Windows Analysis Report
Taylorfarms1VS7-HKQZ7K-XAF9.pdf

Overview

General Information

Sample name: Taylorfarms1VS7-HKQZ7K-XAF9.pdf
Analysis ID: 1446924
MD5: 5d6fea2e4feaff4ea9efa6a8f3bd5b41
SHA1: 31bfd638ca58bd46aa9f16c07625eacf3b7ca4c3
SHA256: 515a076b87a98ac84a440d895d418f04bf8215c5d23d13a46c3a707869a3ec7e
Infos:

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Yara detected HtmlPhish10
AI detected suspicious javascript
Phishing site detected (based on logo match)
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Invalid 'forgot password' link found
JA3 SSL client fingerprint seen in connection with other malware
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://qrbarcodepdfauthentication.com/boot/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac4 Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/jq/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3abf Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/2 Avira URL Cloud: Label: malware
Source: https://www.signable.us/ Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/cdn-cgi/challenge-platform/h/b/flow/ov1/847735381:1716502368:DI6K_33vfJLBggrqoQzkGVSUfzV-Ei_MzZut-BncrMg/8888ccb0e85c43e3/ca07ea9a478c4a8 Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/e/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b45 Avira URL Cloud: Label: malware
Source: https://qreventsharedfilesonpdf.com/docauth/ Avira URL Cloud: Label: phishing
Source: https://qrbarcodepdfauthentication.com/favicon.ico Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/jm/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac5 Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8888ccb0e85c43e3 Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/M Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/api-as1f?email=daguilar@taylorfarms.com&data=background Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/api-as1f?email=daguilar@taylorfarms.com&data=logo Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/o/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b3e Avira URL Cloud: Label: malware
Source: https://qrbarcodepdfauthentication.com/APP-QUUQZR/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6916 Avira URL Cloud: Label: malware

Phishing
barindex
AI detected phishing page
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd' is highly suspicious and does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The site uses social engineering techniques by mimicking a Microsoft login page to trick users into entering their password. The presence of a login form asking for a password further indicates phishing intent. DOM: 3.7.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 3.7.pages.csv, type: HTML
AI detected suspicious javascript
Source: https://qreventsharedfilesonpdf.com/docauth/#5883ZGFndWlsYXJAdGF5bG9yZmFybXMuY29t??lCRr==49695=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d# LLM: Score: 8 Reasons: The JavaScript code appears to manipulate the URL and redirect the user to another site (https://qrbarcodepdfauthentication.com/M). This behavior is often associated with phishing attacks, as it can be used to redirect users to malicious websites. The obfuscation of the code further raises suspicion, as it is a common technique used to hide malicious intent. DOM: 0.0.pages.csv
Source: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t LLM: Score: 7 Reasons: The code contains obfuscated and lengthy hexadecimal strings which could be used to hide malicious activities. The presence of encoded URLs and tokens suggests potential phishing or unauthorized data access. The domain 'qrbarcodepdfauthentication.com' is suspicious and not commonly associated with legitimate services. While some elements could be related to tracking or advertisement, the overall complexity and obfuscation raise significant concerns. DOM: 1.1.pages.csv
Phishing site detected (based on logo match)
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: Number of links: 0
HTML page contains hidden URLs or javascript code
Source: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP Parser: Base64 decoded: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t
HTML title does not match URL
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: Title: 4c4f70018422840a53af59483a3a7d03664fd08cc7f92 does not match URL
Invalid 'forgot password' link found
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: Invalid link: Fjojrjgjojtj jmjyj jpjajsjsjwjojrjd
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: <input type="password" .../> found
Source: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP Parser: No favicon
Source: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP Parser: No favicon
Source: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: No favicon
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: No favicon
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: No <meta name="author".. found
Source: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: www.jneurosci.org to https://qreventsharedfilesonpdfcom/docauth/
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.246.203 104.17.246.203
Source: Joe Sandbox View IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View IP Address: 188.114.96.3 188.114.96.3
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.16.100.48
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: global traffic HTTP traffic detected: GET /highwire_log/share/reddit?link=https%3A%2F%2Fqreventsharedfilesonpdf%E3%80%82com/docauth/ HTTP/1.1Host: www.jneurosci.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /docauth/ HTTP/1.1Host: qreventsharedfilesonpdf.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://qreventsharedfilesonpdf.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://qreventsharedfilesonpdf.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8888ccb0e85c43e3 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t?__cf_chl_rt_tk=eor_sv7x6tqyZGsYLCLU1wxEFpLepcitEF_dTFxnIX4-1716506667-0.0.1.1-1663Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js?onload=gayxv3&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://qrbarcodepdfauthentication.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/847735381:1716502368:DI6K_33vfJLBggrqoQzkGVSUfzV-Ei_MzZut-BncrMg/8888ccb0e85c43e3/ca07ea9a478c4a8 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8888ccc24da44381 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1963781076:1716502226:dvJvWstRVXlPW9BABJZd_3drpu2HTNqJEQzJmjO2eIE/8888ccc24da44381/99303ef48c10824 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8888ccc24da44381/1716506672557/HijGlZLEE2JATpy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8888ccc24da44381/1716506672557/HijGlZLEE2JATpy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8888ccc24da44381/1716506672557/39acde6229b1a99262dc72f278a859320bd99e3e6f64e5ba16ac208e08b1f0dd/m0cZ5tcBk6M_Uph HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AoszanGldR6XBcS&MD=B4W5PLaZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1963781076:1716502226:dvJvWstRVXlPW9BABJZd_3drpu2HTNqJEQzJmjO2eIE/8888ccc24da44381/99303ef48c10824 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=AoszanGldR6XBcS&MD=B4W5PLaZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1963781076:1716502226:dvJvWstRVXlPW9BABJZd_3drpu2HTNqJEQzJmjO2eIE/8888ccc24da44381/99303ef48c10824 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/847735381:1716502368:DI6K_33vfJLBggrqoQzkGVSUfzV-Ei_MzZut-BncrMg/8888ccb0e85c43e3/ca07ea9a478c4a8 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t?__cf_chl_tk=eor_sv7x6tqyZGsYLCLU1wxEFpLepcitEF_dTFxnIX4-1716506667-0.0.1.1-1663Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t?__cf_chl_tk=eor_sv7x6tqyZGsYLCLU1wxEFpLepcitEF_dTFxnIX4-1716506667-0.0.1.1-1663Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /jq/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3abf HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /boot/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac4 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /jm/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac5 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /axios/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /axios@1.7.2/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://qrbarcodepdfauthentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /APP-QUUQZR/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6916 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /2 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /api-as1f?email=daguilar@taylorfarms.com&data=logo HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /api-as1f?email=daguilar@taylorfarms.com&data=background HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"Accept: application/json, text/plain, */*sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /o/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b3e HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /e/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b45 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80ddAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=lr7WE38YX6vLlPr4378hl.0NDOHcoKm2VyB46sIboLk-1716506667-1.0.1.1-ywMY8wQ7zA7nEaGVw0KphtZcBU.tgD3XDJcHtqGcKkuh7hmS1FCiF5VcxKYeQoDqdgoRd3IdRNtrPYVEOOMsPw; PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /e/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b45 HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /o/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b3e HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /api-as1f?email=daguilar@taylorfarms.com&data=background HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/illustration?ts=638454295683009577 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api-as1f?email=daguilar@taylorfarms.com&data=logo HTTP/1.1Host: qrbarcodepdfauthentication.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ad86206d6ea0362859678e28a2c2cd13
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/bannerlogo?ts=638454295656641193 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qrbarcodepdfauthentication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/illustration?ts=638454295683009577 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/bannerlogo?ts=638454295656641193 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.jneurosci.org
Source: global traffic DNS traffic detected: DNS query: qreventsharedfilesonpdf.com
Source: global traffic DNS traffic detected: DNS query: qrbarcodepdfauthentication.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: unpkg.com
Source: global traffic DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: unknown HTTP traffic detected: POST /report/v4?s=V7PmQZEsE8kBksIcZ4AnNM0%2BI4drUy7gfbI%2FSLEusjAwCDUivQOMuMEsZ2av4arBuC%2Fuwb3gF59MYxQT7jGNtuG7DVtsoyupzMhaHf8oYMZ9dEfJkSe3rgMttgHX5vuD%2F8KRwoXZk4AM2C28lkGcKxc%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 469Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:24:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16619Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:24:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16768Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:24:29 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16568Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:24:30 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: CPk9jvbeLXsN1UIK3MDlTw==$gG+FRDcGuirCuLnb+KLqzw==Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Try6x4XOXo0SyqnoNsU898aV19VmdTU3ujHRkrONHmApYo5OiIEVUceuifEkz6tJtNhMammntIPay0PY8Z%2FLofGXZlCHFuyXvJm2mii1n5BWx5qP364eDTVdgmKXhhy0qnvIcBYGZ6JTC8omVUypfag%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8888ccc23a87c3ee-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:24:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16568Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:24:33 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: Dyv4k6HCgsRmpxYVe/RWZQ==$kRNWSxWUV2WQ6k3nlC6nLQ==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8888ccd658c05e61-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:24:36 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: A7enLAHT3EoRWowegGylKg==$Rm+MuLNhRIn1Q93xBvZ1zQ==Server: cloudflareCF-RAY: 8888cce8f8f842ec-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:26:03 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: y512Yd8r/5n6NbnF2DKtDA==$CJr3O/RiAzUKEQVducHaHg==Server: cloudflareCF-RAY: 8888cf080be078d6-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:26:04 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: a76E3z6Su7wyFQw6rMtG/g==$+IXUQvBctSrFm2pSN06Tvg==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DfLdA0LsBB4xPWA0K38g77gqLipdyxdcBwEF7zVFwXJ9ARTG8XRkNgF3MYJ6yiloWFGF3hd7bEEMHOpPoZt7p3nweIl9T5l67%2BhmNCs5kPbevBuU4yeP47%2FZcd4tXMBTe6XEib%2FnPS2JyMVM9LCTlls%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8888cf0d0eb642ce-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16653Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 23:26:08 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHhd9dWDeagWBX4fJ7sqyIDStjdrmwN4a%2FIPZcVMjEGCQItU6QWIPTbAzR0Izfc5jK26iUYBwKaUNmHX7RxESgebP%2FQNXnoEXwHulrdCxZ0OEqFOhE8Sef0iI%2FElebrTFLsJobvLFL9KLcpj1awZzpM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8888cf272b3672a5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:09 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16163Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16514Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16492Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16567Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 May 2024 23:26:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16499Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: a2a8e9f8-e900-454a-ac32-dd756438e1bf.tmp.3.dr, 7a2c35a2-da09-4aab-8554-d30004bb6c60.tmp.3.dr String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_186.5.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_186.5.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_186.5.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_185.5.dr String found in binary or memory: https://qrbarcodepdfauthentication.com/M
Source: chromecache_185.5.dr String found in binary or memory: https://www.signable.us/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: classification engine Classification label: mal72.phis.winPDF@35/88@28/12
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7124 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-23 19-24-24-196.log Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Taylorfarms1VS7-HKQZ7K-XAF9.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1592,i,14515335496562884618,17631141373330643909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.jneurosci.org/highwire_log/share/reddit?link=https%3A%2F%2Fqreventsharedfilesonpdf%E3%80%82com/docauth/#5883ZGFndWlsYXJAdGF5bG9yZmFybXMuY29t??lCRr==49695=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1952,i,13626343138641345857,11972276155321232469,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1592,i,14515335496562884618,17631141373330643909,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1952,i,13626343138641345857,11972276155321232469,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Taylorfarms1VS7-HKQZ7K-XAF9.pdf Initial sample: PDF keyword /JS count = 0
Source: Taylorfarms1VS7-HKQZ7K-XAF9.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Taylorfarms1VS7-HKQZ7K-XAF9.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1446924 Sample: Taylorfarms1VS7-HKQZ7K-XAF9.pdf Startdate: 24/05/2024 Architecture: WINDOWS Score: 72 32 Antivirus detection for URL or domain 2->32 34 AI detected phishing page 2->34 36 Yara detected HtmlPhish10 2->36 38 2 other signatures 2->38 7 chrome.exe 9 2->7         started        10 Acrobat.exe 20 66 2->10         started        process3 dnsIp4 22 192.168.2.16, 138, 443, 49484 unknown unknown 7->22 24 239.255.255.250 unknown Reserved 7->24 12 chrome.exe 7->12         started        15 AcroCEF.exe 108 10->15         started        process5 dnsIp6 26 qrbarcodepdfauthentication.com 104.21.95.123, 443, 49707, 49708 CLOUDFLARENETUS United States 12->26 28 www.google.com 142.250.184.196, 443, 49720, 49748 GOOGLEUS United States 12->28 30 9 other IPs or domains 12->30 17 AcroCEF.exe 6 15->17         started        process7 dnsIp8 20 23.47.168.24, 443, 49739 AKAMAI-ASUS United States 17->20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.184.196
 www.google.com United States
15169 GOOGLEUS false
104.17.246.203
 unpkg.com United States
13335 CLOUDFLARENETUS false
104.18.34.200
 www.jneurosci.org United States
13335 CLOUDFLARENETUS false
104.17.3.184
 unknown United States
13335 CLOUDFLARENETUS false
23.47.168.24
 unknown United States
16625 AKAMAI-ASUS false
104.21.95.123
 qrbarcodepdfauthentication.com United States
13335 CLOUDFLARENETUS true
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.96.3
 qreventsharedfilesonpdf.com European Union
13335 CLOUDFLARENETUS false
152.199.21.175
 sni1gl.wpc.upsiloncdn.net United States
15133 EDGECASTUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
104.17.2.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
www.jneurosci.org 104.18.34.200 true
qrbarcodepdfauthentication.com 104.21.95.123 true
sni1gl.wpc.upsiloncdn.net 152.199.21.175 true
qreventsharedfilesonpdf.com 188.114.96.3 true
challenges.cloudflare.com 104.17.2.184 true
www.google.com 142.250.184.196 true
unpkg.com 104.17.246.203 true
aadcdn.msauthimages.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8888ccc24da44381/1716506672557/HijGlZLEE2JATpy false
  • Avira URL Cloud: safe
 unknown
https://aadcdn.msauthimages.net/dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/illustration?ts=638454295683009577 false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8888ccc24da44381 false
  • Avira URL Cloud: safe
 unknown
https://www.jneurosci.org/highwire_log/share/reddit?link=https%3A%2F%2Fqreventsharedfilesonpdf%E3%80%82com/docauth/ false
  • Avira URL Cloud: safe
 unknown
https://qrbarcodepdfauthentication.com/boot/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac4 false
  • Avira URL Cloud: malware
 unknown
https://qrbarcodepdfauthentication.com/cdn-cgi/challenge-platform/h/b/flow/ov1/847735381:1716502368:DI6K_33vfJLBggrqoQzkGVSUfzV-Ei_MzZut-BncrMg/8888ccb0e85c43e3/ca07ea9a478c4a8 false
  • Avira URL Cloud: malware
 unknown
https://qrbarcodepdfauthentication.com/jq/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3abf false
  • Avira URL Cloud: malware
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1963781076:1716502226:dvJvWstRVXlPW9BABJZd_3drpu2HTNqJEQzJmjO2eIE/8888ccc24da44381/99303ef48c10824 false
  • Avira URL Cloud: safe
 unknown
https://qreventsharedfilesonpdf.com/docauth/#5883ZGFndWlsYXJAdGF5bG9yZmFybXMuY29t??lCRr==49695=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d# true
    		unknown
    https://qrbarcodepdfauthentication.com/2 false
    • Avira URL Cloud: malware
    		 unknown
    https://qrbarcodepdfauthentication.com/favicon.ico false
    • Avira URL Cloud: malware
    		 unknown
    https://qreventsharedfilesonpdf.com/docauth/ false
    • Avira URL Cloud: phishing
    		 unknown
    https://aadcdn.msauthimages.net/dbd5a2dd-2-9w78ronpz5zkipfl1ahlxmjf3f2wwvw0nuoqfn-kw/logintenantbranding/0/bannerlogo?ts=638454295656641193 false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/2450o/0x4AAAAAAADnPIDROrmt1Wwj/light/normal false
      		unknown
      https://qrbarcodepdfauthentication.com/jm/425cb2f9ba00f9ccfdfbce46c58880aa664fd08dc3ac5 false
      • Avira URL Cloud: malware
      		 unknown
      https://a.nel.cloudflare.com/report/v4?s=c0iRH1STUaaM4CEjW2KxeAwUanrTWX4MJDtZbcTm7N%2FQ%2FSCjsxQxvF1kNAVc1CVXv7b7y43tca9Lh7xds4XZrhLE9%2BizCvVlscBqzUhkXgHaMmitf9pOzQVtnN994VYYmTAaIQYuiLY94BaikkEEv6Q%3D false
      • Avira URL Cloud: safe
      		 unknown
      https://qrbarcodepdfauthentication.com/e/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b45 false
      • Avira URL Cloud: malware
      		 unknown
      https://a.nel.cloudflare.com/report/v4?s=V7PmQZEsE8kBksIcZ4AnNM0%2BI4drUy7gfbI%2FSLEusjAwCDUivQOMuMEsZ2av4arBuC%2Fuwb3gF59MYxQT7jGNtuG7DVtsoyupzMhaHf8oYMZ9dEfJkSe3rgMttgHX5vuD%2F8KRwoXZk4AM2C28lkGcKxc%3D false
      • Avira URL Cloud: safe
      		 unknown
      https://qrbarcodepdfauthentication.com/6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dcPAS6fc27ea7f3db2fd9787a0f6b674d5bc4664fd08cc80dd true
        		unknown
        https://qrbarcodepdfauthentication.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8888ccb0e85c43e3 false
        • Avira URL Cloud: malware
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=Try6x4XOXo0SyqnoNsU898aV19VmdTU3ujHRkrONHmApYo5OiIEVUceuifEkz6tJtNhMammntIPay0PY8Z%2FLofGXZlCHFuyXvJm2mii1n5BWx5qP364eDTVdgmKXhhy0qnvIcBYGZ6JTC8omVUypfag%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://unpkg.com/axios@1.7.2/dist/axios.min.js false
        • Avira URL Cloud: safe
        		 unknown
        https://qrbarcodepdfauthentication.com/api-as1f?email=daguilar@taylorfarms.com&data=background false
        • Avira URL Cloud: malware
        		 unknown
        https://qrbarcodepdfauthentication.com/MZGFndWlsYXJAdGF5bG9yZmFybXMuY29t true
          		unknown
          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
          • Avira URL Cloud: safe
          		 unknown
          https://unpkg.com/axios/dist/axios.min.js false
          • URL Reputation: safe
          		 unknown
          https://qrbarcodepdfauthentication.com/api-as1f?email=daguilar@taylorfarms.com&data=logo false
          • Avira URL Cloud: malware
          		 unknown
          https://qrbarcodepdfauthentication.com/o/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6b3e false
          • Avira URL Cloud: malware
          		 unknown
          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8888ccc24da44381/1716506672557/39acde6229b1a99262dc72f278a859320bd99e3e6f64e5ba16ac208e08b1f0dd/m0cZ5tcBk6M_Uph false
          • Avira URL Cloud: safe
          		 unknown
          https://qrbarcodepdfauthentication.com/APP-QUUQZR/425cb2f9ba00f9ccfdfbce46c58880aa664fd090a6916 false
          • Avira URL Cloud: malware
          		 unknown