xcQxib eadHV Ses7yd wHYlTd" aria-level="3" role="heading" style="position:relative">Your data is trapped in agreements. It's time to unlock it and all the insights that come with it: <a class="Ndm45b" href="https://ow.ly/Yfvt50RC4no" style="z-index:2;position:relative" ping="/url?sa=t&source=web&rct=j&opi=89978449&url=https://ow.ly/Yfvt50RC4no&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQhlR6BAhSEAQ&sqi=2">ow.ly/Yfvt50RC4no</a> </div><div class="rmxqbe ol1Lrb" style="z-index:2"><div class="ZYHQ7e kLhEKe vRDmnf wHYlTd"><span class="RES9jf">Posted on X</span><span class="f"> equals www.twitter.com (Twitter)
Source: chromecache_124.1.dr	String found in binary or memory: DOCU</span></cite></div></div></div></div><div class="csDOgf BCF2pd L48a4c"><div jscontroller="gOTY1" data-id="atritem-https://finance.yahoo.com/quote/DOCU/" jsdata="PFrTzf;_;BXk/jE" data-viewer-group="1" jsaction="rcuQ6b:npT2md;aevozb:T2P31d;vcOT6c:C6KsF;k7WJpc:beCLof"><div><div jsdata="l7Bhpb;_;BXk/jw" jscontroller="PbHo4e" jsshadow="" jsaction="rcuQ6b:npT2md;h5M12e;jGQF0b:kNqZ1c;" data-viewer-entrypoint="1" data-ved="2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQ2esEegQIOBAJ"><div jsslot=""><div jsname="I3kE2c" class="MJ8UF iTPLzd rNSxBe eY4mx lUn2nc" style="position:absolute" aria-label="About this result" role="button" tabindex="0"><span jsname="czHhOd" class="D6lY4c mBswFe"><span jsname="Bil8Ae" class="xTFaxe z1asCe" style="height:18px;line-height:18px;width:18px"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"></path></svg></span></span></div></div></div></div></div></div></div></div></div></div><div class="kb0PBd cvP2Ce A9Y9g" data-snf="nke7rc" data-sncf="1"><div class="VwiC3b yXK7lf lVm3ye r025kc hJNv6b Hdw6tb" style="-webkit-line-clamp:2"><span><em>DocuSign</em>, Inc. provides electronic signature solution in the United States and internationally. The company provides e-signature solution that enables equals www.yahoo.com (Yahoo)
Source: chromecache_124.1.dr	String found in binary or memory: X</h3><div class="p4InSe iUh30" style="z-index:1"><span class="H9lube"><div class="eqA2re NjwKYd Vwoesf" aria-hidden="true"><img class="XNo5Ab" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAAAAABWESUoAAAA3ElEQVR4Ac2SGQDFMBBE1ylOcYpTner0neK0TnGpU53iFKc6xWl+p+f25D7InZ295Cv0mGjFUOzWDVVVa/WykaBiaBBFfsiyory3JASRjs8mInqxUGRw47CIBIy7Ew0Sh0nED4OXCwkNh8h7GrrgCkVK9a7w6Q2BjoVa6Oo9EZEDVJ7I1M4UeMDXzIEhvoukFxNMaP8o4gpon1l9qnqc7DcPIgpd7Ce0t/fJVO0q0qIsVeuY1XwNYK1gwm8J2GAqvHRF5mD7BcG0Rl6yegjw0BqdakE8Bni0RyjyDf4Y1Y0n0wNT4wAAAABJRU5ErkJggg==" style="height:16px;width:16px" alt=""></div></span><div class="CA5RN"><div><span class="VuuXrf">X (Twitter)</span></div><div class="byrV5b"><cite class="ellip iUh30 HmBl6" style="overflow:initial">https://twitter.com/DocuSign</cite></div></div></div></a></g-link></div><div class="p4InSe znvUFb"><span class="H9lube"><div class="eqA2re NjwKYd Vwoesf" aria-hidden="true"><img class="XNo5Ab" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAAAAABWESUoAAAA3ElEQVR4Ac2SGQDFMBBE1ylOcYpTner0neK0TnGpU53iFKc6xWl+p+f25D7InZ295Cv0mGjFUOzWDVVVa/WykaBiaBBFfsiyory3JASRjs8mInqxUGRw47CIBIy7Ew0Sh0nED4OXCwkNh8h7GrrgCkVK9a7w6Q2BjoVa6Oo9EZEDVJ7I1M4UeMDXzIEhvoukFxNMaP8o4gpon1l9qnqc7DcPIgpd7Ce0t/fJVO0q0qIsVeuY1XwNYK1gwm8J2GAqvHRF5mD7BcG0Rl6yegjw0BqdakE8Bni0RyjyDf4Y1Y0n0wNT4wAAAABJRU5ErkJggg==" style="height:16px;width:16px" alt=""></div></span><div class="CA5RN"><div><span class="VuuXrf">X (Twitter)</span></div><div class="byrV5b"><cite class="ellip iUh30 HmBl6" style="overflow:initial">https://twitter.com/DocuSign<span class="TRQZRb"><div jscontroller="gOTY1" data-id="atritem-" jsdata="PFrTzf;_;BXk/jE" data-viewer-group="1" jsaction="rcuQ6b:npT2md;aevozb:T2P31d;vcOT6c:C6KsF;k7WJpc:beCLof"><div><div jsdata="l7Bhpb;_;BXk/kI" jscontroller="PbHo4e" jsshadow="" jsaction="rcuQ6b:npT2md;h5M12e;jGQF0b:kNqZ1c;" data-viewer-entrypoint="1" data-ved="2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQ2esEegQIVRAI"><div jsslot=""><div jsname="I3kE2c" class="iTPLzd rNSxBe eY4mx lUn2nc" style="position:absolute" aria-label="About this result" role="button" tabindex="0"><span jsname="czHhOd" class="D6lY4c mBswFe"><span jsname="Bil8Ae" class="xTFaxe z1asCe" style="height:18px;line-height:18px;width:18px"><svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"></path></svg></span></span></div></div></div></div></div></span></cite></div></div></div></div></div><div><g-scrolling-carousel class="rQgnxe THlyec" jsname="TbTJUb" jscontroller="pgCXqb" id="_zI5EZpiuJdKAkvQPidipuAM_81" jsdata="JcTXNb;_;BXk/kE" jsshadow="" jsaction="OaAmdd:EDKYjb;JnGzAc:aJ8u7;qVN0Rc:nnsrCf;OW9R3e:Xj7hvb;EormBc:HFYvKc;gEKQDb:yUtVib;keydown:uYT2Vb;rcuQ6b:npT2md;lnkFzb:jCOVSe"><div jsname="haAclf" class="acCJ4b" jsaction="t3L5Dd:OR1BUb" data-hveid="CFQQAQ" data-ved="2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQg1R6BAhUEAE"><d

Source: global traffic	DNS traffic detected: DNS query: api-internal.weblinkconnect.com
Source: global traffic	DNS traffic detected: DNS query: devbook.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: docusign-auth.com
Source: global traffic	DNS traffic detected: DNS query: auth-signon.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1Host: devbook.netConnection: keep-aliveContent-Length: 15775sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://devbook.netSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e9831e2b-da82-4699-a265-cc0e4bc0d900x-ms-ests-server: 2.1.18037.7 - SCUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Wed, 15 May 2024 10:29:11 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_167.1.dr	String found in binary or memory: http://docusign.com.au
Source: chromecache_160.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_132.1.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_117.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_124.1.dr	String found in binary or memory: http://schema.org/SearchResultsPage
Source: chromecache_99.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_117.1.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_117.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_113.1.dr, chromecache_150.1.dr	String found in binary or memory: https://account.docusign.com/
Source: chromecache_153.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_153.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_153.1.dr, chromecache_99.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_124.1.dr	String found in binary or memory: https://apps.apple.com
Source: chromecache_124.1.dr	String found in binary or memory: https://apps.apple.com/us/app/docusign-upload-sign-docs/id474990205
Source: chromecache_124.1.dr	String found in binary or memory: https://apps.apple.com/us/app/docusign-upload-sign-docs/id474990205&ved=2ahUKEwiYxMbfuY-GAxVSgIQ
Source: chromecache_153.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_153.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_153.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_124.1.dr	String found in binary or memory: https://docusign.com/
Source: chromecache_153.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_124.1.dr	String found in binary or memory: https://finance.yahoo.com
Source: chromecache_124.1.dr	String found in binary or memory: https://finance.yahoo.com/quote/DOCU/
Source: chromecache_124.1.dr	String found in binary or memory: https://finance.yahoo.com/quote/DOCU/&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQFnoECDgQAQ&sqi=2
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_136.1.dr, chromecache_160.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_117.1.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_94.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_94.1.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_124.1.dr	String found in binary or memory: https://ow.ly/hREW50RC3Lp
Source: chromecache_124.1.dr	String found in binary or memory: https://ow.ly/hREW50RC3Lp&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQhlR6BAg3EAQ&sqi=2
Source: chromecache_124.1.dr	String found in binary or memory: https://play.google.com
Source: chromecache_99.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_124.1.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.docusign.ink&hl=en_US&gl=US
Source: chromecache_153.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_153.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255Eserp%257Ctwgr%255Eauthor&am
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign/status/1790025492579438866%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign/status/1790025492579438866?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign/status/1790382089327583446%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign/status/1790382089327583446?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg
Source: chromecache_124.1.dr	String found in binary or memory: https://twitter.com/DocuSign?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Source: chromecache_124.1.dr	String found in binary or memory: https://workspace.google.com
Source: chromecache_153.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_124.1.dr	String found in binary or memory: https://workspace.google.com/marketplace/app/docusign_esignature_for_google_workspace/469176070494
Source: chromecache_124.1.dr	String found in binary or memory: https://www.cuit.columbia.edu
Source: chromecache_124.1.dr	String found in binary or memory: https://www.cuit.columbia.edu/electronic-signature
Source: chromecache_124.1.dr	String found in binary or memory: https://www.cuit.columbia.edu/electronic-signature&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQFnoECDkQ
Source: chromecache_124.1.dr	String found in binary or memory: https://www.docusign.com
Source: chromecache_124.1.dr	String found in binary or memory: https://www.docusign.com/
Source: chromecache_124.1.dr	String found in binary or memory: https://www.docusign.com/trial/free
Source: chromecache_124.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_124.1.dr	String found in binary or memory: https://www.google.com/aclk?sa=l&ai=DChcSEwi-6c3fuY-GAxUmt1oFHXrHAcYYABAAGgJ2dQ&ase=2&gc
Source: chromecache_124.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3
Source: chromecache_153.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_153.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_99.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_99.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_99.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49782 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.troj.win@27/140@40/17

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 --field-trial-handle=1956,i,3950150999971565449,10129195924633834356,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC	0%	Avira URL Cloud	safe
https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
cs1100.wpc.omegacdn.net	0%	Virustotal	Browse
play.google.com	0%	Virustotal	Browse
part-0013.t-0009.t-msedge.net	0%	Virustotal	Browse
sni1gl.wpc.alphacdn.net	0%	Virustotal	Browse
api-internal.weblinkconnect.com	1%	Virustotal	Browse
devbook.net	1%	Virustotal	Browse
LYH-efz.ms-acdc.office.com	0%	Virustotal	Browse
a.nel.cloudflare.com	0%	Virustotal	Browse
cs1227.wpc.alphacdn.net	0%	Virustotal	Browse
part-0005.t-0009.t-msedge.net	0%	Virustotal	Browse
plus.l.google.com	0%	Virustotal	Browse
r4.res.office365.com	0%	Virustotal	Browse
logincdn.msftauth.net	0%	Virustotal	Browse
docusign-auth.com	5%	Virustotal	Browse
challenges.cloudflare.com	0%	Virustotal	Browse
outlook.office365.com	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
acctcdn.msftauth.net	0%	Virustotal	Browse
aadcdn.msftauth.net	0%	Virustotal	Browse
apis.google.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.broofa.com	0%	URL Reputation	safe
https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js	0%	URL Reputation	safe
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	0%	URL Reputation	safe
http://www.json.org/json2.js	0%	URL Reputation	safe
https://plus.google.com	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://login.windows-ppe.net	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	0%	URL Reputation	safe
https://domains.google.com/suggest/flow	0%	URL Reputation	safe
http://knockoutjs.com/	0%	URL Reputation	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor	0%	Avira URL Cloud	safe
https://account.docusign.com/	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Virustotal		Browse
https://www.docusign.com/	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-&oit=1&cp=9&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://www.cuit.columbia.edu/electronic-signature&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQFnoECDkQ	0%	Avira URL Cloud	safe
https://www.docusign.com/	0%	Virustotal		Browse
https://account.docusign.com/	0%	Virustotal		Browse
https://ow.ly/hREW50RC3Lp	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign/status/1790025492579438866?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255Eserp%257Ctwgr%255Eauthor&am	0%	Avira URL Cloud	safe
https://finance.yahoo.com	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign/status/1790382089327583446%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E	0%	Avira URL Cloud	safe
https://play.google.com/store/apps/details?id=com.docusign.ink&hl=en_US&gl=US	0%	Avira URL Cloud	safe
https://devbook.net/cloudflare	0%	Avira URL Cloud	safe
https://workspace.google.com	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor	0%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://finance.yahoo.com	0%	Virustotal		Browse
https://auth-signon.com/owa/	0%	Avira URL Cloud	safe
https://devbook.net/cloudflare	1%	Virustotal		Browse
https://auth-signon.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2F1dGgtc2lnbm9uLmNvbSIsImRvbWFpbiI6ImF1dGgtc2lnbm9uLmNvbSIsImtleSI6IlBWbHZGdDVjYWtDNCIsInFyYyI6bnVsbCwiaWF0IjoxNzE1NzY4OTQ2LCJleHAiOjE3MTU3NjkwNjZ9.nNSgHQSG_2NbAUWg_kMi0uto9267VPcrwl3qgtyYjNQ	0%	Avira URL Cloud	safe
https://www.cuit.columbia.edu/electronic-signature	0%	Avira URL Cloud	safe
https://play.google.com/store/apps/details?id=com.docusign.ink&hl=en_US&gl=US	0%	Virustotal		Browse
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js	0%	Avira URL Cloud	safe
https://auth-signon.com/owa/?username=mickeymouse%40outlook.com&login_hint=mickeymouse%40outlook.com	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=doc&oit=1&cp=3&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://devbook.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	0%	Avira URL Cloud	safe
http://github.com/jquery/globalize	0%	Avira URL Cloud	safe
https://devbook.net/favicon.ico	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/884271607aa96c88/1715768925702/yY6ExGikJ7c6Dn2	0%	Avira URL Cloud	safe
https://www.cuit.columbia.edu	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-a&oit=1&cp=10&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://github.com/douglascrockford/JSON-js	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/884271607aa96c88/1715768925700/2b4abb7dfe105cce433a6a6a12536fdcd8f761acca8889db61e5e61d15fa7710/RjjDHre3dg8-STn	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg	0%	Avira URL Cloud	safe
http://docusign.com.au	0%	Avira URL Cloud	safe
https://docusign.com/	0%	Avira URL Cloud	safe
https://devbook.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js	0%	Avira URL Cloud	safe
https://docusign-auth.com/?fyimjfzx	100%	Avira URL Cloud	malware
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	0%	Avira URL Cloud	safe
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign	0%	Avira URL Cloud	safe
https://devbook.net/cdn-cgi/challenge-platform/scripts/jsd/main.js	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=%2BOk%2FmzxwKQU1LEkW5ozR4ItSj73ImLV1ilas6GcfmVvTXbAKkPAqUFxRIF2zbJgTFSdnzteGWp3uHDrixwxbZA7IpoBmlecZ8OijBbWWwY3JJ5xx7Ov2yDaVbYRGqw%3D%3D	0%	Avira URL Cloud	safe
https://clients6.google.com	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docu&oit=1&cp=4&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://auth-signon.com/	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/arrow_left_a9cc2824ef3517b6c416.svg	0%	Avira URL Cloud	safe
https://play.google.com	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d&oit=1&cp=1&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-au&oit=1&cp=11&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign/status/1790025492579438866%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=%2FCBUbl4Prk48QH11ZIyudVuBQR08qdMLgx9AGvfN4lVQHddXb06xIj6H02XB3z4%2FKm%2Bb95OKAduOO2uZue6qgm7oD4%2BHiMkCKn8IfMN3ltn6%2BREu9yerFj4jt49ejA%3D%3D	0%	Avira URL Cloud	safe
https://auth-signon.com/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
https://apis.google.com	0%	Avira URL Cloud	safe
https://www.google.com/aclk?sa=l&ai=DChcSEwi-6c3fuY-GAxUmt1oFHXrHAcYYABAAGgJ2dQ&ase=2&gc	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	0%	Avira URL Cloud	safe
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js	0%	Avira URL Cloud	safe
https://www.google.com/search?q=docusign&rlz=1C1ONGR_enUS1110&oq=docusig&gs_lcrp=EgZjaHJvbWUqEAgAEAAYgwEY4wIYsQMYgAQyEAgAEAAYgwEY4wIYsQMYgAQyEwgBEC4YgwEYxwEYsQMY0QMYgAQyDQgCEAAYgwEYsQMYgAQyBggDEEUYOTINCAQQABiDARixAxiABDIECAUQBTIGCAYQRRg8MgYIBxBFGDyoAgCwAgA&pf=cs&sourceid=chrome&ie=UTF-8	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/api.js	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusig&oit=1&cp=7&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
http://schema.org/SearchResultsPage	0%	Avira URL Cloud	safe
https://www.google.com/async/newtab_promos	0%	Avira URL Cloud	safe
https://twitter.com/DocuSign/status/1790382089327583446?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/16.000.30208.15/images/favicon.ico	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d9&oit=1&cp=2&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://logincdn.msftauth.net/shared/5/js/login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js	0%	Avira URL Cloud	safe
https://www.docusign.com	0%	Avira URL Cloud	safe
https://www.google.com/async/ddljson?async=ntp:2	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docus&oit=1&cp=5&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	0%, Virustotal, Browse	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	0%, Virustotal, Browse	unknown
plus.l.google.com	192.178.50.46	true	false	0%, Virustotal, Browse	unknown
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	0%, Virustotal, Browse	unknown
devbook.net	104.21.70.6	true	true	1%, Virustotal, Browse	unknown
part-0005.t-0009.t-msedge.net	13.107.213.33	true	false	0%, Virustotal, Browse	unknown
LYH-efz.ms-acdc.office.com	52.96.54.210	true	false	0%, Virustotal, Browse	unknown
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	0%, Virustotal, Browse	unknown
play.google.com	142.250.189.142	true	false	0%, Virustotal, Browse	unknown
auth-signon.com	104.236.5.194	true	true		unknown
api-internal.weblinkconnect.com	104.18.247.141	true	true	1%, Virustotal, Browse	unknown
challenges.cloudflare.com	104.17.2.184	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.217.228	true	false	0%, Virustotal, Browse	unknown
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	0%, Virustotal, Browse	unknown
docusign-auth.com	172.67.145.144	true	true	5%, Virustotal, Browse	unknown
r4.res.office365.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
aadcdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
logincdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
outlook.office365.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
apis.google.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
acctcdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://outlook.office365.com/owa/prefetch.aspx	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	false	Avira URL Cloud: safe	unknown
https://devbook.net/cloudflare/	false		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-&oit=1&cp=9&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://devbook.net/cloudflare	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/owa/	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2F1dGgtc2lnbm9uLmNvbSIsImRvbWFpbiI6ImF1dGgtc2lnbm9uLmNvbSIsImtleSI6IlBWbHZGdDVjYWtDNCIsInFyYyI6bnVsbCwiaWF0IjoxNzE1NzY4OTQ2LCJleHAiOjE3MTU3NjkwNjZ9.nNSgHQSG_2NbAUWg_kMi0uto9267VPcrwl3qgtyYjNQ	false	Avira URL Cloud: safe	unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/owa/?username=mickeymouse%40outlook.com&login_hint=mickeymouse%40outlook.com	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=doc&oit=1&cp=3&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://devbook.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	false	Avira URL Cloud: safe	unknown
https://devbook.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/884271607aa96c88/1715768925702/yY6ExGikJ7c6Dn2	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-a&oit=1&cp=10&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/884271607aa96c88/1715768925700/2b4abb7dfe105cce433a6a6a12536fdcd8f761acca8889db61e5e61d15fa7710/RjjDHre3dg8-STn	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg	false	Avira URL Cloud: safe	unknown
https://devbook.net/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js	false	Avira URL Cloud: safe	unknown
https://docusign-auth.com/?fyimjfzx	true	Avira URL Cloud: malware	unknown
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js	false	Avira URL Cloud: safe	unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	false	Avira URL Cloud: safe	unknown
https://devbook.net/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=%2BOk%2FmzxwKQU1LEkW5ozR4ItSj73ImLV1ilas6GcfmVvTXbAKkPAqUFxRIF2zbJgTFSdnzteGWp3uHDrixwxbZA7IpoBmlecZ8OijBbWWwY3JJ5xx7Ov2yDaVbYRGqw%3D%3D	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docu&oit=1&cp=4&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/images/arrow_left_a9cc2824ef3517b6c416.svg	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	false		unknown
https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d&oit=1&cp=1&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusign-au&oit=1&cp=11&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=%2FCBUbl4Prk48QH11ZIyudVuBQR08qdMLgx9AGvfN4lVQHddXb06xIj6H02XB3z4%2FKm%2Bb95OKAduOO2uZue6qgm7oD4%2BHiMkCKn8IfMN3ltn6%2BREu9yerFj4jt49ejA%3D%3D	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/common/GetCredentialType?mkt=en-US	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	URL Reputation: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js	false	Avira URL Cloud: safe	unknown
https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC	false		unknown
https://www.google.com/search?q=docusign&rlz=1C1ONGR_enUS1110&oq=docusig&gs_lcrp=EgZjaHJvbWUqEAgAEAAYgwEY4wIYsQMYgAQyEAgAEAAYgwEY4wIYsQMYgAQyEwgBEC4YgwEYxwEYsQMY0QMYgAQyDQgCEAAYgwEYsQMYgAQyBggDEEUYOTINCAQQABiDARixAxiABDIECAUQBTIGCAYQRRg8MgYIBxBFGDyoAgCwAgA&pf=cs&sourceid=chrome&ie=UTF-8	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docusig&oit=1&cp=7&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://www.google.com/async/newtab_promos	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/16.000.30208.15/images/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d9&oit=1&cp=2&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/js/login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/async/ddljson?async=ntp:2	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=docus&oit=1&cp=5&pgcl=7&gs_rn=42&psi=t367kh8MdRIn850P&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	Avira URL Cloud: safe	unknown
https://auth-signon.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.broofa.com	chromecache_99.1.dr	false	URL Reputation: safe	unknown
https://twitter.com/DocuSign?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor	chromecache_124.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://account.docusign.com/	chromecache_113.1.dr, chromecache_150.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.docusign.com/	chromecache_124.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.cuit.columbia.edu/electronic-signature&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQFnoECDkQ	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/DocuSign/status/1790025492579438866?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js	chromecache_117.1.dr	false	URL Reputation: safe	unknown
https://ow.ly/hREW50RC3Lp	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/DocuSign%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255Eserp%257Ctwgr%255Eauthor&am	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_153.1.dr	false	URL Reputation: safe	unknown
http://www.json.org/json2.js	chromecache_117.1.dr	false	URL Reputation: safe	unknown
https://finance.yahoo.com	chromecache_124.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com	chromecache_124.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://twitter.com/DocuSign/status/1790382089327583446%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://play.google.com/store/apps/details?id=com.docusign.ink&hl=en_US&gl=US	chromecache_124.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://workspace.google.com	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cuit.columbia.edu/electronic-signature	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
http://github.com/jquery/globalize	chromecache_132.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cuit.columbia.edu	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/douglascrockford/JSON-js	chromecache_136.1.dr, chromecache_160.1.dr	false	Avira URL Cloud: safe	unknown
https://plus.google.com	chromecache_153.1.dr	false	URL Reputation: safe	unknown
http://docusign.com.au	chromecache_167.1.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_117.1.dr	false	URL Reputation: safe	unknown
https://docusign.com/	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/DocuSign	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://clients6.google.com	chromecache_153.1.dr	false	Avira URL Cloud: safe	unknown
https://play.google.com	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://login.windows-ppe.net	chromecache_94.1.dr	false	URL Reputation: safe	unknown
https://twitter.com/DocuSign/status/1790025492579438866%3Fref_src%3Dtwsrc%255Egoogle%257Ctwcamp%255E	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	chromecache_94.1.dr	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/lcreport/	chromecache_153.1.dr	false	URL Reputation: safe	unknown
https://apis.google.com	chromecache_153.1.dr, chromecache_99.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/aclk?sa=l&ai=DChcSEwi-6c3fuY-GAxUmt1oFHXrHAcYYABAAGgJ2dQ&ase=2&gc	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://domains.google.com/suggest/flow	chromecache_153.1.dr	false	URL Reputation: safe	unknown
http://schema.org/SearchResultsPage	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
http://knockoutjs.com/	chromecache_117.1.dr	false	URL Reputation: safe	unknown
https://twitter.com/DocuSign/status/1790382089327583446?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwg	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://www.docusign.com	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://www.docusign.com/trial/free	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown
https://finance.yahoo.com/quote/DOCU/&ved=2ahUKEwiYxMbfuY-GAxVSgIQIHQlsCjcQFnoECDgQAQ&sqi=2	chromecache_124.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.96.54.210	LYH-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.189.142	play.google.com	United States	15169	GOOGLEUS	false
104.21.79.121	unknown	United States	13335	CLOUDFLARENETUS	false
104.236.5.194	auth-signon.com	United States	14061	DIGITALOCEAN-ASNUS	true
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
192.178.50.46	plus.l.google.com	United States	15169	GOOGLEUS	false
104.21.70.6	devbook.net	United States	13335	CLOUDFLARENETUS	true
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
172.67.217.69	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.145.144	docusign-auth.com	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.247.141	api-internal.weblinkconnect.com	United States	13335	CLOUDFLARENETUS	true
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1441887
Start date and time:	2024-05-15 12:28:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.phis.troj.win@27/140@40/17
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.2.195, 172.217.3.78, 142.250.98.84, 34.104.35.123, 40.126.28.22, 40.126.7.32, 40.126.28.13, 40.126.28.18, 40.126.28.21, 40.126.28.11, 40.126.28.20, 40.126.28.14, 23.221.212.15, 23.221.212.18, 23.221.212.9, 142.250.217.170, 142.250.189.138, 192.178.50.42, 142.250.64.202, 142.250.64.138, 172.217.2.202, 142.250.217.234, 172.217.165.202, 142.250.217.202, 142.251.35.234, 192.178.50.74, 172.217.3.74, 142.250.64.163, 40.126.28.19, 40.126.28.23, 40.126.28.12, 142.250.64.234, 13.89.179.11, 20.189.173.2, 40.126.7.35, 142.250.64.174, 142.250.64.170, 172.217.15.195, 192.178.50.78
Excluded domains from analysis (whitelisted): logincdn.msauth.net, lgincdnmsftuswe2.azureedge.net, slscr.update.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, acctcdn.msauth.net, acctcdn.trafficmanager.net, clients2.google.com, login.live.com, update.googleapis.com, acctcdnvzeuno.azureedge.net, www.gstatic.com, acctcdnvzeuno.ec.azureedge.net, clients1.google.com, e40491.dscg.akamaiedge.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, encrypted-tbn0.gstatic.com, www.tm.v4.a.prd.aadg.akadns.net, acctcdnmsftuswe2.afd.azureedge.net, onedscolprdcus15.centralus.cloudapp.azure.com, lgincdnvzeuno.ec.azureedge.net, aadcdn.msauth.net, www.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, lgincdnvzeuno.azureedge.net, browser.events.data.microsoft.com, edgedl.me.g
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input

Output

URL: https://auth-signon.com/?3k4bg6nxa=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291

```json
{
  "phishing_score": 8,
  "brands": "Microsoft",
  "phishing": true,
  "suspicious_domain": true,
  "has_loginform": true,
  "has_captcha": false,
  "setechniques": true,
  "reasons": "The URL 'https://auth-signon.com' does not match the legitimate domain for Microsoft services, which typically use 'microsoft.com', 'live.com', or similar Microsoft-owned domains. The use of a misleading domain name that sounds official but is unrelated to Microsoft is a common tactic in phishing to deceive users. The webpage visually mimics a legitimate Microsoft Outlook login page, which is a social engineering technique designed to trick users into providing sensitive information."
}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 15 09:28:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9911903381366423
Encrypted:	false
SSDEEP:	48:8AQdjTLLXHzidAKZdA1FehwiZUklqehSy+3:8AQbt1y
MD5:	658E414456AD82EC58F911EE41E33235
SHA1:	1CD32F3E3D393180BDAFE9B75509064AF3E01306
SHA-256:	C2FAAECF4755C1CC1774C310D456E1B1693CEB9AA9A2CA5C7326BDCD3426CA47
SHA-512:	6DA7284D423667F38CA95568BC1AA7D8A4616E0AB3B1304F6F8B89A1562EC4A071E12ADA5DC348B403172B2844AF78E788F5F1920F0EECCCEC49C397AB0395E1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............{......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 15, 2024 12:28:37.434550047 CEST	64687	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:37.434997082 CEST	55795	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:37.534307003 CEST	53	58732	1.1.1.1	192.168.2.16
May 15, 2024 12:28:37.546446085 CEST	53	64687	1.1.1.1	192.168.2.16
May 15, 2024 12:28:37.581604004 CEST	53	55795	1.1.1.1	192.168.2.16
May 15, 2024 12:28:37.651424885 CEST	53	50021	1.1.1.1	192.168.2.16
May 15, 2024 12:28:38.263308048 CEST	56312	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:38.263480902 CEST	59047	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:38.287771940 CEST	53	65007	1.1.1.1	192.168.2.16
May 15, 2024 12:28:38.385271072 CEST	53	56312	1.1.1.1	192.168.2.16
May 15, 2024 12:28:38.409634113 CEST	53	59047	1.1.1.1	192.168.2.16
May 15, 2024 12:28:42.223160028 CEST	63353	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:42.223543882 CEST	54337	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:42.332923889 CEST	53	63353	1.1.1.1	192.168.2.16
May 15, 2024 12:28:42.333412886 CEST	53	54337	1.1.1.1	192.168.2.16
May 15, 2024 12:28:42.564675093 CEST	52685	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:42.564975977 CEST	52901	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:42.674784899 CEST	53	52901	1.1.1.1	192.168.2.16
May 15, 2024 12:28:42.674899101 CEST	53	52685	1.1.1.1	192.168.2.16
May 15, 2024 12:28:43.071399927 CEST	51414	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:43.071541071 CEST	57514	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:43.216167927 CEST	53	51414	1.1.1.1	192.168.2.16
May 15, 2024 12:28:43.247675896 CEST	53	57514	1.1.1.1	192.168.2.16
May 15, 2024 12:28:43.699129105 CEST	55001	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:43.699295044 CEST	57325	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:43.808821917 CEST	53	57325	1.1.1.1	192.168.2.16
May 15, 2024 12:28:43.808854103 CEST	53	55001	1.1.1.1	192.168.2.16
May 15, 2024 12:28:44.592571020 CEST	65065	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:44.592747927 CEST	64036	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:44.702014923 CEST	53	65065	1.1.1.1	192.168.2.16
May 15, 2024 12:28:44.702136040 CEST	53	64036	1.1.1.1	192.168.2.16
May 15, 2024 12:28:44.908829927 CEST	53320	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:44.908970118 CEST	59351	53	192.168.2.16	1.1.1.1
May 15, 2024 12:28:45.018708944 CEST	53	59351	1.1.1.1	192.168.2.16
May 15, 2024 12:28:45.018976927 CEST	53	53320	1.1.1.1	192.168.2.16
May 15, 2024 12:28:55.205698013 CEST	53	54322	1.1.1.1	192.168.2.16
May 15, 2024 12:29:06.199429035 CEST	58892	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:06.199584961 CEST	61794	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:06.346020937 CEST	53	58892	1.1.1.1	192.168.2.16
May 15, 2024 12:29:06.377749920 CEST	53	61794	1.1.1.1	192.168.2.16
May 15, 2024 12:29:06.978509903 CEST	49937	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:06.978652954 CEST	49655	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:07.129750967 CEST	53	49655	1.1.1.1	192.168.2.16
May 15, 2024 12:29:07.217344999 CEST	53	49937	1.1.1.1	192.168.2.16
May 15, 2024 12:29:10.837265015 CEST	58724	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:10.837429047 CEST	58770	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:11.003901005 CEST	53	58724	1.1.1.1	192.168.2.16
May 15, 2024 12:29:11.032021046 CEST	53	58770	1.1.1.1	192.168.2.16
May 15, 2024 12:29:11.698221922 CEST	59757	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:11.698532104 CEST	54919	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:11.808336973 CEST	53	59757	1.1.1.1	192.168.2.16
May 15, 2024 12:29:11.808440924 CEST	53	54919	1.1.1.1	192.168.2.16
May 15, 2024 12:29:13.122577906 CEST	51794	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:13.122848988 CEST	58167	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:13.235382080 CEST	53	51794	1.1.1.1	192.168.2.16
May 15, 2024 12:29:13.235789061 CEST	53	58167	1.1.1.1	192.168.2.16
May 15, 2024 12:29:13.843866110 CEST	52708	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:13.844037056 CEST	58651	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:14.285600901 CEST	53	56851	1.1.1.1	192.168.2.16
May 15, 2024 12:29:14.350229025 CEST	53	51451	1.1.1.1	192.168.2.16
May 15, 2024 12:29:14.833957911 CEST	59866	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:14.834088087 CEST	60281	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:14.944135904 CEST	53	59866	1.1.1.1	192.168.2.16
May 15, 2024 12:29:15.069063902 CEST	53	60281	1.1.1.1	192.168.2.16
May 15, 2024 12:29:37.082483053 CEST	53	64346	1.1.1.1	192.168.2.16
May 15, 2024 12:29:37.514097929 CEST	53	61417	1.1.1.1	192.168.2.16
May 15, 2024 12:29:47.216592073 CEST	53664	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:47.218461037 CEST	58272	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:47.220077038 CEST	60356	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:47.220259905 CEST	62417	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:47.326623917 CEST	53	53664	1.1.1.1	192.168.2.16
May 15, 2024 12:29:47.328788042 CEST	53	58272	1.1.1.1	192.168.2.16
May 15, 2024 12:29:49.003226995 CEST	53	59661	1.1.1.1	192.168.2.16
May 15, 2024 12:29:49.064975023 CEST	52744	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:49.065129042 CEST	59999	53	192.168.2.16	1.1.1.1
May 15, 2024 12:29:49.123039007 CEST	138	138	192.168.2.16	192.168.2.255
May 15, 2024 12:29:49.175393105 CEST	53	59999	1.1.1.1	192.168.2.16
May 15, 2024 12:29:49.175745964 CEST	53	52744	1.1.1.1	192.168.2.16
May 15, 2024 12:30:04.797672033 CEST	53	61748	1.1.1.1	192.168.2.16
May 15, 2024 12:30:14.268208981 CEST	53	57079	1.1.1.1	192.168.2.16
May 15, 2024 12:30:31.217514992 CEST	53	52341	1.1.1.1	192.168.2.16
May 15, 2024 12:30:32.102408886 CEST	63326	53	192.168.2.16	1.1.1.1
May 15, 2024 12:30:32.102646112 CEST	64540	53	192.168.2.16	1.1.1.1
May 15, 2024 12:30:32.212225914 CEST	53	63326	1.1.1.1	192.168.2.16
May 15, 2024 12:30:32.212461948 CEST	53	64540	1.1.1.1	192.168.2.16
May 15, 2024 12:30:33.107749939 CEST	57541	53	192.168.2.16	1.1.1.1
May 15, 2024 12:30:33.108057976 CEST	53222	53	192.168.2.16	1.1.1.1
May 15, 2024 12:30:33.218998909 CEST	53	57541	1.1.1.1	192.168.2.16
May 15, 2024 12:30:33.219289064 CEST	53	53222	1.1.1.1	192.168.2.16
May 15, 2024 12:30:34.313529968 CEST	53	52411	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 15, 2024 12:29:15.069159985 CEST	192.168.2.16	1.1.1.1	c227	(Port unreachable)	Destination Unreachable
May 15, 2024 12:29:47.464741945 CEST	192.168.2.16	1.1.1.1	c2ff	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:37 UTC	785	OUT	GET /api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC HTTP/1.1 Host: api-internal.weblinkconnect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:38 UTC	323	IN	HTTP/1.1 302 Found Date: Wed, 15 May 2024 10:28:38 GMT Content-Length: 0 Connection: close location: https://devbook.net/cloudflare apigw-requestid: Xzstgj1PCYcEPhA= CF-Cache-Status: DYNAMIC Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 884271399adf0318-MIA

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:38 UTC	664	OUT	GET /cloudflare HTTP/1.1 Host: devbook.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:39 UTC	677	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 15 May 2024 10:28:39 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close location: https://devbook.net/cloudflare/ vary: User-Agent,User-Agent alt-svc: h3=":443"; ma=86400 x-turbo-charged-by: LiteSpeed CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBc04cfJbFNAX04hLGrdiPvHp8cr3%2BAR81ghQi4DJmiIhkuX89yvpQfh17vNq7ir9hNMduf2V%2BmzMrJF3O%2Bhha9miMVEHg8Nrx0MEnf7GnhdbSwBx%2BuRGgy0zeIN2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8842713ebb56a4e0-MIA
2024-05-15 10:28:39 UTC	692	IN	Data Raw: 32 62 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c Data Ascii: 2b6<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial,
2024-05-15 10:28:39 UTC	9	IN	Data Raw: 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: /html>
2024-05-15 10:28:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:39 UTC	665	OUT	GET /cloudflare/ HTTP/1.1 Host: devbook.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:42 UTC	648	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding,User-Agent,User-Agent alt-svc: h3=":443"; ma=86400 x-turbo-charged-by: LiteSpeed CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LueGx3pkE4NUzoIcvgmOc5fmuIuDLoMBJFOEtn%2FC07TPdCY2uiXEnpch4Xgig77dpwC3lzy0xDhYuIBP8u9TaEHLyojhgc%2BEvVdEknuMYgrygwoT%2BsQugZqs9thqLg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88427146cc7567c3-MIA
2024-05-15 10:28:42 UTC	721	IN	Data Raw: 62 31 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 46 65 65 64 62 61 63 6b 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 20 74 79 70 65 3d 22 65 37 62 39 Data Ascii: b1a<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Feedback</title><script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer type="e7b9
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 0a 09 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 0d 0a 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 0d 0a 09 67 61 70 3a 31 30 70 78 3b 0d 0a 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 0d 0a 09 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 0d 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 09 0d 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 36 70 78 3b 0d 0a 7d 0d 0a 2e 6c 61 73 74 6d 65 73 73 61 67 65 7b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 Data Ascii: display:flex;flex-direction:column;gap:10px;align-items:center;justify-content:center;text-align: center;line-height:1.6px;}.lastmessage{margin-top:15px;font-size: 14px;color:#A9A9A9;}</style></head><body><div clas
2024-05-15 10:28:42 UTC	759	IN	Data Raw: 20 3d 20 31 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 20 3d 20 27 61 62 73 6f 6c 75 74 65 27 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 74 6f 70 20 3d 20 30 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 6c 65 66 74 20 3d 20 30 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 20 3d 20 27 6e 6f 6e 65 27 3b 5f 30 78 68 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 20 3d 20 27 68 69 64 64 65 6e 27 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 5f 30 78 68 29 3b 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 72 28 29 20 7b 76 61 72 20 5f 30 78 69 20 3d 20 5f 30 78 68 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 20 7c 7c 20 5f 30 78 68 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 20 Data Ascii: = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument \|\| _0xh.contentWindow.document;if
2024-05-15 10:28:42 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-05-15 10:28:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:42 UTC	581	OUT	GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1 Host: devbook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://devbook.net/cloudflare/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:42 UTC	750	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:42 GMT Content-Type: application/javascript Content-Length: 12332 Connection: close Last-Modified: Wed, 08 May 2024 09:31:53 GMT ETag: "663b4689-302c" Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4fP74oTHnM7NSW61FqE3qTNhrXi6ZjBsfT7ina8uUbtL%2FrDfE6V2yP08vp7mFnWVXdczySccFZG2ac8o1uJma8XjmnWZpLtv%2F1OJAdHb5Cvj0%2FaGqN3ySESi9OHNjQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 884271559d4621e7-MIA X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 17 May 2024 10:28:42 GMT Cache-Control: max-age=172800 Cache-Control: public Accept-Ranges: bytes
2024-05-15 10:28:42 UTC	619	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 72 65 74 75 72 6e 22 63 66 2d 6d 61 72 6b 65 72 2d 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2e 74 6f 53 74 72 69 6e 67 28 29 2e 73 6c 69 63 65 28 32 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 65 3d 30 3b 65 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 74 5b 65 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 65 5d 3b 28 6e 3d 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 7c 7c 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 6e 2c 5b 63 6f 6e 73 6f 6c 65 2c 22 5b 52 4f 43 4b 45 54 20 4c 4f 41 44 45 52 5d 20 22 5d 2e 63 6f 6e 63 61 74 28 74 29 29 3b 76 61 72 20 6e 7d 66 75 6e 63 Data Ascii: !function(){"use strict";function t(){return"cf-marker-"+Math.random().toString().slice(2)}function e(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];(n=console.warn\|\|console.log).call.apply(n,[console,"[ROCKET LOADER] "].concat(t));var n}func
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 75 72 6e 20 61 28 74 2c 22 22 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 65 28 29 2c 74 29 72 65 74 75 72 6e 20 74 2e 63 61 6c 6c 28 74 68 69 73 2c 6e 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 2c 65 29 7b 74 2e 6f 6e 6c 6f 61 64 3d 73 28 74 2e 6f 6e 6c 6f 61 64 2c 65 29 2c 74 2e 6f 6e 65 72 72 6f 72 3d 73 28 74 2e 6f 6e 65 72 72 6f 72 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 74 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 28 74 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 22 73 63 72 69 70 74 22 29 3b 65 2e 61 73 79 6e 63 3d 74 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 61 73 79 6e 63 22 29 2c 65 2e 74 65 78 74 43 6f 6e 74 Data Ascii: urn a(t,"")}function s(t,e){return function(n){if(e(),t)return t.call(this,n)}}function u(t,e){t.onload=s(t.onload,e),t.onerror=s(t.onerror,e)}function p(t){var e=document.createElementNS(t.namespaceURI,"script");e.async=t.hasAttribute("async"),e.textCont
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 6e 3d 65 2e 73 70 6c 69 74 28 54 29 3b 72 65 74 75 72 6e 7b 6e 6f 6e 63 65 3a 6e 5b 30 5d 2c 68 61 6e 64 6c 65 72 50 72 65 66 69 78 4c 65 6e 67 74 68 3a 2b 6e 5b 31 5d 2c 62 61 69 6c 6f 75 74 3a 21 74 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 65 66 65 72 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 28 74 29 7b 76 61 72 20 65 3d 42 2b 74 2e 6e 6f 6e 63 65 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 2e 63 61 6c 6c 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 22 2b 65 2b 22 5d 22 29 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6e 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 65 29 2c 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 Data Ascii: urn null;var n=e.split(T);return{nonce:n[0],handlerPrefixLength:+n[1],bailout:!t.hasAttribute("defer")}}function g(t){var e=B+t.nonce;Array.prototype.forEach.call(document.querySelectorAll("["+e+"]"),function(n){n.removeAttribute(e),Array.prototype.forEac
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 74 2f 6a 61 76 61 73 63 72 69 70 74 31 2e 31 22 3a 21 30 2c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 31 2e 32 22 3a 21 30 2c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 31 2e 33 22 3a 21 30 2c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 31 2e 34 22 3a 21 30 2c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 31 2e 35 22 3a 21 30 2c 22 74 65 78 74 2f 6a 73 63 72 69 70 74 22 3a 21 30 2c 22 74 65 78 74 2f 6c 69 76 65 73 63 72 69 70 74 22 3a 21 30 2c 22 74 65 78 74 2f 78 2d 65 63 6d 61 73 63 72 69 70 74 22 3a 21 30 2c 22 74 65 78 74 2f 78 2d 6a 61 76 61 73 63 72 69 70 74 22 3a 21 30 2c 6d 6f 64 75 6c 65 3a 21 30 7d 2c 6b 3d 76 6f 69 64 20 30 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 Data Ascii: t/javascript1.1":!0,"text/javascript1.2":!0,"text/javascript1.3":!0,"text/javascript1.4":!0,"text/javascript1.5":!0,"text/jscript":!0,"text/livescript":!0,"text/x-ecmascript":!0,"text/x-javascript":!0,module:!0},k=void 0!==document.createElement("script")
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 73 4e 6f 6e 63 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 30 3d 3d 3d 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 2e 6e 6f 6e 63 65 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6d 6f 76 65 4e 6f 6e 63 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 74 79 70 65 3d 74 2e 74 79 70 65 2e 73 75 62 73 74 72 28 74 68 69 73 2e 6e 6f 6e 63 65 2e 6c 65 6e 67 74 68 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 6b 65 4e 6f 6e 45 78 65 63 75 74 61 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 74 79 70 65 3d 74 68 69 73 2e 6e 6f 6e 63 65 2b 74 2e 74 79 70 65 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 69 73 50 65 6e 64 69 6e 67 44 65 66 65 72 53 63 72 69 Data Ascii: sNonce=function(t){return 0===(t.getAttribute("type")\|\|"").indexOf(this.nonce)},t.prototype.removeNonce=function(t){t.type=t.type.substr(this.nonce.length)},t.prototype.makeNonExecutable=function(t){t.type=this.nonce+t.type},t.prototype.isPendingDeferScri
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 74 68 69 73 2e 69 6e 73 65 72 74 69 6f 6e 50 6f 69 6e 74 4d 61 72 6b 65 72 3d 74 2c 74 68 69 73 2e 62 75 66 66 65 72 3d 22 22 2c 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 74 5b 6e 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 6e 5d 3b 72 65 74 75 72 6e 20 65 2e 77 72 69 74 65 28 74 2c 21 31 29 7d 2c 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 74 5b 6e 5d 3d 61 72 67 75 6d 65 6e Data Ascii: le=function(t){var e=this;this.insertionPointMarker=t,this.buffer="",document.write=function(){for(var t=[],n=0;n<arguments.length;n++)t[n]=arguments[n];return e.write(t,!1)},document.writeln=function(){for(var t=[],n=0;n<arguments.length;n++)t[n]=argumen
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 6e 26 26 69 28 6e 29 26 26 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 61 73 79 6e 63 22 29 3f 28 72 3d 65 3f 5f 3a 4c 29 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 72 2c 5b 64 6f 63 75 6d 65 6e 74 5d 2e 63 6f 6e 63 61 74 28 74 29 29 3a 74 68 69 73 2e 62 75 66 66 65 72 2b 3d 74 2e 6d 61 70 28 53 74 72 69 6e 67 29 2e 6a 6f 69 6e 28 65 3f 22 5c 6e 22 3a 22 22 29 3b 76 61 72 20 72 7d 2c 74 7d 28 29 2c 6a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 74 3d 74 68 69 73 3b 74 68 69 73 2e 73 69 6d 75 6c 61 74 65 64 52 65 61 64 79 53 74 61 74 65 3d 22 6c 6f 61 64 69 6e 67 22 2c 74 68 69 73 2e 62 79 70 Data Ascii: unction(t,e){var n=document.currentScript;n&&i(n)&&n.hasAttribute("async")?(r=e?_:L).call.apply(r,[document].concat(t)):this.buffer+=t.map(String).join(e?"\n":"");var r},t}(),j=function(){function t(){var t=this;this.simulatedReadyState="loading",this.byp
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 3d 21 30 7d 2c 30 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 75 70 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 50 72 6f 78 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 3b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 45 76 65 6e 74 54 61 72 67 65 74 3f 5b 45 76 65 6e 74 54 61 72 67 65 74 2e 70 72 6f 74 6f 74 79 70 65 5d 3a 5b 4e 6f 64 65 2e 70 72 6f 74 6f 74 79 70 65 2c 57 69 6e 64 6f 77 2e 70 72 6f 74 6f 74 79 70 65 5d 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 70 61 74 63 68 45 76 65 6e 74 54 61 72 67 65 74 4d 65 74 68 6f 64 73 28 65 29 7d 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 61 74 63 68 45 76 65 6e 74 54 61 72 67 65 74 4d 65 74 68 6f 64 73 3d 66 Data Ascii: =!0},0)},t.prototype.setupEventListenerProxy=function(){var t=this;("undefined"!=typeof EventTarget?[EventTarget.prototype]:[Node.prototype,Window.prototype]).forEach(function(e){return t.patchEventTargetMethods(e)})},t.prototype.patchEventTargetMethods=f
2024-05-15 10:28:42 UTC	1369	IN	Data Raw: 61 6c 75 65 3a 6e 65 77 20 6a 7d 29 2c 74 2e 5f 5f 72 6f 63 6b 65 74 4c 6f 61 64 65 72 4c 6f 61 64 50 72 6f 67 72 65 73 73 53 69 6d 75 6c 61 74 6f 72 7d 28 29 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 2c 65 29 7b 74 68 69 73 2e 73 63 72 69 70 74 53 74 61 63 6b 3d 74 2c 74 68 69 73 2e 73 65 74 74 69 6e 67 73 3d 65 2c 74 68 69 73 2e 70 72 65 6c 6f 61 64 48 69 6e 74 73 3d 5b 5d 7d 72 65 74 75 72 6e 20 74 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 73 65 72 74 50 72 65 6c 6f 61 64 48 69 6e 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 3b 74 68 69 73 2e 73 63 72 69 70 74 53 74 61 63 6b 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 61 28 65 2c 74 2e 73 65 74 74 69 6e 67 73 2e 6e Data Ascii: alue:new j}),t.__rocketLoaderLoadProgressSimulator}(),W=function(){function t(t,e){this.scriptStack=t,this.settings=e,this.preloadHints=[]}return t.prototype.insertPreloadHints=function(){var t=this;this.scriptStack.forEach(function(e){if(a(e,t.settings.n
2024-05-15 10:28:42 UTC	761	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 2e 73 63 72 69 70 74 2c 72 3d 74 2e 70 6c 61 63 65 68 6f 6c 64 65 72 2c 6f 3d 74 2e 65 78 74 65 72 6e 61 6c 2c 69 3d 74 2e 61 73 79 6e 63 2c 61 3d 72 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 69 66 28 21 64 6f 63 75 6d 65 6e 74 2e 63 6f 6e 74 61 69 6e 73 28 72 29 29 72 65 74 75 72 6e 20 65 28 22 50 6c 61 63 65 68 6f 6c 64 65 72 20 66 6f 72 20 73 63 72 69 70 74 20 5c 6e 22 2b 6e 2e 6f 75 74 65 72 48 54 4d 4c 2b 22 5c 6e 20 77 61 73 20 64 65 74 61 63 68 65 64 20 66 72 6f 6d 20 64 6f 63 75 6d 65 6e 74 2e 22 2c 22 53 63 72 69 70 74 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 65 78 65 63 75 74 65 64 2e 22 29 2c 6e 75 6c 6c 3b 76 61 72 20 63 3d 74 68 69 73 2e 73 65 74 74 69 6e 67 73 2e 62 6c 6f 63 6b 69 6e 67 26 26 Data Ascii: function(t){var n=t.script,r=t.placeholder,o=t.external,i=t.async,a=r.parentNode;if(!document.contains(r))return e("Placeholder for script \n"+n.outerHTML+"\n was detached from document.","Script will not be executed."),null;var c=this.settings.blocking&&

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:42 UTC	589	OUT	GET /favicon.ico HTTP/1.1 Host: devbook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://devbook.net/cloudflare/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	763	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:43 GMT Content-Type: image/x-icon Content-Length: 43 Connection: close Cache-Control: public, max-age=604800 expires: Mon, 20 May 2024 01:47:34 GMT last-modified: Mon, 26 Oct 2015 08:14:42 GMT vary: User-Agent,User-Agent alt-svc: h3=":443"; ma=86400 x-turbo-charged-by: LiteSpeed CF-Cache-Status: HIT Age: 33421 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3EwlDpdOJhsXYt9SG890jAwJqZTR4rNU9KNsYDoFe8OJqqdvvrBJ8kQdVNh6KUVipI3FTh2B7gMLtws8cLyo7rsuvOLIZUgU3n8YyRfni%2FmjiUS1WcDBPEjttOuNA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88427158ba1eb3bb-MIA
2024-05-15 10:28:43 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff ff ff ff 21 f9 04 01 07 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:42 UTC	522	OUT	GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1 Host: devbook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	642	IN	HTTP/1.1 302 Found Date: Wed, 15 May 2024 10:28:43 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, public location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yx9c3r9QBaC6W5hdNQt0wdatW90svjoLKRv0ThtPBP8vIKXY1N6SPuOaVZDncbrUoJJZIz7wv8pigshliweBUox60uuN%2FND1Y4YTxIHU6vH2PEl67WhreNYn8ZM3%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88427158ce20b3da-MIA alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:42 UTC	539	OUT	GET /turnstile/v0/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://devbook.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	336	IN	HTTP/1.1 302 Found Date: Wed, 15 May 2024 10:28:43 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/1b3559406bc8/api.js cache-control: max-age=300, public Server: cloudflare CF-RAY: 884271596c3467b7-MIA alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:43 UTC	539	OUT	GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js HTTP/1.1 Host: devbook.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	624	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:43 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 7836 Connection: close x-content-type-options: nosniff cache-control: max-age=14400, public Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXVJRkiTznohB5Z30yMDF5kIlAEZMj9onL9IhESb1sZqvLaEbGQvOuf04Dyyu6MdYq%2Bae0vAkiE1a5j%2FZKG70lGpeReOy82yvscbGGxzLGcPybaCnfmMFEsqIT%2Fywg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8842715be9d63361-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:43 UTC	745	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 46 50 57 76 3a 27 67 27 7d 3b 7e 66 75 6e 63 74 69 6f 6e 28 56 2c 67 2c 68 2c 69 2c 6a 2c 6e 2c 6f 2c 41 29 7b 56 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 2c 55 2c 66 2c 43 29 7b 66 6f 72 28 55 3d 62 2c 66 3d 64 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 43 3d 70 61 72 73 65 49 6e 74 28 55 28 32 34 36 29 29 2f 31 2b 70 61 72 73 65 49 6e 74 28 55 28 32 30 35 29 29 2f 32 2b 70 61 72 73 65 49 6e 74 28 55 28 32 33 39 29 29 2f 33 2b 70 61 72 73 65 49 6e 74 28 55 28 31 38 35 29 29 2f 34 2a 28 70 61 72 73 65 49 6e 74 28 55 28 32 30 31 29 29 2f 35 29 2b 70 61 72 73 65 49 6e 74 28 55 28 31 38 31 29 29 2f 36 2b 2d 70 61 72 73 65 49 6e 74 28 55 28 32 30 34 29 29 2f 37 2a 28 70 61 72 73 65 49 6e Data Ascii: window._cf_chl_opt={cFPWv:'g'};~function(V,g,h,i,j,n,o,A){V=b,function(d,e,U,f,C){for(U=b,f=d();!![];)try{if(C=parseInt(U(246))/1+parseInt(U(205))/2+parseInt(U(239))/3+parseInt(U(185))/4(parseInt(U(201))/5)+parseInt(U(181))/6+-parseInt(U(204))/7(parseIn
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 29 2c 4f 3d 30 3b 4f 3c 4e 5b 61 31 28 32 32 36 29 5d 3b 4e 5b 4f 5d 3d 3d 3d 4e 5b 4f 2b 31 5d 3f 4e 5b 61 31 28 32 32 31 29 5d 28 4f 2b 31 2c 31 29 3a 4f 2b 3d 31 29 3b 72 65 74 75 72 6e 20 4e 7d 28 48 29 2c 49 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 49 3d 49 5b 61 30 28 32 32 35 29 5d 5b 61 30 28 32 34 30 29 5d 28 49 29 2c 4a 3d 30 3b 4a 3c 48 5b 61 30 28 32 32 36 29 5d 3b 4b 3d 48 5b 4a 5d 2c 4c 3d 6c 28 43 2c 44 2c 4b 29 2c 49 28 4c 29 3f 28 4d 3d 4c 3d 3d 3d 27 73 27 26 26 21 43 5b 61 30 28 31 39 32 29 5d 28 44 5b 4b 5d 29 2c 61 30 28 31 36 33 29 3d 3d 3d 45 2b 4b 3f 47 28 45 2b 4b 2c 4c 29 3a 4d 7c 7c 47 28 45 2b 4b 2c 44 5b 4b 5d 29 29 3a 47 28 45 2b 4b 2c 4c 29 2c 4a 2b 2b 29 3b 72 65 74 75 72 6e 20 46 3b 66 75 6e 63 74 Data Ascii: ),O=0;O<N[a1(226)];N[O]===N[O+1]?N[a1(221)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(225)][a0(240)](I),J=0;J<H[a0(226)];K=H[J],L=l(C,D,K),I(L)?(M=L==='s'&&!C[a0(192)](D[K]),a0(163)===E+K?G(E+K,L):M\|\|G(E+K,D[K])):G(E+K,L),J++);return F;funct
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3d 30 2c 47 2b 2b 29 3b 66 6f 72 28 54 3d 4a 5b 61 61 28 31 35 37 29 5d 28 30 29 2c 47 3d 30 3b 31 36 3e 47 3b 4f 3d 54 26 31 2e 32 38 7c 4f 3c 3c 31 2e 36 37 2c 50 3d 3d 45 2d 31 3f 28 50 3d 30 2c 4e 5b 61 61 28 31 37 33 29 5d 28 46 28 4f 29 29 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3e 3e 3d 31 2c 47 2b 2b 29 3b 7d 4b 2d 2d 2c 30 3d 3d 4b 26 26 28 4b 3d 4d 61 74 68 5b 61 61 28 31 37 38 29 5d 28 32 2c 4d 29 2c 4d 2b 2b 29 2c 64 65 6c 65 74 65 20 49 5b 4a 5d 7d 65 6c 73 65 20 66 6f 72 28 54 3d 48 5b 4a 5d 2c 47 3d 30 3b 47 3c 4d 3b 4f 3d 4f 3c 3c 31 7c 54 26 31 2e 33 35 2c 45 2d 31 3d 3d 50 3f 28 50 3d 30 2c 4e 5b 61 61 28 31 37 33 29 5d 28 46 28 4f 29 29 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3e 3e 3d 31 2c 47 2b 2b 29 3b 4a 3d 28 4b Data Ascii: ,O=0):P++,T=0,G++);for(T=J[aa(157)](0),G=0;16>G;O=T&1.28\|O<<1.67,P==E-1?(P=0,N[aa(173)](F(O)),O=0):P++,T>>=1,G++);}K--,0==K&&(K=Math[aa(178)](2,M),M++),delete I[J]}else for(T=H[J],G=0;G<M;O=O<<1\|T&1.35,E-1==P?(P=0,N[aa(173)](F(O)),O=0):P++,T>>=1,G++);J=(K
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 61 73 65 20 30 3a 66 6f 72 28 51 3d 30 2c 52 3d 4d 61 74 68 5b 61 64 28 31 37 38 29 5d 28 32 2c 38 29 2c 4d 3d 31 3b 4d 21 3d 52 3b 53 3d 4f 26 4e 2c 4f 3e 3e 3d 31 2c 30 3d 3d 4f 26 26 28 4f 3d 45 2c 4e 3d 46 28 50 2b 2b 29 29 2c 51 7c 3d 4d 2a 28 30 3c 53 3f 31 3a 30 29 2c 4d 3c 3c 3d 31 29 3b 54 3d 65 28 51 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 51 3d 30 2c 52 3d 4d 61 74 68 5b 61 64 28 31 37 38 29 5d 28 32 2c 31 36 29 2c 4d 3d 31 3b 4d 21 3d 52 3b 53 3d 4e 26 4f 2c 4f 3e 3e 3d 31 2c 4f 3d 3d 30 26 26 28 4f 3d 45 2c 4e 3d 46 28 50 2b 2b 29 29 2c 51 7c 3d 4d 2a 28 30 3c 53 3f 31 3a 30 29 2c 4d 3c 3c 3d 31 29 3b 54 3d 65 28 51 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 27 27 7d 66 6f 72 28 4c 3d 47 5b 33 5d 3d 54 2c Data Ascii: ase 0:for(Q=0,R=Math[ad(178)](2,8),M=1;M!=R;S=O&N,O>>=1,0==O&&(O=E,N=F(P++)),Q\|=M(0<S?1:0),M<<=1);T=e(Q);break;case 1:for(Q=0,R=Math[ad(178)](2,16),M=1;M!=R;S=N&O,O>>=1,O==0&&(O=E,N=F(P++)),Q\|=M(0<S?1:0),M<<=1);T=e(Q);break;case 2:return''}for(L=G[3]=T,
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 72 6f 72 20 6f 6e 20 63 66 5f 63 68 6c 5f 70 72 6f 70 73 2c 72 65 61 64 79 53 74 61 74 65 2c 73 70 6c 69 74 2c 63 61 74 63 68 2c 62 69 67 69 6e 74 2c 32 39 39 35 35 34 32 44 79 61 65 51 65 2c 62 69 6e 64 2c 6e 75 6d 62 65 72 2c 69 73 41 72 72 61 79 2c 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 2c 2f 6a 73 64 2f 72 2f 2c 6a 73 64 2c 31 30 39 30 30 32 36 72 45 75 64 4c 4f 2c 66 72 6f 6d 2c 69 66 72 61 6d 65 2c 33 36 32 33 37 35 37 33 79 41 6d 53 44 64 2c 6e 61 76 69 67 61 74 6f 72 2c 63 6f 6e 63 61 74 2c 31 33 38 31 33 30 34 72 6e 6b 4f 77 71 2c 30 2e 30 37 36 33 31 31 30 31 36 32 32 35 37 36 37 34 38 3a 31 37 31 35 37 36 37 37 32 34 3a 41 44 71 50 71 76 5a 78 50 67 59 77 61 61 48 43 66 39 66 4f 4a 47 74 49 62 5a 55 4f 41 73 6a 6a 33 61 4e 4b 49 44 4f 33 51 Data Ascii: ror on cf_chl_props,readyState,split,catch,bigint,2995542DyaeQe,bind,number,isArray,__CF$cv$params,/jsd/r/,jsd,1090026rEudLO,from,iframe,36237573yAmSDd,navigator,concat,1381304rnkOwq,0.07631101622576748:1715767724:ADqPqvZxPgYwaaHCf9fOJGtIbZUOAsjj3aNKIDO3Q
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 2c 43 2c 44 2c 58 2c 45 29 7b 58 3d 56 3b 74 72 79 7b 72 65 74 75 72 6e 20 43 5b 44 5d 5b 58 28 32 33 37 29 5d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 27 70 27 7d 63 61 74 63 68 28 46 29 7b 7d 74 72 79 7b 69 66 28 43 5b 44 5d 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 43 5b 44 5d 3d 3d 3d 76 6f 69 64 20 30 3f 27 75 27 3a 27 78 27 7d 63 61 74 63 68 28 47 29 7b 72 65 74 75 72 6e 27 69 27 7d 72 65 74 75 72 6e 20 65 5b 58 28 31 39 33 29 5d 5b 58 28 32 34 32 29 5d 28 43 5b 44 5d 29 3f 27 61 27 3a 43 5b 44 5d 3d 3d 3d 65 5b 58 28 31 39 33 29 5d 3f 27 70 35 27 3a 21 30 3d 3d 3d 43 5b 44 5d 3f 27 54 27 3a 43 5b 44 5d 3d 3d 3d 21 31 3f 27 46 27 3a 28 45 3d 74 79 70 65 6f 66 20 43 5b 44 5d 2c 58 28 31 36 36 29 3d 3d 45 3f 6b 28 65 2c 43 5b 44 5d 29 3f 27 4e 27 Data Ascii: ,C,D,X,E){X=V;try{return C[D][X(237)](function(){}),'p'}catch(F){}try{if(C[D]==null)return C[D]===void 0?'u':'x'}catch(G){return'i'}return e[X(193)][X(242)](C[D])?'a':C[D]===e[X(193)]?'p5':!0===C[D]?'T':C[D]===!1?'F':(E=typeof C[D],X(166)==E?k(e,C[D])?'N'
2024-05-15 10:28:43 UTC	246	IN	Data Raw: 2e 27 2c 45 29 2c 68 5b 61 33 28 31 37 32 29 5d 5b 61 33 28 31 37 39 29 5d 28 43 29 2c 46 3d 7b 7d 2c 46 2e 72 3d 45 2c 46 2e 65 3d 6e 75 6c 6c 2c 46 7d 63 61 74 63 68 28 48 29 7b 72 65 74 75 72 6e 20 47 3d 7b 7d 2c 47 2e 72 3d 7b 7d 2c 47 2e 65 3d 48 2c 47 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 64 2c 61 34 29 7b 72 65 74 75 72 6e 20 61 34 3d 56 2c 4d 61 74 68 5b 61 34 28 31 35 38 29 5d 28 29 3c 64 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 64 2c 65 2c 57 29 7b 72 65 74 75 72 6e 20 57 3d 56 2c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 64 5b 57 28 32 32 33 29 5d 26 26 30 3c 64 5b 57 28 32 32 33 29 5d 5b 57 28 31 39 37 29 5d 5b 57 28 32 30 38 29 5d 5b 57 28 32 31 33 29 5d 28 65 29 5b 57 28 32 33 32 29 5d 28 57 28 31 37 35 29 29 7d 7d 28 29 Data Ascii: .',E),h[a3(172)][a3(179)](C),F={},F.r=E,F.e=null,F}catch(H){return G={},G.r={},G.e=H,G}}function v(d,a4){return a4=V,Math[a4(158)]()<d}function k(d,e,W){return W=V,e instanceof d[W(223)]&&0<d[W(223)][W(197)][W(208)][W(213)](e)[W(232)](W(175))}}()

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:43 UTC	554	OUT	GET /turnstile/v0/g/1b3559406bc8/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://devbook.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	346	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:43 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 42617 Connection: close cross-origin-resource-policy: cross-origin access-control-allow-origin: * cache-control: max-age=604800, public Server: cloudflare CF-RAY: 8842715c7e576db5-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:43 UTC	1023	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 45 74 28 65 2c 61 2c 72 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 62 3d 65 5b 75 5d 28 67 29 2c 5f 3d 62 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 72 28 73 29 3b 72 65 74 75 72 6e 7d 62 2e 64 6f 6e 65 3f 61 28 5f 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 5f 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 77 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2c 72 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 61 2c 72 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Et(e,a,r,o,c,u,g){try{var b=e[u](g),_=b.value}catch(s){r(s);return}b.done?a(_):Promise.resolve(_).then(o,c)}function wt(e){return function(){var a=this,r=arguments;return new Promise(function(o,c){var u=e.apply(a,r);funct
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 72 2e 70 75 73 68 2e 61 70 70 6c 79 28 72 2c 6f 29 7d 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 65 2c 61 29 7b 72 65 74 75 72 6e 20 61 3d 61 21 3d 6e 75 6c 6c 3f 61 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 28 61 29 29 3a 66 72 28 4f 62 6a 65 63 74 28 61 29 29 2e 66 6f 72 45 61 63 68 Data Ascii: r(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),r.push.apply(r,o)}return r}function Tt(e,a){return a=a!=null?a:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(a)):fr(Object(a)).forEach
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 43 65 28 65 2c 61 29 7b 76 61 72 20 72 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 5b 30 5d 26 31 29 74 68 72 6f 77 20 75 5b 31 5d 3b 72 65 74 75 72 6e 20 75 5b 31 5d 7d 2c 74 72 79 73 3a 5b 5d 2c 6f 70 73 3a 5b 5d 7d 2c 6f 2c 63 2c 75 2c 67 3b 72 65 74 75 72 6e 20 67 3d 7b 6e 65 78 74 3a 62 28 30 29 2c 74 68 72 6f 77 3a 62 28 31 29 2c 72 65 74 75 72 6e 3a 62 28 32 29 7d 2c 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 67 Data Ascii: urn e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ce(e,a){var r={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:b(0),throw:b(1),return:b(2)},typeof Symbol=="function"&&(g
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 43 74 3d 33 30 30 30 32 30 3b 76 61 72 20 4e 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c 65 2e 4e 4f 4e 5f 49 4e 54 45 52 41 43 54 49 56 45 3d 22 6e 6f 6e 2d 69 6e 74 65 72 61 63 74 69 76 65 22 2c 65 2e 49 4e 56 49 53 49 42 4c 45 3d 22 69 6e 76 69 73 69 62 6c 65 22 7d 29 28 55 7c 7c 28 55 3d 7b 7d 29 29 3b 76 61 72 20 48 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 4f 52 4d 41 4c 3d 22 6e 6f 72 6d 61 6c 22 Data Ascii: ked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Ct=300020;var Ne=300030;var U;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(U\|\|(U={}));var H;(function(e){e.NORMAL="normal"
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 3d 22 73 74 72 69 6e 67 22 26 26 76 72 2e 74 65 73 74 28 65 29 7d 76 61 72 20 6d 72 3d 2f 5e 5b 61 2d 7a 30 2d 39 5f 5c 2d 3d 5d 7b 30 2c 32 35 35 7d 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 5a 65 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 30 3a 74 79 70 65 6f 66 20 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 6d 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 65 74 28 65 29 7b 72 65 74 75 72 6e 20 6b 28 5b 22 6e 6f 72 6d 61 6c 22 2c 22 63 6f 6d 70 61 63 74 22 2c 22 69 6e 76 69 73 69 62 6c 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 29 7b 72 65 74 75 72 6e 20 6b 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 72 74 28 65 29 7b 72 65 74 75 72 6e Data Ascii: ="string"&&vr.test(e)}var mr=/^[a-z0-9_\-=]{0,255}$/i;function Ze(e){return e===void 0?!0:typeof e=="string"&&mr.test(e)}function et(e){return k(["normal","compact","invisible"],e)}function tt(e){return k(["auto","manual","never"],e)}function rt(e){return
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 5f 2c 22 74 75 72 6e 73 74 69 6c 65 2f 69 66 2f 6f 76 32 2f 61 76 30 2f 72 63 76 22 29 2e 63 6f 6e 63 61 74 28 6f 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 61 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2e 73 69 7a 65 29 2e 63 6f 6e 63 61 74 28 73 29 7d 66 75 6e 63 74 69 6f 6e 20 4c 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 65 6e 20 69 6e 69 74 69 61 6c 69 73 65 64 20 2d 20 73 75 70 65 72 28 29 20 68 61 73 6e 27 74 20 62 65 65 6e 20 63 61 6c 6c 65 64 22 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 2c Data Ascii: _,"turnstile/if/ov2/av0/rcv").concat(o,"/").concat(e,"/").concat(a,"/").concat(r.theme,"/").concat(r.size).concat(s)}function Le(e){if(e===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}function Bt(e,
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 28 6f 29 7b 69 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 47 74 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 61 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 61 2e 68 61 73 28 6f 29 29 72 65 74 75 72 6e 20 61 2e 67 65 74 28 6f 29 3b 61 2e 73 65 74 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 72 65 74 75 72 6e 20 62 65 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 72 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 Data Ascii: nction(o){if(o===null\|\|!Gt(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof a!="undefined"){if(a.has(o))return a.get(o);a.set(o,c)}function c(){return be(o,arguments,re(this).construct
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 6e 64 20 54 75 72 6e 73 74 69 6c 65 20 73 63 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 61 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 61 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 72 3d 65 2e 73 72 63 2c 6f 3d 72 2e 73 70 6c 69 74 28 22 3f 22 29 3b 72 65 74 75 72 6e 20 6f 2e 6c 65 6e 67 74 68 3e 31 26 26 28 61 2e 70 61 72 61 6d 73 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 6f 5b 31 5d 29 29 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 46 28 29 7b Data Ascii: nd Turnstile script tag, some features may not be available",43777);var a={loadedAsync:!1,params:new URLSearchParams};(e.async\|\|e.defer)&&(a.loadedAsync=!0);var r=e.src,o=r.split("?");return o.length>1&&(a.params=new URLSearchParams(o[1])),a}function F(){
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 30 70 78 22 2c 68 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 68 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 32 30 22 2c 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 57 69 64 74 68 3d 22 31 70 78 22 2c 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 43 6f 6c 6f 72 3d 22 23 30 30 30 22 2c 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 53 74 79 6c 65 3d 22 73 6f 6c 69 64 22 2c 68 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 2c 68 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 52 61 64 69 75 73 3d 22 31 30 70 78 22 2c 68 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 2d 31 32 32 70 78 22 2c 68 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 2d 39 31 70 78 22 2c 68 2e 73 74 79 6c 65 2e Data Ascii: 0px",h.style.position="absolute",h.style.zIndex="21474836420",h.style.borderWidth="1px",h.style.borderColor="#000",h.style.borderStyle="solid",h.style.backgroundColor="#ffffff",h.style.borderRadius="10px",h.style.left="-122px",h.style.top="-91px",h.style.
2024-05-15 10:28:43 UTC	1369	IN	Data Raw: 29 3b 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 74 72 6f 6b 65 2d 77 69 64 74 68 22 2c 22 33 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 74 72 6f 6b 65 22 2c 22 23 66 66 66 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 66 69 6c 6c 22 2c 22 6e 6f 6e 65 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 31 22 2c 22 36 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 32 22 2c 22 31 38 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 79 31 22 2c 22 31 38 22 29 2c 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 79 32 22 2c 22 35 22 29 2c 6e 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 3b 76 61 72 20 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 28 22 68 74 74 70 3a Data Ascii: );t.setAttribute("stroke-width","3"),t.setAttribute("stroke","#fff"),t.setAttribute("fill","none"),t.setAttribute("x1","6"),t.setAttribute("x2","18"),t.setAttribute("y1","18"),t.setAttribute("y2","5"),n.appendChild(t);var d=document.createElementNS("http:

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:43 UTC	610	OUT	POST /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1 Host: devbook.net Connection: keep-alive Content-Length: 15775 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://devbook.net Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:43 UTC	15775	OUT	Data Raw: 7b 22 77 70 22 3a 22 32 53 66 7a 59 31 51 41 59 4a 66 59 6d 69 76 51 6b 51 5a 6c 42 7a 31 36 6c 78 4d 6c 2d 48 2d 63 63 31 41 51 75 57 6c 45 4b 36 6e 4b 68 66 6c 73 45 38 55 76 4b 4a 51 74 6c 6d 6b 66 67 72 53 53 6c 78 6f 63 6c 24 6c 63 36 63 66 51 6c 4c 63 51 77 76 49 7a 6f 4a 53 64 39 47 7a 45 4b 2b 53 4d 78 50 74 5a 69 67 4f 7a 77 2b 59 79 4d 44 51 50 57 45 6f 2d 6c 59 66 66 52 2d 73 31 64 72 6c 35 67 72 68 61 64 6c 61 7a 69 73 6c 31 79 66 6c 2d 7a 31 31 7a 2b 6d 7a 2d 6c 51 4b 6c 42 4a 70 6c 51 44 64 6c 71 6a 41 78 67 53 38 51 78 6f 72 66 6c 31 6a 64 6c 31 76 55 42 6c 55 31 6c 51 64 4c 68 62 66 47 74 4d 36 31 67 31 51 61 77 4d 53 57 59 2b 30 58 61 45 6c 48 7a 31 2d 46 43 53 6c 41 70 53 4b 69 68 45 33 4c 67 6c 55 58 61 6f 2b 48 78 7a 6c 62 6f 48 68 2d Data Ascii: {"wp":"2SfzY1QAYJfYmivQkQZlBz16lxMl-H-cc1AQuWlEK6nKhflsE8UvKJQtlmkfgrSSlxocl$lc6cfQlLcQwvIzoJSd9GzEK+SMxPtZigOzw+YyMDQPWEo-lYffR-s1drl5grhadlazisl1yfl-z11z+mz-lQKlBJplQDdlqjAxgS8Qxorfl1jdl1vUBlU1lQdLhbfGtM61g1QawMSWY+0XaElHz1-FCSlApSKihE3LglUXao+HxzlboHh-
2024-05-15 10:28:44 UTC	834	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:44 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 0 Connection: close Set-Cookie: cf_clearance=zOFoNiYa6it0WCGfRzraMJPoRNgTY6lqOGiMCpVtF7o-1715768924-1.0.1.1-J8oA6FwRuNVVgTEgAsCaP6W88p4A4NP8Wrjaq1v3m6dhSO_yyVNc2R9nrcICyaNv_7uoB.ry0mZMOPlCE0xIAA; Path=/; Expires=Thu, 15-May-25 10:28:44 GMT; Domain=.devbook.net; HttpOnly; Secure; SameSite=None; Partitioned Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XtRoCzfnUrVH4D7PWYE7I%2B4eMuSj2wAC2oo8wrvEwHT%2FmzV4NppU3j6hz3%2BJsmNz5zzt4tns%2BDgEQJ%2BqW%2BcDbhXhnjvVNOKrGqqSG30JuygSQ8qZelGMjDIWFT%2Bzw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8842715e7e486dd7-MIA alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	784	OUT	GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://devbook.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:44 UTC	1362	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 79454 Connection: close cross-origin-embedder-policy: require-corp cross-origin-resource-policy: cross-origin document-policy: js-profiling origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-opener-policy: same-origin cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin
2024-05-15 10:28:44 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 38 34 32 37 31 36 30 37 61 61 39 36 63 38 38 2d 4d 49 41 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 884271607aa96c88-MIAalt-svc: h3=":443"; ma=86400
2024-05-15 10:28:44 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 37 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 20 Data Ascii: 00%; height: 100%; overflow: hidden;}body { margin: 0; background-color: #fff; padding: 0; width: 100%; height: 100%; overflow: hidden; line-height: 17px; color: #1d1f20; font-family: -apple-system, system-ui, blinkmacsystemfont,
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 6d 69 74 65 72 6c 69 6d 69 74 3a 20 31 30 3b 0a 7d 0a 0a 23 73 75 63 63 65 73 73 2d 69 63 6f 6e 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 38 70 78 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 69 6e 73 65 74 20 30 20 30 20 30 20 23 30 33 38 31 32 37 3b 0a 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 2d 75 70 2d 63 65 6e 74 65 72 20 30 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 35 35 2c 20 30 2e 30 38 35 2c 20 30 2e 36 38 2c 20 30 2e 35 33 29 20 62 6f 74 68 3b 0a 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 20 Data Ascii: miterlimit: 10;}#success-icon { display: flex; margin-right: 8px; border-radius: 50%; box-shadow: inset 0 0 0 #038127; width: 30px; height: 30px; animation: scale-up-center 0.6s cubic-bezier(0.55, 0.085, 0.68, 0.53) both; stroke-width:
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 61 3a 66 6f 63 75 73 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 39 34 39 34 39 34 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 64 61 64 61 64 61 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b Data Ascii: a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus { color: #949494;}.theme-dark .cb-lb .cb-i { border: 2px solid #dadada; background-color: #222;}.theme-dark
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 71 72 20 7b 0a 20 20 66 69 6c 6c 3a 20 72 67 62 28 32 34 33 2c 20 31 32 38 2c 20 33 32 29 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 20 7b 0a 20 20 66 69 6c 6c 3a 20 23 66 66 66 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 62 62 62 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 2c Data Ascii: border-color: #666; background-color: #222;}.theme-dark #qr { fill: rgb(243, 128, 32);}.theme-dark .logo-text { fill: #fff;}.theme-dark #fr-helper-link,.theme-dark #fr-helper-loop-link { color: #bbb;}.theme-dark #fr-helper-link:visited,
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 63 6f 6c 6f 72 3a 20 23 66 61 66 61 66 61 3b 0a 7d 0a 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 64 65 31 33 30 33 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 78 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 2c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 Data Ascii: color: #fafafa;}#challenge-overlay,#challenge-error-text { text-align: center; line-height: 10px; color: #de1303; font-size: 9px;}#challenge-overlay a,#challenge-error-text a { color: #1d1f20;}#challenge-overlay a:visited, #challenge-ov
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 74 3a 61 63 74 69 76 65 20 7e 20 73 70 61 6e 2e 63 62 2d 6c 62 2d 74 20 7b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 63 34 34 64 30 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 73 70 61 6e 2e 63 62 2d 6c 62 2d 74 20 7b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 20 73 63 61 6c 65 28 31 29 3b 0a 20 20 Data Ascii: t:active ~ span.cb-lb-t { text-decoration: underline;}.cb-lb input:focus ~ .cb-i { border: 2px solid #c44d0e;}.cb-lb input:focus ~ span.cb-lb-t { text-decoration: underline;}.cb-lb input:checked ~ .cb-i { transform: rotate(0deg) scale(1);
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 66 6c 65 78 2d 66 6c 6f 77 3a 20 72 6f 77 2d 72 65 76 65 72 73 65 20 77 72 61 70 3b 0a 20 20 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 20 66 6c 65 78 2d 73 74 61 72 74 3b 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 20 31 36 70 78 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 Data Ascii: .size-compact .cb-container { margin-top: 3px; margin-left: 0;}.size-compact #branding { display: flex; flex-flow: row-reverse wrap; place-content: center flex-start; align-items: center; margin: 5px 16px 0; padding-right: 0; text-alig
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 74 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 39 30 70 78 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 66 2d 73 74 61 67 65 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 34 38 70 78 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 Data Ascii: t: 0; width: 90px; text-align: center;}.rtl .size-compact #branding { padding-right: 0; padding-left: 0; text-align: center;}.rtl .size-compact #terms { text-align: center;}.rtl .size-compact #cf-stage { padding-right: 48px;}.rtl .si

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	388	OUT	GET /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1 Host: devbook.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:44 UTC	704	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 May 2024 10:28:44 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: j4kYdidwGuVep1ZeKtzp1w==$YNyj8CUOZQpA0h5pmjVS8w== Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FCBUbl4Prk48QH11ZIyudVuBQR08qdMLgx9AGvfN4lVQHddXb06xIj6H02XB3z4%2FKm%2Bb95OKAduOO2uZue6qgm7oD4%2BHiMkCKn8IfMN3ltn6%2BREu9yerFj4jt49ejA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88427162490312a3-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:44 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	710	OUT	GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=884271607aa96c88 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:44 UTC	331	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:44 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 442132 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 88427163baad31d1-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:44 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 7e 66 75 6e 63 74 69 6f 6e 28 69 7a 2c 66 46 2c 66 47 2c 66 48 2c 66 49 2c 66 4d 2c 66 4e 2c 66 54 2c 66 55 2c 67 71 2c 67 75 2c 67 76 2c 67 7a 2c 67 42 2c 67 43 2c 67 44 2c 67 45 2c 67 46 2c 67 47 2c 67 48 2c 67 49 2c 67 4a 2c 67 4b 2c 67 4c 2c 67 4d 2c 67 4e 2c 67 4f 2c 67 50 2c 67 51 2c 67 52 2c 67 53 2c 67 54 2c 67 55 2c 67 56 2c 67 57 2c 67 58 2c 67 59 2c 67 5a 2c 68 30 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 37 2c 68 38 2c 68 39 2c 68 61 2c 68 62 2c 68 63 2c 68 64 2c 68 65 2c 68 66 2c 68 67 2c 68 68 2c 68 69 2c 68 6a 2c 68 6b 2c 68 6c 2c 68 6d 2c 68 6e 2c 68 6f 2c 68 70 2c 68 71 2c 68 72 2c 68 73 2c 68 74 2c 68 75 2c 68 76 2c 68 77 2c 68 79 2c Data Ascii: window._cf_chl_opt.uaO=false;~function(iz,fF,fG,fH,fI,fM,fN,fT,fU,gq,gu,gv,gz,gB,gC,gD,gE,gF,gG,gH,gI,gJ,gK,gL,gM,gN,gO,gP,gQ,gR,gS,gT,gU,gV,gW,gX,gY,gZ,h0,h1,h2,h3,h4,h5,h6,h7,h8,h9,ha,hb,hc,hd,he,hf,hg,hh,hi,hj,hk,hl,hm,hn,ho,hp,hq,hr,hs,ht,hu,hv,hw,hy,
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 48 29 7b 72 65 74 75 72 6e 20 48 3d 3d 3d 47 7d 2c 27 68 44 74 45 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 48 3d 3d 3d 47 7d 2c 27 6e 55 59 6b 74 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3d 3d 3d 48 7d 2c 27 46 72 64 4b 78 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3c 48 7d 2c 27 72 7a 75 70 59 27 3a 69 44 28 31 37 30 38 29 2c 27 4d 43 61 45 67 27 3a 69 44 28 32 33 36 32 29 2c 27 47 61 42 46 64 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3d 3d 3d 48 7d 2c 27 57 6a 75 4f 49 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 2b 48 7d 7d 2c 6f 5b 69 44 28 31 32 30 37 29 5d 28 6e 75 6c 6c 2c 68 29 7c 7c 6f 5b 69 44 28 31 Data Ascii: H){return H===G},'hDtEk':function(G,H){return H===G},'nUYkt':function(G,H){return G===H},'FrdKx':function(G,H){return G<H},'rzupY':iD(1708),'MCaEg':iD(2362),'GaBFd':function(G,H){return G===H},'WjuOI':function(G,H){return G+H}},o[iD(1207)](null,h)\|\|o[iD(1
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 32 31 30 35 29 5d 28 4c 5b 69 49 28 31 33 37 38 29 5d 28 4c 5b 69 49 28 32 31 30 35 29 5d 28 4c 5b 69 49 28 32 38 31 38 29 5d 28 69 49 28 37 37 36 29 2c 4e 29 2b 69 49 28 32 32 33 37 29 2c 4e 29 2c 69 49 28 31 39 32 39 29 29 2c 4e 29 2c 69 49 28 31 37 30 34 29 29 2b 4b 2b 69 49 28 31 30 38 38 29 7d 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 35 27 3a 4c 3d 7b 27 46 51 6d 71 79 27 3a 66 75 6e 63 74 69 6f 6e 28 4d 29 7b 72 65 74 75 72 6e 20 4d 28 29 7d 2c 27 59 72 51 4b 52 27 3a 66 75 6e 63 74 69 6f 6e 28 4d 2c 4e 29 7b 72 65 74 75 72 6e 20 4d 2b 4e 7d 2c 27 47 42 58 6b 6e 27 3a 66 75 6e 63 74 69 6f 6e 28 4d 2c 4e 2c 69 4a 29 7b 72 65 74 75 72 6e 20 69 4a 3d 69 44 2c 6f 5b 69 4a 28 31 33 30 38 29 5d 28 4d 2c 4e 29 7d 2c 27 51 53 63 63 6a 27 3a 66 75 6e Data Ascii: 2105)](L[iI(1378)](L[iI(2105)](L[iI(2818)](iI(776),N)+iI(2237),N),iI(1929)),N),iI(1704))+K+iI(1088)});continue;case'5':L={'FQmqy':function(M){return M()},'YrQKR':function(M,N){return M+N},'GBXkn':function(M,N,iJ){return iJ=iD,o[iJ(1308)](M,N)},'QSccj':fun
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 3d 3d 3d 6f 7d 2c 27 6b 68 67 50 73 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 28 6f 29 7d 7d 2c 6a 3d 4f 62 6a 65 63 74 5b 69 4b 28 32 38 30 30 29 5d 28 68 29 2c 6b 3d 30 3b 6b 3c 6a 5b 69 4b 28 31 31 35 34 29 5d 3b 6b 2b 2b 29 69 66 28 6c 3d 6a 5b 6b 5d 2c 69 5b 69 4b 28 34 35 36 29 5d 28 27 66 27 2c 6c 29 26 26 28 6c 3d 27 4e 27 29 2c 67 5b 6c 5d 29 7b 66 6f 72 28 6d 3d 30 3b 6d 3c 68 5b 6a 5b 6b 5d 5d 5b 69 4b 28 31 31 35 34 29 5d 3b 69 5b 69 4b 28 34 35 36 29 5d 28 2d 31 2c 67 5b 6c 5d 5b 69 4b 28 31 30 39 33 29 5d 28 68 5b 6a 5b 6b 5d 5d 5b 6d 5d 29 29 26 26 28 69 5b 69 4b 28 32 35 30 34 29 5d 28 66 4e 2c 68 5b 6a 5b 6b 5d 5d 5b 6d 5d 29 7c 7c 67 5b 6c 5d 5b 69 4b 28 Data Ascii: tion(n,o){return n===o},'khgPs':function(n,o){return n(o)}},j=Object[iK(2800)](h),k=0;k<j[iK(1154)];k++)if(l=j[k],i[iK(456)]('f',l)&&(l='N'),g[l]){for(m=0;m<h[j[k]][iK(1154)];i[iK(456)](-1,g[l][iK(1093)](h[j[k]][m]))&&(i[iK(2504)](fN,h[j[k]][m])\|\|g[l][iK(
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 68 3c 3c 69 7d 2c 27 71 4d 50 65 56 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 44 42 64 6c 75 27 3a 6b 35 28 32 39 36 39 29 2c 27 78 71 7a 4a 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 55 43 48 65 71 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 73 56 4d 6c 51 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 49 4a 6e 75 41 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 71 79 4c 70 4f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 78 51 62 45 75 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 Data Ascii: h<<i},'qMPeV':function(h,i){return h-i},'DBdlu':k5(2969),'xqzJz':function(h,i){return i==h},'UCHeq':function(h,i){return h&i},'sVMlQ':function(h,i){return h==i},'IJnuA':function(h,i){return i&h},'qyLpO':function(h,i){return h(i)},'xQbEu':function(h,i){ret
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 75 72 6e 27 27 3b 66 6f 72 28 44 3d 7b 7d 2c 45 3d 7b 7d 2c 46 3d 27 27 2c 47 3d 32 2c 48 3d 33 2c 49 3d 32 2c 4a 3d 5b 5d 2c 4b 3d 30 2c 4c 3d 30 2c 4d 3d 30 3b 64 5b 6b 37 28 32 34 33 34 29 5d 28 4d 2c 6a 5b 6b 37 28 31 31 35 34 29 5d 29 3b 4d 2b 3d 31 29 69 66 28 4e 3d 6a 5b 6b 37 28 31 33 37 31 29 5d 28 4d 29 2c 4f 62 6a 65 63 74 5b 6b 37 28 32 31 32 38 29 5d 5b 6b 37 28 31 31 33 30 29 5d 5b 6b 37 28 33 31 30 37 29 5d 28 44 2c 4e 29 7c 7c 28 44 5b 4e 5d 3d 48 2b 2b 2c 45 5b 4e 5d 3d 21 30 29 2c 4f 3d 46 2b 4e 2c 4f 62 6a 65 63 74 5b 6b 37 28 32 31 32 38 29 5d 5b 6b 37 28 31 31 33 30 29 5d 5b 6b 37 28 33 31 30 37 29 5d 28 44 2c 4f 29 29 46 3d 4f 3b 65 6c 73 65 7b 69 66 28 4f 62 6a 65 63 74 5b 6b 37 28 32 31 32 38 29 5d 5b 6b 37 28 31 31 33 30 29 5d 5b Data Ascii: urn'';for(D={},E={},F='',G=2,H=3,I=2,J=[],K=0,L=0,M=0;d[k7(2434)](M,j[k7(1154)]);M+=1)if(N=j[k7(1371)](M),Object[k7(2128)][k7(1130)][k7(3107)](D,N)\|\|(D[N]=H++,E[N]=!0),O=F+N,Object[k7(2128)][k7(1130)][k7(3107)](D,O))F=O;else{if(Object[k7(2128)][k7(1130)][
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 31 34 29 5d 2c 46 5b 6b 37 28 33 31 31 34 29 5d 5b 6b 37 28 32 34 35 37 29 5d 29 3b 65 6c 73 65 7b 66 6f 72 28 50 3d 31 2c 43 3d 30 3b 43 3c 49 3b 4b 3d 64 5b 6b 37 28 31 35 34 30 29 5d 28 4b 3c 3c 31 2e 32 31 2c 50 29 2c 64 5b 6b 37 28 31 30 38 39 29 5d 28 4c 2c 6f 2d 31 29 3f 28 4c 3d 30 2c 4a 5b 6b 37 28 31 33 35 30 29 5d 28 64 5b 6b 37 28 31 30 39 30 29 5d 28 73 2c 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3d 30 2c 43 2b 2b 29 3b 66 6f 72 28 50 3d 46 5b 6b 37 28 32 30 32 33 29 5d 28 30 29 2c 43 3d 30 3b 31 36 3e 43 3b 4b 3d 64 5b 6b 37 28 33 31 39 39 29 5d 28 4b 2c 31 29 7c 31 2e 31 39 26 50 2c 4c 3d 3d 64 5b 6b 37 28 31 31 31 34 29 5d 28 6f 2c 31 29 3f 28 4c 3d 30 2c 4a 5b 6b 37 28 31 33 35 30 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 Data Ascii: 14)],F[k7(3114)][k7(2457)]);else{for(P=1,C=0;C<I;K=d[k7(1540)](K<<1.21,P),d[k7(1089)](L,o-1)?(L=0,J[k7(1350)](d[k7(1090)](s,K)),K=0):L++,P=0,C++);for(P=F[k7(2023)](0),C=0;16>C;K=d[k7(3199)](K,1)\|1.19&P,L==d[k7(1114)](o,1)?(L=0,J[k7(1350)](s(K)),K=0):L++,P
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 2e 35 37 5e 74 68 69 73 2e 67 5d 5b 31 5d 5b 6b 61 28 32 30 32 33 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 35 33 5d 5b 30 5d 2b 2b 29 26 32 35 35 2e 39 39 5e 32 33 30 2e 37 39 2c 51 5b 50 5d 2e 6c 3d 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 4f 5d 3b 65 6c 73 65 20 69 66 28 4f 21 3d 3d 31 31 35 29 7b 69 66 28 64 5b 6b 61 28 31 38 39 36 29 5d 28 31 31 34 2c 4f 29 29 7b 66 6f 72 28 4f 3d 30 3b 4f 3c 50 3b 52 3d 6a 28 74 68 69 73 29 2c 53 3d 7b 7d 2c 53 2e 6c 3d 76 6f 69 64 20 30 2c 51 5b 52 5d 3d 53 2c 4f 2b 2b 29 3b 7d 7d 65 6c 73 65 20 4f 3d 64 5b 6b 61 28 32 38 39 30 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 35 33 5d 5b 33 5d 5e 32 34 37 2b 74 68 69 73 2e 68 5b 64 5b 6b 61 28 31 31 32 35 29 5d 28 31 35 33 2c 74 68 69 73 2e 67 29 Data Ascii: .57^this.g][1][ka(2023)](this.h[this.g^153][0]++)&255.99^230.79,Q[P].l=this.h[this.g^O];else if(O!==115){if(d[ka(1896)](114,O)){for(O=0;O<P;R=j(this),S={},S.l=void 0,Q[R]=S,O++);}}else O=d[ka(2890)](this.h[this.g^153][3]^247+this.h[d[ka(1125)](153,this.g)
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 44 5b 6b 61 28 31 33 35 30 29 5d 28 4d 29 2c 73 5b 42 2b 2b 5d 3d 45 2b 4d 5b 6b 61 28 31 33 37 31 29 5d 28 30 29 2c 78 2d 2d 2c 45 3d 4d 2c 30 3d 3d 78 26 26 28 78 3d 4d 61 74 68 5b 6b 61 28 32 36 39 35 29 5d 28 32 2c 43 29 2c 43 2b 2b 29 7d 7d 7d 2c 67 3d 7b 7d 2c 67 5b 6b 35 28 33 32 33 34 29 5d 3d 66 2e 68 2c 67 7d 28 29 2c 66 46 5b 69 7a 28 31 36 36 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6b 62 2c 64 2c 65 2c 66 2c 67 29 7b 6b 62 3d 69 7a 2c 64 3d 7b 7d 2c 64 5b 6b 62 28 39 39 32 29 5d 3d 6b 62 28 31 36 33 38 29 2c 64 5b 6b 62 28 31 39 34 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 21 3d 3d 68 7d 2c 64 5b 6b 62 28 32 31 37 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 Data Ascii: return null;D[ka(1350)](M),s[B++]=E+M[ka(1371)](0),x--,E=M,0==x&&(x=Math[ka(2695)](2,C),C++)}}},g={},g[k5(3234)]=f.h,g}(),fF[iz(1666)]=function(kb,d,e,f,g){kb=iz,d={},d[kb(992)]=kb(1638),d[kb(1944)]=function(h,i){return i!==h},d[kb(2175)]=function(h,i){r
2024-05-15 10:28:44 UTC	1369	IN	Data Raw: 3d 3d 44 7d 2c 69 5b 6b 64 28 32 34 35 31 29 5d 3d 6b 64 28 31 35 35 35 29 2c 69 5b 6b 64 28 32 34 39 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 7c 7c 44 7d 2c 69 5b 6b 64 28 31 37 32 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 5b 6b 64 28 32 36 33 37 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 5b 6b 64 28 36 32 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 5b 6b 64 28 36 31 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 5b 6b 64 28 31 35 30 36 29 5d 3d 6b 64 28 33 30 38 38 29 2c 69 5b 6b 64 28 31 37 36 34 29 5d 3d 6b 64 28 31 33 34 39 Data Ascii: ==D},i[kd(2451)]=kd(1555),i[kd(2492)]=function(C,D){return C\|\|D},i[kd(1722)]=function(C,D){return C+D},i[kd(2637)]=function(C,D){return C+D},i[kd(626)]=function(C,D){return C+D},i[kd(618)]=function(C,D){return C+D},i[kd(1506)]=kd(3088),i[kd(1764)]=kd(1349

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	785	OUT	GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:44 UTC	240	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:44 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 884271644c1174b0-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:44 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	388	OUT	GET /cdn-cgi/challenge-platform/h/g/jsd/r/88427146cc7567c3 HTTP/1.1 Host: devbook.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:45 UTC	698	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 May 2024 10:28:45 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: PCCVWQytVZluG6LiUD5Nhg==$xZnz8k3X89CVbQtpVQt3KA== Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOk%2FmzxwKQU1LEkW5ozR4ItSj73ImLV1ilas6GcfmVvTXbAKkPAqUFxRIF2zbJgTFSdnzteGWp3uHDrixwxbZA7IpoBmlecZ8OijBbWWwY3JJ5xx7Ov2yDaVbYRGqw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88427165683bdb2d-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:45 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:44 UTC	534	OUT	OPTIONS /report/v4?s=%2FCBUbl4Prk48QH11ZIyudVuBQR08qdMLgx9AGvfN4lVQHddXb06xIj6H02XB3z4%2FKm%2Bb95OKAduOO2uZue6qgm7oD4%2BHiMkCKn8IfMN3ltn6%2BREu9yerFj4jt49ejA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://devbook.net Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:45 UTC	336	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 15 May 2024 10:28:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:45 UTC	480	OUT	POST /report/v4?s=%2FCBUbl4Prk48QH11ZIyudVuBQR08qdMLgx9AGvfN4lVQHddXb06xIj6H02XB3z4%2FKm%2Bb95OKAduOO2uZue6qgm7oD4%2BHiMkCKn8IfMN3ltn6%2BREu9yerFj4jt49ejA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 434 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:45 UTC	434	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 39 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 32 31 37 2e 36 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 65 76 62 6f 6f 6b 2e 6e 65 74 2f 63 64 6e 2d Data Ascii: [{"age":0,"body":{"elapsed_time":495,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.217.69","status_code":400,"type":"http.error"},"type":"network-error","url":"https://devbook.net/cdn-
2024-05-15 10:28:45 UTC	168	IN	HTTP/1.1 200 OK content-length: 0 date: Wed, 15 May 2024 10:28:45 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:45 UTC	916	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 2746 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 49ad36dfeaf16fd sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:45 UTC	2746	OUT	Data Raw: 76 5f 38 38 34 32 37 31 36 30 37 61 61 39 36 63 38 38 3d 69 7a 4c 75 4c 75 6b 75 34 75 47 75 45 33 59 42 33 59 72 75 33 51 5a 6e 67 36 33 35 59 67 59 6d 31 51 63 4d 71 59 78 57 35 59 6e 71 33 6c 48 61 59 6f 71 57 7a 70 71 7a 59 58 59 4b 75 5a 6e 65 4a 59 6f 59 35 74 59 68 63 59 67 70 59 6b 4a 31 70 6c 74 35 59 33 47 6c 57 55 59 59 51 6c 59 77 75 5a 6a 59 55 75 71 48 66 31 24 32 71 51 48 73 59 69 4c 59 65 39 57 51 48 36 45 63 71 49 44 68 4f 68 33 64 51 74 48 45 59 4a 4c 59 6b 59 48 39 6d 55 4f 7a 75 6e 75 48 33 59 33 34 4e 56 57 55 6a 63 59 33 38 57 59 59 4a 59 4c 4c 59 79 62 78 4c 74 59 48 4f 6a 78 51 7a 50 54 71 46 4a 35 59 44 58 46 77 4d 59 67 4c 44 5a 33 30 33 57 59 48 78 39 75 33 4d 44 43 6c 59 35 75 33 31 6a 71 6b 4d 51 47 61 49 39 54 6f 57 59 57 6e Data Ascii: v_884271607aa96c88=izLuLuku4uGuE3YB3Yru3QZng635YgYm1QcMqYxW5Ynq3lHaYoqWzpqzYXYKuZneJYoY5tYhcYgpYkJ1plt5Y3GlWUYYQlYwuZjYUuqHf1$2qQHsYiLYe9WQH6EcqIDhOh3dQtHEYJLYkYH9mUOzunuH3Y34NVWUjcY38WYYJYLLYybxLtYHOjxQzPTqFJ5YDXFwMYgLDZ303WYHx9u3MDClY5u31jqkMQGaI9ToWYWn
2024-05-15 10:28:45 UTC	751	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:45 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 127632 Connection: close cf-chl-gen: 64A3Bk42R/ITe+krkcFPTpNqI+o8pKhWCoJgtxlAu7ZyNWqCJOqU/wHXWmpv5TpUO4P3/WR7xcImh4ZY137Cb/if4LG8mcSneSDmajj7kudjqdQoOslIklCgD+6uDeh/7j6WqHm3L4ZGo+GSRugRF2qr+6ISG3duVqQOSDig55xzY1zmHXA4LaYDGH+cAX6YRzrl4E8UpPPD46S8dH8e9FcnfTAqvsh5D/RmEQpKtJlO8qzHjKQw0W6gAMbgxOocSH5GT15yWTfHfmik49RKgFH/3UJEvJsgwDJwBM1zBGw+fLTm54c3kH6XK/5uSADQqG/yUkrEi/jgeCaYN5FVoRzT1X0WmMNm06LZFGRCJJqXNv6f7UqtUy1+fJxeKdp8bmcxRnDdtBBK+0pbxnD0gxVutuduixspYtDe3Y02hxpySR+r+eYNIPyfugB4lw6V01xAxBeFHQYhz22tnt6icCFYvmcb3MXXXBZ98cFKuHY=$e58q4Ph/EMJql9qgdFqmcg== Server: cloudflare CF-RAY: 88427168ecd6031c-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:45 UTC	618	IN	Data Raw: 58 6b 5a 61 57 30 31 62 5a 55 31 6e 68 5a 4a 56 6b 58 43 44 6c 45 31 7a 6c 6c 52 6f 65 47 78 64 65 5a 4e 68 65 5a 35 69 67 6f 4b 4a 65 33 71 41 6a 6e 6c 6a 6b 47 2b 46 69 71 47 71 69 4b 36 44 74 35 4b 57 6c 4a 4f 67 6c 37 2b 66 75 62 69 30 73 4c 76 41 76 71 44 46 69 4b 69 76 69 35 48 49 73 71 48 51 74 72 61 6c 7a 4d 72 51 7a 70 7a 50 6c 75 44 66 32 4c 50 6b 34 39 79 32 77 64 76 6b 75 72 58 4a 78 36 6e 72 75 2b 50 50 78 2f 58 72 37 4c 58 4c 38 4f 33 5a 75 39 54 31 74 37 2f 4c 2b 76 76 54 39 75 59 44 42 76 76 6d 79 65 66 2b 41 76 6e 66 2f 67 67 4e 36 41 6e 75 44 64 45 58 37 2f 4c 56 36 50 7a 74 48 51 44 77 32 69 54 75 49 75 66 78 46 41 76 6f 39 68 30 52 44 79 45 63 45 69 6b 54 4d 68 67 58 43 77 38 79 4e 42 67 6f 4d 7a 77 74 41 6a 49 52 46 54 4d 2b 4f 55 45 Data Ascii: XkZaW01bZU1nhZJVkXCDlE1zllRoeGxdeZNheZ5igoKJe3qAjnljkG+FiqGqiK6Dt5KWlJOgl7+fubi0sLvAvqDFiKivi5HIsqHQtralzMrQzpzPluDf2LPk49y2wdvkurXJx6nru+PPx/Xr7LXL8O3Zu9T1t7/L+vvT9uYDBvvmyef+Avnf/ggN6AnuDdEX7/LV6PztHQDw2iTuIufxFAvo9h0RDyEcEikTMhgXCw8yNBgoMzwtAjIRFTM+OUE
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 55 57 4f 44 46 66 4f 79 30 37 59 54 31 50 4f 6a 46 6c 4b 45 77 36 51 43 68 47 50 46 31 41 4b 79 31 6b 4c 6d 5a 79 59 31 6c 4d 57 6d 74 6d 50 45 31 79 4f 33 78 2b 58 56 64 76 5a 56 5a 54 56 56 68 63 69 47 56 5a 59 6d 52 62 5a 55 74 30 64 57 78 5a 57 46 5a 61 65 32 6d 64 64 49 70 74 6b 4a 42 34 63 4b 4f 64 6b 58 35 2b 6f 36 6c 6e 68 6e 2b 49 72 36 71 66 68 33 2b 31 68 6d 2b 4a 6c 36 36 4b 66 48 47 67 6d 35 65 76 72 4b 4f 45 73 70 69 6e 69 49 57 59 79 63 79 72 69 38 61 73 69 62 57 32 77 64 4b 75 31 39 53 71 73 34 2f 58 78 37 2b 59 34 61 48 44 6f 4e 44 6f 78 74 6e 53 30 2b 7a 41 37 72 71 36 34 74 75 74 77 39 54 68 73 65 76 51 32 37 54 75 36 74 65 32 38 62 66 62 75 76 53 37 33 37 37 33 76 2b 50 43 2b 73 50 6e 78 76 72 48 36 38 72 39 79 2b 2f 4f 41 63 2f 7a 30 Data Ascii: UWODFfOy07YT1POjFlKEw6QChGPF1AKy1kLmZyY1lMWmtmPE1yO3x+XVdvZVZTVVhciGVZYmRbZUt0dWxZWFZae2mddIptkJB4cKOdkX5+o6lnhn+Ir6qfh3+1hm+Jl66KfHGgm5evrKOEspiniIWYycyri8asibW2wdKu19Sqs4/Xx7+Y4aHDoNDoxtnS0+zA7rq64tutw9ThsevQ27Tu6te28bfbuvS73773v+PC+sPnxvrH68r9y+/OAc/z0
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 58 56 46 49 2f 51 69 67 34 55 6a 34 34 62 57 56 6f 63 57 30 36 55 55 6c 43 51 6a 5a 76 59 6b 56 71 56 58 4a 55 58 44 31 74 64 6e 38 37 5a 48 51 2b 5a 6f 46 58 64 44 35 63 53 46 6d 45 53 58 78 4c 67 6c 35 2f 64 47 2b 52 55 33 6c 38 62 34 5a 58 56 71 42 71 6d 58 70 35 6e 5a 70 6c 6e 6d 6c 69 61 71 31 35 65 47 2b 49 61 48 75 75 6a 4b 5a 75 6a 5a 47 73 6d 32 36 58 69 48 71 37 6c 33 36 54 6f 4a 48 44 6e 63 61 53 75 5a 32 4a 72 73 76 45 30 5a 71 45 79 4b 65 4f 79 36 44 44 6f 64 69 73 72 64 54 54 6e 71 7a 4b 71 70 76 5a 31 63 4f 38 78 4e 58 47 34 63 62 66 70 73 33 6d 79 73 58 6a 79 50 62 32 78 72 61 77 39 39 62 70 38 64 66 53 41 50 32 38 42 64 44 2b 37 73 48 55 41 38 63 41 42 51 7a 4e 39 77 38 4b 2f 50 7a 63 33 52 48 69 35 42 6a 58 45 65 6f 63 32 78 6a 53 47 67 Data Ascii: XVFI/Qig4Uj44bWVocW06UUlCQjZvYkVqVXJUXD1tdn87ZHQ+ZoFXdD5cSFmESXxLgl5/dG+RU3l8b4ZXVqBqmXp5nZplnmliaq15eG+IaHuujKZujZGsm26XiHq7l36ToJHDncaSuZ2JrsvE0ZqEyKeOy6DDodisrdTTnqzKqpvZ1cO8xNXG4cbfps3mysXjyPb2xraw99bp8dfSAP28BdD+7sHUA8cABQzN9w8K/Pzc3RHi5BjXEeoc2xjSGg
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 61 6a 6f 34 59 7a 67 68 59 6d 64 44 58 31 78 31 55 48 4e 6e 61 47 70 7a 55 55 70 33 65 54 6b 39 56 34 46 39 62 56 68 59 56 45 65 47 67 46 64 33 62 34 68 61 6a 57 57 45 59 70 52 71 61 70 56 69 64 33 70 34 66 59 71 4c 64 4b 4b 4f 6b 48 57 56 57 48 61 62 6e 61 4b 62 65 59 43 73 65 35 78 2f 73 5a 46 2f 6e 61 47 71 73 6d 75 61 69 33 4f 36 70 36 74 39 63 33 32 52 6b 5a 75 34 74 70 57 79 69 61 53 70 74 38 4f 36 7a 4b 6e 53 78 37 57 54 70 63 6d 6d 31 4b 32 55 6c 74 6d 55 32 36 6e 51 76 64 71 30 76 73 53 5a 6d 73 53 35 32 71 54 61 34 39 43 71 79 66 4c 6e 31 62 50 46 36 63 58 30 7a 62 53 32 2b 74 58 37 79 66 44 64 2b 74 54 65 35 4c 6e 48 35 41 41 48 79 76 6e 64 43 67 6a 39 34 41 38 57 2f 67 73 58 32 50 45 62 45 42 30 63 39 52 72 5a 33 65 4c 75 46 2b 41 6e 35 79 59 Data Ascii: ajo4YzghYmdDX1x1UHNnaGpzUUp3eTk9V4F9bVhYVEeGgFd3b4hajWWEYpRqapVid3p4fYqLdKKOkHWVWHabnaKbeYCse5x/sZF/naGqsmuai3O6p6t9c32RkZu4tpWyiaSpt8O6zKnSx7WTpcmm1K2UltmU26nQvdq0vsSZmsS52qTa49CqyfLn1bPF6cX0zbS2+tX7yfDd+tTe5LnH5AAHyvndCgj94A8W/gsX2PEbEB0c9RrZ3eLuF+An5yY
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 54 78 6a 62 55 4e 4b 56 6a 5a 75 59 57 34 74 53 56 68 72 61 56 68 67 58 32 78 39 66 56 78 33 67 46 70 57 55 34 6c 74 6a 55 39 2f 6a 6d 5a 6a 52 6d 4b 50 59 46 61 47 56 48 4f 64 63 6d 69 57 6c 34 31 73 66 33 74 31 6e 61 52 31 6c 58 2b 45 67 61 70 70 69 6f 4b 4f 67 59 78 75 6f 61 53 4e 63 4b 6d 4f 63 35 79 59 68 6e 57 73 6b 4d 4b 58 6e 70 32 51 66 70 75 59 6f 6f 71 39 71 61 76 4a 6f 70 2b 6d 30 36 75 31 76 35 54 54 30 71 7a 63 78 5a 76 48 79 74 4b 77 34 63 75 78 74 37 50 6b 6f 72 71 7a 35 4e 6e 71 33 65 44 44 38 71 54 41 33 63 65 73 35 75 54 5a 72 4c 58 37 33 74 33 37 30 41 4c 58 42 4c 72 37 37 76 66 52 36 75 6a 69 32 51 66 32 42 2b 58 6f 37 51 6b 41 7a 77 49 44 38 67 51 52 37 2f 66 61 39 75 38 4d 2f 76 58 63 45 50 55 65 32 53 66 78 2b 77 6a 34 4b 42 6f 6a Data Ascii: TxjbUNKVjZuYW4tSVhraVhgX2x9fVx3gFpWU4ltjU9/jmZjRmKPYFaGVHOdcmiWl41sf3t1naR1lX+EgappioKOgYxuoaSNcKmOc5yYhnWskMKXnp2QfpuYooq9qavJop+m06u1v5TT0qzcxZvHytKw4cuxt7Pkorqz5Nnq3eDD8qTA3ces5uTZrLX73t370ALXBLr77vfR6uji2Qf2B+Xo7QkAzwID8gQR7/fa9u8M/vXcEPUe2Sfx+wj4KBoj
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 68 75 63 57 70 55 52 46 41 33 55 32 31 68 61 34 52 54 50 55 39 76 68 6e 56 45 53 30 4e 68 6a 32 65 49 65 58 47 42 68 32 43 57 61 59 47 59 65 59 78 34 65 49 64 52 62 4b 47 56 66 46 75 51 59 4a 31 7a 70 49 71 63 67 59 74 36 72 59 64 72 6f 58 4b 6c 67 61 68 2f 73 34 4f 35 63 70 4f 4e 64 6f 79 70 69 37 47 30 6d 4c 5a 2f 6e 61 69 36 6e 48 33 4a 78 73 65 69 75 6f 2b 37 76 73 61 6b 31 62 2b 6c 71 36 66 59 6c 71 36 6e 6c 64 48 65 30 64 53 33 35 70 69 30 30 62 75 67 32 74 6a 4e 6f 4b 6e 76 30 74 48 76 78 50 58 4c 39 36 37 76 34 75 76 46 33 74 7a 57 7a 66 72 71 2b 74 6e 63 34 66 7a 7a 77 2f 58 32 35 76 63 46 34 2b 76 4f 36 75 4d 41 38 75 6e 51 42 4f 6b 59 42 65 72 64 46 74 45 66 31 77 51 41 38 43 50 6d 47 2f 7a 33 2b 66 6f 58 4a 51 66 38 37 77 73 71 4b 76 49 49 37 Data Ascii: hucWpURFA3U21ha4RTPU9vhnVES0Nhj2eIeXGBh2CWaYGYeYx4eIdRbKGVfFuQYJ1zpIqcgYt6rYdroXKlgah/s4O5cpONdoypi7G0mLZ/nai6nH3Jxseiuo+7vsak1b+lq6fYlq6nldHe0dS35pi00bug2tjNoKnv0tHvxPXL967v4uvF3tzWzfrq+tnc4fzzw/X25vcF4+vO6uMA8unQBOkYBerdFtEf1wQA8CPmG/z3+foXJQf87wsqKvII7
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 59 61 33 42 64 64 6c 65 46 56 32 4a 61 63 30 46 56 52 48 64 64 68 6e 74 2b 53 47 5a 79 68 6f 65 44 69 32 78 52 57 47 69 47 62 32 35 73 58 33 71 41 62 32 4f 55 6c 6e 56 6e 63 61 4a 35 61 32 4e 72 66 57 39 35 68 49 46 7a 61 35 36 46 64 32 2b 74 73 33 57 31 63 48 32 36 74 5a 69 52 77 36 61 66 77 62 52 37 6d 38 53 66 77 4d 53 6f 30 61 75 75 7a 4d 7a 4a 77 62 53 67 6b 39 54 62 7a 62 69 61 79 38 44 58 6e 70 32 76 32 4b 62 55 79 65 69 6f 34 64 6e 46 77 4d 57 69 36 39 2b 71 31 4c 58 6c 39 74 50 75 73 2b 62 79 32 62 57 33 41 75 49 44 37 64 58 38 77 76 32 2b 32 64 37 68 2b 50 66 70 79 66 44 6d 43 68 58 76 35 4d 67 46 44 39 44 5a 31 52 37 5a 32 77 7a 78 47 64 34 61 32 76 58 36 2f 52 55 55 42 75 55 4e 41 79 59 78 44 41 48 6b 49 53 76 73 39 66 45 36 39 66 63 6f 44 6a Data Ascii: Ya3BddleFV2Jac0FVRHddhnt+SGZyhoeDi2xRWGiGb25sX3qAb2OUlnVncaJ5a2NrfW95hIFza56Fd2+ts3W1cH26tZiRw6afwbR7m8SfwMSo0auuzMzJwbSgk9Tbzbiay8DXnp2v2KbUyeio4dnFwMWi69+q1LXl9tPus+by2bW3AuID7dX8wv2+2d7h+PfpyfDmChXv5MgFD9DZ1R7Z2wzxGd4a2vX6/RUUBuUNAyYxDAHkISvs9fE69fcoDj
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 59 6c 4e 38 56 34 56 35 53 31 53 44 53 30 5a 65 55 59 46 4c 69 48 4b 54 61 6d 70 53 55 35 56 38 64 58 4f 4a 6a 58 46 79 66 35 74 68 65 6e 4a 31 63 33 4a 71 64 6d 65 6e 65 4b 52 77 71 34 68 71 72 61 2b 4b 69 4c 6d 4e 6f 33 4f 33 74 4b 74 32 71 71 36 61 72 62 2b 44 68 71 69 63 6d 38 50 4e 77 38 57 4b 6a 71 43 6d 73 38 72 46 6e 37 65 6d 6d 64 71 6a 70 74 32 63 6c 5a 76 68 72 74 4c 68 35 4c 58 45 35 4e 53 6b 74 4b 7a 58 31 2b 7a 6f 36 39 4f 2f 74 4c 4b 31 30 71 2f 52 79 65 65 37 36 4d 33 51 2b 2b 72 68 36 38 38 45 43 41 55 44 36 65 59 44 37 64 72 6d 31 2f 7a 73 33 4f 72 70 34 42 6a 4f 46 75 6a 53 39 50 30 64 33 42 59 4f 2b 66 54 35 49 4f 34 6b 43 42 51 4c 48 68 55 74 4c 69 72 74 47 67 44 2b 2f 68 51 46 4e 77 49 47 44 43 63 58 42 54 30 58 4c 68 67 4b 50 76 78 Data Ascii: YlN8V4V5S1SDS0ZeUYFLiHKTampSU5V8dXOJjXFyf5thenJ1c3JqdmeneKRwq4hqra+KiLmNo3O3tKt2qq6arb+Dhqicm8PNw8WKjqCms8rFn7emmdqjpt2clZvhrtLh5LXE5NSktKzX1+zo69O/tLK10q/Ryee76M3Q++rh688ECAUD6eYD7drm1/zs3Orp4BjOFujS9P0d3BYO+fT5IO4kCBQLHhUtLirtGgD+/hQFNwIGDCcXBT0XLhgKPvx
2024-05-15 10:28:45 UTC	1369	IN	Data Raw: 49 70 36 69 49 52 50 63 70 43 44 6a 55 39 68 61 55 70 4c 6d 35 53 4b 55 34 78 32 6d 56 65 66 62 6e 74 58 6c 48 35 6b 57 36 5a 71 65 6e 56 6b 73 4a 35 36 65 6f 71 72 5a 37 4f 57 72 37 4a 36 72 62 6d 72 74 62 6d 66 73 35 57 42 65 70 69 79 76 4d 47 54 6f 49 4b 63 69 37 75 69 78 34 66 43 7a 73 72 4a 6f 64 53 6f 72 4d 36 4e 33 4d 61 74 32 74 7a 4a 31 35 76 67 77 35 2f 65 34 39 50 65 34 71 54 4a 76 65 72 6f 32 74 48 45 38 4f 43 77 73 4c 61 32 36 2f 50 6c 38 37 6a 49 73 67 4c 76 41 2f 6e 50 32 41 58 79 33 51 54 4a 79 75 4d 4c 32 73 4c 5a 78 42 48 47 31 4f 72 4e 31 65 48 51 45 64 6e 62 48 51 44 72 31 2f 6a 72 38 4f 33 59 48 65 58 70 46 79 41 71 35 67 6e 68 2b 69 59 79 49 41 30 7a 4e 50 59 30 39 69 63 32 44 66 73 58 4d 54 77 42 50 7a 6e 32 47 41 41 34 4b 53 41 4b Data Ascii: Ip6iIRPcpCDjU9haUpLm5SKU4x2mVefbntXlH5kW6ZqenVksJ56eoqrZ7OWr7J6rbmrtbmfs5WBepiyvMGToIKci7uix4fCzsrJodSorM6N3Mat2tzJ15vgw5/e49Pe4qTJvero2tHE8OCwsLa26/Pl87jIsgLvA/nP2AXy3QTJyuML2sLZxBHG1OrN1eHQEdnbHQDr1/jr8O3YHeXpFyAq5gnh+iYyIA0zNPY09ic2DfsXMTwBPzn2GAA4KSAK

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Windows Analysis Report
https://api-internal.weblinkconnect.com/api/Communication/Communication/1628411/click?url=https://devbook.net/cloudflare&x-tenant=NorthernKentuckyKYCOC

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:46 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:46 UTC	377	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 May 2024 10:28:46 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: l6ucRftk9XYS7VHPxtf2AA==$OUGFTQOYoObOq6Ed6gfJFA== Server: cloudflare CF-RAY: 8842716e49a409f2-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:46 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:46 UTC	804	OUT	GET /cdn-cgi/challenge-platform/h/g/pat/884271607aa96c88/1715768925700/2b4abb7dfe105cce433a6a6a12536fdcd8f761acca8889db61e5e61d15fa7710/RjjDHre3dg8-STn HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:46 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Wed, 15 May 2024 10:28:46 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-05-15 10:28:46 UTC	1382	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 4b 30 71 37 66 66 34 51 58 4d 35 44 4f 6d 70 71 45 6c 4e 76 33 4e 6a 33 59 61 7a 4b 69 49 6e 62 59 65 58 6d 48 52 58 36 64 78 41 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gK0q7ff4QXM5DOmpqElNv3Nj3YazKiInbYeXmHRX6dxAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-05-15 10:28:46 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:47 UTC	775	OUT	GET /cdn-cgi/challenge-platform/h/g/i/884271607aa96c88/1715768925702/yY6ExGikJ7c6Dn2 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:47 UTC	200	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:47 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 88427173f8c48dac-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:47 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 2c 00 00 00 13 08 02 00 00 00 64 ca 78 2e 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR,dx.IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:48 UTC	917	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 31166 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 49ad36dfeaf16fd sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:48 UTC	16384	OUT	Data Raw: 76 5f 38 38 34 32 37 31 36 30 37 61 61 39 36 63 38 38 3d 69 7a 4c 75 54 33 48 6a 74 76 6e 57 6e 57 4d 5a 4f 48 66 4a 4c 70 35 57 33 38 48 72 30 59 31 75 33 4c 33 6d 59 45 75 57 4c 33 46 59 43 33 59 5a 71 75 5a 35 59 77 75 39 74 59 4a 59 76 4f 55 51 4a 32 4c 35 4c 68 75 5a 6a 66 59 69 71 33 4d 41 4c 71 35 62 49 59 4f 71 5a 31 57 6d 35 59 5a 79 59 6f 70 32 4a 58 59 78 51 59 31 50 79 75 33 6e 74 41 72 75 33 49 59 67 47 75 59 58 48 59 35 72 4b 71 59 48 55 75 48 24 57 59 48 4d 64 59 4f 51 48 6b 59 48 6a 59 33 31 57 57 68 6b 49 64 59 33 6a 59 52 71 71 45 6c 68 5a 4c 58 4c 59 39 68 75 71 59 70 4a 33 4e 39 33 32 74 75 67 24 43 30 51 59 69 4c 71 59 67 59 57 79 59 43 4e 4a 62 59 5a 69 41 47 5a 7a 6a 72 54 6b 33 7a 61 6e 4a 41 61 7a 66 48 46 78 65 56 68 31 64 50 6b Data Ascii: v_884271607aa96c88=izLuT3HjtvnWnWMZOHfJLp5W38Hr0Y1u3L3mYEuWL3FYC3YZquZ5Ywu9tYJYvOUQJ2L5LhuZjfYiq3MALq5bIYOqZ1Wm5YZyYop2JXYxQY1Pyu3ntAru3IYgGuYXHY5rKqYHUuH$WYHMdYOQHkYHjY31WWhkIdY3jYRqqElhZLXLY9huqYpJ3N932tug$C0QYiLqYgYWyYCNJbYZiAGZzjrTk3zanJAazfHFxeVh1dPk
2024-05-15 10:28:48 UTC	14782	OUT	Data Raw: 75 71 59 6a 75 4b 71 33 74 33 75 33 7a 71 52 59 46 45 6e 51 35 78 59 4d 48 76 58 48 61 76 72 72 67 59 49 4c 5a 6b 33 64 51 2d 59 35 59 63 49 59 57 59 30 6b 48 71 48 70 59 52 59 67 75 48 6a 59 6e 75 57 51 48 49 59 30 59 67 4c 48 6d 59 71 75 63 74 48 58 59 4b 75 67 6e 48 46 59 6f 75 57 74 48 64 59 44 75 35 7a 48 4b 59 71 71 63 6e 48 72 59 6e 71 57 70 48 44 59 44 71 63 6c 48 47 59 4b 71 63 70 48 69 59 52 71 35 6c 48 2d 59 6c 51 35 79 48 76 59 42 71 35 4d 48 24 59 30 71 57 76 44 6d 59 63 45 59 36 4c 6e 6e 39 59 48 51 48 6e 79 68 6c 48 6c 59 32 59 33 71 59 39 75 6f 77 55 75 5a 51 4c 66 59 33 57 48 44 51 6d 37 75 4c 67 47 7a 64 73 67 7a 59 4e 66 33 6e 33 59 33 53 59 67 59 57 71 48 24 75 4b 67 47 73 32 35 4c 24 30 47 49 5a 67 64 65 67 47 58 76 6a 51 31 36 70 51 Data Ascii: uqYjuKq3t3u3zqRYFEnQ5xYMHvXHavrrgYILZk3dQ-Y5YcIYWY0kHqHpYRYguHjYnuWQHIY0YgLHmYquctHXYKugnHFYouWtHdYDu5zHKYqqcnHrYnqWpHDYDqclHGYKqcpHiYRq5lH-YlQ5yHvYBq5MH$Y0qWvDmYcEY6Lnn9YHQHnyhlHlY2Y3qY9uowUuZQLfY3WHDQm7uLgGzdsgzYNf3n3Y3SYgYWqH$uKgGs25L$0GIZgdegGXvjQ16pQ
2024-05-15 10:28:48 UTC	322	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:28:48 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 22348 Connection: close cf-chl-gen: VZJz2zRivArA5UsvzPofNYAEuXE5RWZwaTpobQPvk4dx+BXuvmWd7D8MW6SMBI0u$QwDnipdHmqviyXHFN2hVtw== Server: cloudflare CF-RAY: 8842717a080267b6-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:48 UTC	1047	IN	Data Raw: 58 6b 5a 61 57 30 79 42 63 56 46 71 63 48 39 49 62 4a 57 5a 6d 57 53 64 69 6e 5a 6f 61 49 35 36 62 48 75 61 5a 6c 35 77 64 4b 6c 72 68 36 4f 61 69 57 32 4f 6e 35 4f 44 6b 71 71 47 72 36 4b 73 72 58 52 32 6d 71 2b 71 6a 33 31 2f 6b 49 44 46 74 59 57 4a 74 4c 75 63 6c 71 2b 39 78 61 6d 4d 30 4d 4f 6d 78 38 71 6c 79 4d 71 33 75 36 72 4b 76 64 53 79 7a 4c 2f 58 73 39 4c 43 36 4d 44 42 76 39 79 73 37 73 4c 67 72 4f 50 4f 33 37 50 4f 37 61 2b 32 36 66 4c 7a 79 2f 4c 65 2b 72 37 7a 34 2f 7a 31 38 66 76 79 38 65 63 42 42 74 76 36 42 41 6e 6a 2f 41 59 4d 35 4f 41 4d 31 51 6f 46 44 68 51 61 39 78 59 59 44 68 4d 61 41 75 50 35 48 74 2f 69 42 69 73 6b 4b 75 6a 6e 42 77 72 6b 48 52 50 77 4e 66 55 56 43 78 63 61 39 42 6f 65 39 51 6b 4d 51 6b 49 4f 51 54 51 36 46 78 4d Data Ascii: XkZaW0yBcVFqcH9IbJWZmWSdinZoaI56bHuaZl5wdKlrh6OaiW2On5ODkqqGr6KsrXR2mq+qj31/kIDFtYWJtLuclq+9xamM0MOmx8qlyMq3u6rKvdSyzL/Xs9LC6MDBv9ys7sLgrOPO37PO7a+26fLzy/Le+r7z4/z18fvy8ecBBtv6BAnj/AYM5OAM1QoFDhQa9xYYDhMaAuP5Ht/iBiskKujnBwrkHRPwNfUVCxca9Boe9QkMQkIOQTQ6FxM
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 58 6e 48 46 37 6c 5a 53 54 6c 5a 68 36 57 36 5a 70 69 4b 71 63 71 49 53 51 70 49 61 74 61 34 6d 4b 75 62 52 33 75 5a 65 64 68 6e 48 42 67 49 71 77 75 70 4a 2f 6a 35 2f 44 6c 62 4f 62 6e 4a 79 6a 72 4d 36 4c 71 4c 57 4d 6c 61 32 77 73 71 66 61 30 4d 36 51 71 64 79 35 73 4c 65 68 76 4d 4c 52 36 4c 33 62 71 39 54 42 34 4d 2f 6f 7a 75 58 54 73 64 54 6f 78 37 62 58 37 72 65 35 33 50 47 37 30 75 44 30 30 72 37 4f 39 75 4c 69 38 65 41 44 79 51 7a 4f 44 51 44 73 45 67 54 76 41 67 4d 4d 47 67 73 4b 30 77 37 35 47 52 7a 66 48 74 7a 34 47 78 6a 6b 47 2f 72 36 34 77 67 45 42 41 67 51 42 7a 41 67 42 41 49 6a 47 41 67 6a 4f 7a 67 73 4a 66 6f 61 2f 44 59 4c 41 78 73 51 41 6b 51 43 46 77 64 44 4e 45 49 62 53 54 34 76 54 6b 30 75 4d 51 35 48 55 45 6f 6e 56 45 55 6d 4d 7a Data Ascii: XnHF7lZSTlZh6W6ZpiKqcqISQpIata4mKubR3uZedhnHBgIqwupJ/j5/DlbObnJyjrM6LqLWMla2wsqfa0M6Qqdy5sLehvMLR6L3bq9TB4M/ozuXTsdTox7bX7re53PG70uD00r7O9uLi8eADyQzODQDsEgTvAgMMGgsK0w75GRzfHtz4GxjkG/r64wgEBAgQBzAgBAIjGAgjOzgsJfoa/DYLAxsQAkQCFwdDNEIbST4vTk0uMQ5HUEonVEUmMz
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 6b 5a 35 30 64 6e 4b 46 69 61 69 64 72 59 4b 4c 71 47 6d 4b 72 4c 53 71 63 70 57 52 6e 48 4f 74 72 49 2b 51 77 61 42 38 73 71 4b 7a 70 71 44 47 70 4c 50 4e 69 4d 43 6f 7a 38 53 71 77 4e 57 6a 6c 63 54 4f 73 4d 7a 4b 33 4b 61 33 6b 64 4b 63 73 4c 2b 30 31 73 37 48 31 36 47 2f 35 73 62 72 76 38 76 73 37 64 4c 69 7a 64 37 6e 78 50 50 6f 32 38 66 36 37 64 2f 4e 31 65 6e 64 75 73 50 30 35 64 50 39 79 51 77 43 31 51 37 34 7a 2b 72 5a 34 2b 50 2b 46 65 7a 73 35 75 59 4a 32 50 6b 5a 42 78 62 5a 34 52 38 42 33 68 48 65 33 2f 6b 71 47 53 73 45 4a 66 59 66 36 41 34 77 46 65 73 6d 41 51 4d 4c 42 41 58 79 4c 50 55 4f 4b 52 77 2f 50 78 77 6c 4d 7a 30 32 53 68 39 43 41 30 6b 74 54 53 52 42 4f 6b 67 6d 4e 44 45 52 51 79 67 76 52 7a 70 49 53 42 34 78 50 42 78 56 52 55 4a Data Ascii: kZ50dnKFiaidrYKLqGmKrLSqcpWRnHOtrI+QwaB8sqKzpqDGpLPNiMCoz8SqwNWjlcTOsMzK3Ka3kdKcsL+01s7H16G/5sbrv8vs7dLizd7nxPPo28f67d/N1endusP05dP9yQwC1Q74z+rZ4+P+Fezs5uYJ2PkZBxbZ4R8B3hHe3/kqGSsEJfYf6A4wFesmAQMLBAXyLPUOKRw/PxwlMz02Sh9CA0ktTSRBOkgmNDERQygvRzpISB4xPBxVRUJ
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 32 4f 72 64 32 36 4b 70 32 32 73 6b 33 43 4d 6a 35 71 76 64 72 79 61 65 4c 47 36 6d 35 4f 57 73 4a 69 6a 78 4a 76 42 74 5a 76 4e 79 6f 79 6f 7a 4d 57 4b 73 72 32 51 6c 59 2b 53 32 71 72 58 30 38 33 62 7a 64 58 65 7a 4e 6d 6a 78 72 6a 59 34 4e 48 6e 78 63 44 64 37 62 79 6e 30 4b 76 4f 31 4f 62 47 39 73 44 71 74 62 58 30 37 73 2f 48 2b 65 4c 32 2b 63 77 47 2f 66 6b 4a 2b 75 55 4a 32 37 38 4a 41 67 6a 71 37 75 37 74 39 4d 30 49 46 64 4c 76 42 4f 6e 35 32 39 72 37 2f 52 62 62 47 76 41 58 49 43 6b 66 35 51 67 6b 39 68 66 73 4d 4f 67 67 45 2b 7a 73 4a 50 45 73 39 69 58 31 4a 51 59 72 48 79 4a 41 46 7a 6b 4f 2f 44 45 43 50 41 4d 31 42 6b 52 4b 4f 79 38 79 43 54 31 56 49 67 38 2f 56 43 52 59 4e 30 6f 58 58 6a 45 71 4c 42 30 36 4e 43 4d 2f 58 43 4a 68 53 43 56 42 Data Ascii: 2Ord26Kp22sk3CMj5qvdryaeLG6m5OWsJijxJvBtZvNyoyozMWKsr2QlY+S2qrX083bzdXezNmjxrjY4NHnxcDd7byn0KvO1ObG9sDqtbX07s/H+eL2+cwG/fkJ+uUJ278JAgjq7u7t9M0IFdLvBOn529r7/RbbGvAXICkf5Qgk9hfsMOggE+zsJPEs9iX1JQYrHyJAFzkO/DECPAM1BkRKOy8yCT1VIg8/VCRYN0oXXjEqLB06NCM/XCJhSCVB
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 53 53 70 4c 4b 6e 71 70 6d 79 64 35 32 47 72 58 71 34 6a 37 36 5a 74 48 79 6c 6f 63 47 44 6c 6f 4f 71 77 36 65 34 77 4b 50 54 30 36 2b 77 31 38 4c 5a 74 4a 6d 58 32 73 62 64 6d 64 33 4f 79 72 6e 63 34 74 54 50 75 37 4c 6e 70 71 71 6a 32 71 72 4f 72 63 47 75 71 36 79 2f 78 63 66 56 36 4d 62 70 76 4e 41 42 33 63 33 55 41 67 48 52 7a 73 58 7a 41 73 58 6f 2b 39 2f 5a 77 65 67 43 35 68 50 63 41 4f 44 50 46 67 50 73 47 52 41 4c 2f 74 48 57 34 51 51 44 47 76 6e 69 34 68 72 35 35 50 37 65 48 53 63 41 2f 53 55 54 38 68 4d 78 4c 79 72 76 2b 52 45 6e 39 69 6e 32 39 78 4a 43 4d 55 4d 63 50 51 38 33 41 53 5a 49 4c 51 51 2b 4f 69 4a 4b 44 30 55 4b 52 69 4e 59 4f 54 51 78 55 7a 70 62 47 54 74 42 59 6c 56 68 55 57 59 77 4e 56 6c 66 59 79 74 42 4b 6b 4e 6e 59 47 42 51 4c Data Ascii: SSpLKnqpmyd52GrXq4j76ZtHylocGDloOqw6e4wKPT06+w18LZtJmX2sbdmd3Oyrnc4tTPu7Lnpqqj2qrOrcGuq6y/xcfV6MbpvNAB3c3UAgHRzsXzAsXo+9/ZwegC5hPcAODPFgPsGRAL/tHW4QQDGvni4hr55P7eHScA/SUT8hMxLyrv+REn9in29xJCMUMcPQ83ASZILQQ+OiJKD0UKRiNYOTQxUzpbGTtBYlVhUWYwNVlfYytBKkNnYGBQL
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 58 72 34 6d 53 74 58 56 33 6c 4c 4b 64 6a 62 61 56 68 35 69 7a 6d 62 75 63 77 49 6d 2b 71 62 72 43 73 61 6e 42 73 4a 43 35 77 37 6e 4e 7a 38 2b 35 6d 70 2f 62 6d 35 76 5a 76 62 37 47 6e 72 6a 59 79 75 50 6d 32 38 36 35 72 74 71 74 73 4e 2f 6d 78 2b 4f 34 34 2b 2f 33 39 75 76 31 36 38 44 73 2b 77 44 58 2b 2f 6e 35 32 64 30 43 78 65 44 74 43 76 6e 66 45 67 37 39 34 78 59 54 31 51 50 30 32 75 63 50 36 68 33 37 48 67 4d 6c 2f 50 55 67 49 4e 37 34 34 76 62 70 47 53 6a 33 36 77 34 76 4d 50 4c 30 49 44 4d 50 2b 51 59 47 44 7a 73 33 43 7a 77 78 46 67 49 50 2f 69 63 59 50 44 4a 47 4a 53 52 4b 46 7a 34 48 4a 42 78 49 53 68 4a 47 53 79 78 43 45 54 6b 6d 4c 30 78 62 4d 6c 39 58 48 6b 56 46 51 79 4d 6c 57 30 68 67 56 30 74 65 4b 45 5a 52 55 30 35 52 58 6c 64 42 56 6b Data Ascii: Xr4mStXV3lLKdjbaVh5izmbucwIm+qbrCsanBsJC5w7nNz8+5mp/bm5vZvb7GnrjYyuPm2865rtqtsN/mx+O44+/39uv168Ds+wDX+/n52d0CxeDtCvnfEg794xYT1QP02ucP6h37HgMl/PUgIN744vbpGSj36w4vMPL0IDMP+QYGDzs3CzwxFgIP/icYPDJGJSRKFz4HJBxIShJGSyxCETkmL0xbMl9XHkVFQyMlW0hgV0teKEZRU05RXldBVk
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 77 4c 71 38 77 4a 66 44 74 4a 61 4a 77 5a 2b 55 6e 4a 65 46 7a 4d 57 62 30 63 48 55 6a 4b 37 42 6f 5a 6a 59 6c 74 32 64 33 61 2b 59 6d 4d 2b 61 6f 70 7a 6b 31 61 57 79 77 72 2b 6b 72 63 62 6c 72 71 53 70 39 62 57 73 39 4c 66 42 77 74 50 4f 39 66 61 38 41 66 7a 37 2b 37 6f 45 78 73 51 4a 43 51 4d 46 43 64 38 4d 2f 4e 2f 4f 79 42 48 2b 33 39 34 45 79 74 6b 53 37 2b 54 73 35 39 55 64 46 75 73 69 45 69 58 63 2f 68 4c 78 36 43 6e 6d 4c 75 30 75 41 44 4c 37 42 7a 45 79 4e 43 48 31 39 7a 62 74 4d 66 4d 2b 50 51 38 2f 51 44 30 78 51 45 51 78 47 77 56 47 41 68 77 5a 44 7a 42 4b 55 6c 49 6e 42 30 35 54 43 6b 30 74 4a 46 51 34 47 78 46 64 57 68 67 5a 4f 79 4d 6b 48 56 56 62 4d 79 74 5a 59 7a 63 33 58 6b 51 79 4b 55 78 41 4e 69 31 6c 63 6a 49 78 55 33 49 2b 52 33 32 Data Ascii: wLq8wJfDtJaJwZ+UnJeFzMWb0cHUjK7BoZjYlt2d3a+YmM+aopzk1aWywr+krcblrqSp9bWs9LfBwtPO9fa8Afz7+7oExsQJCQMFCd8M/N/OyBH+394EytkS7+Ts59UdFusiEiXc/hLx6CnmLu0uADL7BzEyNCH19zbtMfM+PQ8/QD0xQEQxGwVGAhwZDzBKUlInB05TCk0tJFQ4GxFdWhgZOyMkHVVbMytZYzc3XkQyKUxANi1lcjIxU3I+R32
2024-05-15 10:28:48 UTC	1369	IN	Data Raw: 6f 4b 42 66 4d 6d 58 66 34 54 4e 6d 35 43 49 77 4d 71 65 6e 71 36 33 6d 49 79 52 30 5a 32 51 7a 4f 47 65 6d 4c 75 73 72 36 62 55 36 61 69 63 36 62 2b 73 6f 4b 57 75 72 37 72 68 77 75 6d 32 31 2f 62 48 38 64 4c 79 78 63 62 48 30 37 32 34 32 67 50 4e 75 50 51 4b 77 63 44 69 42 73 33 45 2f 41 72 51 79 41 45 50 33 64 37 75 39 39 62 4d 43 52 62 63 35 68 30 57 34 64 54 5a 33 75 50 6d 46 53 50 78 38 67 4d 75 37 66 59 64 49 2f 6e 6f 36 54 4c 74 36 44 55 36 36 77 4d 71 43 51 6a 30 46 7a 72 2b 43 30 45 6b 42 50 7a 39 50 67 59 54 4f 55 6f 4d 46 30 31 4f 45 68 4e 42 45 78 51 66 4d 43 51 5a 45 55 6b 54 48 52 56 64 51 42 38 5a 59 52 38 6a 48 56 55 6b 4e 42 30 69 61 69 42 6d 62 55 39 48 50 47 70 74 4e 48 4d 31 63 6b 51 36 61 54 4d 2b 50 6e 31 66 57 45 4e 6b 52 46 4b 46 Data Ascii: oKBfMmXf4TNm5CIwMqenq63mIyR0Z2QzOGemLusr6bU6aic6b+soKWur7rhwum21/bH8dLyxcbH07242gPNuPQKwcDiBs3E/ArQyAEP3d7u99bMCRbc5h0W4dTZ3uPmFSPx8gMu7fYdI/no6TLt6DU66wMqCQj0Fzr+C0EkBPz9PgYTOUoMF01OEhNBExQfMCQZEUkTHRVdQB8ZYR8jHVUkNB0iaiBmbU9HPGptNHM1ckQ6aTM+Pn1fWENkRFKF

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:48 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:28:49 UTC	377	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 May 2024 10:28:48 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: hT6a5mZ/MBnDbUb5qKv/mg==$OB1Rh6Dyfwnt1xyYHb3THQ== cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8842717dfbb209f2-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:28:49 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:49 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gKOO7F6MB1sWXxb&MD=pOnmsKRe HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-15 10:28:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: fc7401df-bcde-4f9b-837d-dc40213e7d5d MS-RequestId: 4d3f38bb-82fe-4994-b798-77e38ba8918f MS-CV: vZwKcmYAp0mCdify.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 15 May 2024 10:28:49 GMT Connection: close Content-Length: 24490
2024-05-15 10:28:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-15 10:28:50 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-15 10:28:51 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=246875 Date: Wed, 15 May 2024 10:28:51 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:28:51 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-15 10:28:52 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=246870 Date: Wed, 15 May 2024 10:28:52 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-15 10:28:52 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:29:01 UTC	917	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34166 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 49ad36dfeaf16fd sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xm0ig/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:29:01 UTC	16384	OUT	Data Raw: 76 5f 38 38 34 32 37 31 36 30 37 61 61 39 36 63 38 38 3d 69 7a 4c 75 54 33 48 6a 74 76 6e 57 6e 57 4d 5a 4f 48 66 4a 4c 70 35 57 33 38 48 72 30 59 31 75 33 4c 33 6d 59 45 75 57 4c 33 46 59 43 33 59 5a 71 75 5a 35 59 77 75 39 74 59 4a 59 76 4f 55 51 4a 32 4c 35 4c 68 75 5a 6a 66 59 69 71 33 4d 41 4c 71 35 62 49 59 4f 71 5a 31 57 6d 35 59 5a 79 59 6f 70 32 4a 58 59 78 51 59 31 50 79 75 33 6e 74 41 72 75 33 49 59 67 47 75 59 58 48 59 35 72 4b 71 59 48 55 75 48 24 57 59 48 4d 64 59 4f 51 48 6b 59 48 6a 59 33 31 57 57 68 6b 49 64 59 33 6a 59 52 71 71 45 6c 68 5a 4c 58 4c 59 39 68 75 71 59 70 4a 33 4e 39 33 32 74 75 67 24 43 30 51 59 69 4c 71 59 67 59 57 79 59 43 4e 4a 62 59 5a 69 41 47 5a 7a 6a 72 54 6b 33 7a 61 6e 4a 41 61 7a 66 48 46 78 65 56 68 31 64 50 6b Data Ascii: v_884271607aa96c88=izLuT3HjtvnWnWMZOHfJLp5W38Hr0Y1u3L3mYEuWL3FYC3YZquZ5Ywu9tYJYvOUQJ2L5LhuZjfYiq3MALq5bIYOqZ1Wm5YZyYop2JXYxQY1Pyu3ntAru3IYgGuYXHY5rKqYHUuH$WYHMdYOQHkYHjY31WWhkIdY3jYRqqElhZLXLY9huqYpJ3N932tug$C0QYiLqYgYWyYCNJbYZiAGZzjrTk3zanJAazfHFxeVh1dPk
2024-05-15 10:29:01 UTC	16384	OUT	Data Raw: 75 71 59 6a 75 4b 71 33 74 33 75 33 7a 71 52 59 46 45 6e 51 35 78 59 4d 48 76 58 48 61 76 72 72 67 59 49 4c 5a 6b 33 64 51 2d 59 35 59 63 49 59 57 59 30 6b 48 71 48 70 59 52 59 67 75 48 6a 59 6e 75 57 51 48 49 59 30 59 67 4c 48 6d 59 71 75 63 74 48 58 59 4b 75 67 6e 48 46 59 6f 75 57 74 48 64 59 44 75 35 7a 48 4b 59 71 71 63 6e 48 72 59 6e 71 57 70 48 44 59 44 71 63 6c 48 47 59 4b 71 63 70 48 69 59 52 71 35 6c 48 2d 59 6c 51 35 79 48 76 59 42 71 35 4d 48 24 59 30 71 57 76 44 6d 59 63 45 59 36 4c 6e 6e 39 59 48 51 48 6e 79 68 6c 48 6c 59 32 59 33 71 59 39 75 6f 77 55 75 5a 51 4c 66 59 33 57 48 44 51 6d 37 75 4c 67 47 7a 64 73 67 7a 59 4e 66 33 6e 33 59 33 53 59 67 59 57 71 48 24 75 4b 67 47 73 32 35 4c 24 30 47 49 5a 67 64 65 67 47 58 76 6a 51 31 36 70 51 Data Ascii: uqYjuKq3t3u3zqRYFEnQ5xYMHvXHavrrgYILZk3dQ-Y5YcIYWY0kHqHpYRYguHjYnuWQHIY0YgLHmYquctHXYKugnHFYouWtHdYDu5zHKYqqcnHrYnqWpHDYDqclHGYKqcpHiYRq5lH-YlQ5yHvYBq5MH$Y0qWvDmYcEY6Lnn9YHQHnyhlHlY2Y3qY9uowUuZQLfY3WHDQm7uLgGzdsgzYNf3n3Y3SYgYWqH$uKgGs25L$0GIZgdegGXvjQ16pQ
2024-05-15 10:29:01 UTC	1398	OUT	Data Raw: 52 35 30 48 44 34 6a 4a 5a 59 47 6e 59 69 75 59 63 39 36 73 63 39 4c 59 24 56 47 71 75 5a 34 62 46 63 4f 55 24 4c 59 49 64 6a 77 67 75 4e 30 62 34 61 6a 74 59 64 55 52 69 6d 37 45 43 68 65 59 59 55 4b 66 47 52 49 67 34 24 76 59 57 71 33 55 73 52 57 73 66 38 65 59 4a 51 48 6d 6a 6e 66 64 6b 48 4c 33 6a 72 6e 55 41 6d 48 33 2d 69 74 4c 74 71 78 59 4d 71 33 4c 33 77 58 4a 6e 4c 73 42 56 59 53 68 54 74 6c 2d 75 4b 59 35 43 34 69 39 69 75 68 24 77 73 59 4a 59 59 6e 33 35 59 65 51 67 37 69 79 47 47 74 31 57 5a 5a 64 43 4a 35 30 6d 32 58 71 6d 5a 48 4b 6f 47 42 78 72 65 65 6d 39 4c 75 69 75 24 6a 71 62 33 73 4d 59 70 6a 46 48 66 66 33 6a 4b 76 59 68 74 77 67 73 4b 61 71 6e 33 79 73 45 24 44 43 69 51 59 38 4f 68 4c 42 38 4b 4b 55 37 65 67 6f 63 47 24 7a 6d 58 39 Data Ascii: R50HD4jJZYGnYiuYc96sc9LY$VGquZ4bFcOU$LYIdjwguN0b4ajtYdURim7ECheYYUKfGRIg4$vYWq3UsRWsf8eYJQHmjnfdkHL3jrnUAmH3-itLtqxYMq3L3wXJnLsBVYShTtl-uKY5C4i9iuh$wsYJYYn35YeQg7iyGGt1WZZdCJ50m2XqmZHKoGBxreem9Luiu$jqb3sMYpjFHff3jKvYhtwgsKaqn3ysE$DCiQY8OhLB8KKU7egocG$zmX9
2024-05-15 10:29:01 UTC	449	IN	HTTP/1.1 200 OK Date: Wed, 15 May 2024 10:29:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 3372 Connection: close cf-chl-out-s: gzLXSje83YEQNllPDMdhKw==$Rm+L/hwXRXVxKwYKQtxZQA== cf-chl-out: XQztSxPR0VLSwLoTq9GNLo+2efMYNcoeu3pHANS5dNGRDiK0aj63v6XD3cahpbXYHqU0VDztkXXqW0Hcn81VoWwduWIpNz9yeW7PLHq+DW7TUbvIrcI2Likt2dYCMDtY$xzRMXwRRCUZ97cS28Ce8IQ== Server: cloudflare CF-RAY: 884271cd4b59da6b-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:29:01 UTC	920	IN	Data Raw: 58 6b 5a 61 57 30 79 42 63 56 46 71 63 48 39 49 62 4a 57 5a 6d 57 53 63 6b 70 39 66 64 5a 61 61 6e 5a 57 62 6b 6f 46 6c 6d 4a 57 47 6e 32 32 41 69 32 69 6c 6b 47 2b 46 69 71 65 30 69 61 6d 56 75 49 32 74 6b 36 2b 70 77 5a 61 36 72 4a 4b 63 6d 36 69 66 79 72 61 62 69 70 65 2b 6f 4b 4c 52 73 73 71 6a 69 4b 50 4d 72 36 2b 33 30 4c 65 70 76 74 2b 37 7a 72 37 6b 76 4c 75 7a 77 65 66 59 75 39 76 71 32 71 62 43 78 73 72 6e 78 66 58 51 36 72 58 70 36 74 72 32 75 75 2f 63 30 66 48 79 39 65 33 54 38 76 73 42 32 2f 54 39 42 4e 72 36 45 4d 33 6d 36 51 66 53 36 4f 55 54 2b 65 63 46 30 2f 6b 4c 2b 50 48 65 41 75 2f 64 38 52 55 45 49 79 55 72 39 43 51 73 39 53 77 59 44 2f 44 6f 44 51 2f 7a 46 68 49 7a 4c 6a 41 62 42 53 73 4e 45 67 38 34 41 52 6c 42 49 54 6b 6a 46 54 4d Data Ascii: XkZaW0yBcVFqcH9IbJWZmWSckp9fdZaanZWbkoFlmJWGn22Ai2ilkG+Fiqe0iamVuI2tk6+pwZa6rJKcm6ifyrabipe+oKLRssqjiKPMr6+30Lepvt+7zr7kvLuzwefYu9vq2qbCxsrnxfXQ6rXp6tr2uu/c0fHy9e3T8vsB2/T9BNr6EM3m6QfS6OUT+ecF0/kL+PHeAu/d8RUEIyUr9CQs9SwYD/DoDQ/zFhIzLjAbBSsNEg84ARlBITkjFTM
2024-05-15 10:29:01 UTC	1369	IN	Data Raw: 43 78 59 79 41 42 59 30 52 6a 31 45 51 54 6f 72 42 52 35 4c 53 53 70 4a 53 45 77 4b 49 6c 49 55 4c 6b 5a 51 47 43 6f 62 56 45 6c 67 54 31 6f 30 48 6a 78 64 52 31 78 6e 59 32 52 73 53 47 39 59 61 47 64 79 52 33 45 2f 64 55 70 50 53 32 6f 35 4e 6c 46 36 55 44 31 53 63 6e 78 38 68 58 35 78 63 45 61 41 68 6c 61 46 66 32 4e 43 6b 6f 4e 53 6b 48 32 54 56 70 46 71 6d 46 68 71 58 4a 68 77 61 6c 4f 65 64 5a 53 68 6c 6d 53 48 64 4a 75 54 70 4b 75 74 6d 6e 70 76 6f 36 79 6c 6a 62 4f 76 6b 72 6d 76 74 62 53 52 76 4c 65 70 6b 4c 75 6a 67 62 58 43 67 38 44 43 79 5a 36 57 77 63 32 4d 76 4b 62 4c 74 4e 43 48 31 35 4c 51 79 74 53 37 31 4d 72 54 78 39 6d 75 31 4d 79 37 75 75 61 6b 75 71 53 6d 35 4e 33 43 36 75 6d 69 32 75 66 64 34 4f 50 7a 37 66 48 53 39 38 79 31 38 77 44 Data Ascii: CxYyABY0Rj1EQTorBR5LSSpJSEwKIlIULkZQGCobVElgT1o0HjxdR1xnY2RsSG9YaGdyR3E/dUpPS2o5NlF6UD1Scnx8hX5xcEaAhlaFf2NCkoNSkH2TVpFqmFhqXJhwalOedZShlmSHdJuTpKutmnpvo6yljbOvkrmvtbSRvLepkLujgbXCg8DCyZ6Wwc2MvKbLtNCH15LQytS71MrTx9mu1My7uuakuqSm5N3C6umi2ufd4OPz7fHS98y18wD
2024-05-15 10:29:01 UTC	1083	IN	Data Raw: 45 45 35 49 6b 51 64 43 55 31 44 49 45 30 72 54 68 42 46 4c 46 52 51 44 6a 41 52 51 7a 59 31 57 44 45 5a 48 46 78 63 56 54 35 66 58 78 34 38 61 44 78 6b 53 47 70 6e 62 54 78 6a 61 6a 39 4f 62 46 38 71 53 32 39 31 61 47 70 33 50 46 70 77 65 7a 2b 41 67 59 52 43 50 6c 36 44 52 30 57 42 6a 55 70 47 58 59 52 6c 59 32 56 4e 61 47 4e 75 69 6c 68 75 6a 4a 36 56 6e 4a 6d 53 67 31 31 32 6f 36 47 43 6f 61 43 6b 59 6e 71 71 62 49 61 65 71 48 43 43 63 36 79 68 75 4b 65 79 6a 48 61 55 74 5a 2b 30 76 37 75 38 78 4b 44 48 73 4d 43 2f 79 70 2f 4a 6c 38 32 69 70 36 50 43 6b 59 36 70 30 71 69 56 71 73 72 55 31 4e 33 57 79 63 69 65 32 4e 36 75 33 64 65 37 6d 75 72 62 71 75 6a 56 36 36 37 70 77 76 43 77 77 72 54 77 79 4d 4b 72 39 73 33 73 2b 65 36 38 33 38 7a 7a 36 2f 77 45 Data Ascii: EE5IkQdCU1DIE0rThBFLFRQDjARQzY1WDEZHFxcVT5fXx48aDxkSGpnbTxjaj9ObF8qS291aGp3PFpwez+AgYRCPl6DR0WBjUpGXYRlY2VNaGNuilhujJ6VnJmSg112o6GCoaCkYnqqbIaeqHCCc6yhuKeyjHaUtZ+0v7u8xKDHsMC/yp/Jl82ip6PCkY6p0qiVqsrU1N3Wycie2N6u3de7murbqujV667pwvCwwrTwyMKr9s3s+e6838zz6/wE

Timestamp	Bytes transferred	Direction	Data
2024-05-15 10:29:02 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1544402827:1715764475:cEU5a_PHv6cLvlfK80bJEZetYQ5wOikFzRnbQ8VTbL0/884271607aa96c88/49ad36dfeaf16fd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-15 10:29:02 UTC	377	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 May 2024 10:29:02 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: r89UH4rB85Cw5JYV5nrsCQ==$Z12dHrn5AWKXTbtzR5t2VQ== cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 884271d13f0102dc-MIA alt-svc: h3=":443"; ma=86400
2024-05-15 10:29:02 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid