Resubmissions

18/10/2024, 08:45 UTC

241018-knxmvazgjp 8

18/10/2024, 08:37 UTC

241018-kjayaaxcpf 8

18/10/2024, 08:36 UTC

241018-khvw3axcmd 8

18/10/2024, 07:54 UTC

241018-jrwpaavhje 8

18/10/2024, 07:44 UTC

241018-jktw4svema 8

Analysis

  • max time kernel
    145s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 08:37 UTC

General

  • Target

    https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
      2⤵
        PID:900
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
        2⤵
          PID:1744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:3076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:2644
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                2⤵
                  PID:4912
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
                  2⤵
                    PID:756
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                    2⤵
                      PID:1572
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                      2⤵
                        PID:4396
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                        2⤵
                          PID:2424
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                          2⤵
                            PID:4936
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                            2⤵
                              PID:3380
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2152
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                              2⤵
                                PID:4628
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:332
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4988

                                Network

                                • flag-us
                                  DNS
                                  816b462f.5880c482d0a3061180a519e9.workers.dev
                                  msedge.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  816b462f.5880c482d0a3061180a519e9.workers.dev
                                  IN A
                                  Response
                                  816b462f.5880c482d0a3061180a519e9.workers.dev
                                  IN A
                                  104.21.73.205
                                  816b462f.5880c482d0a3061180a519e9.workers.dev
                                  IN A
                                  172.67.192.37
                                • flag-us
                                  GET
                                  https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
                                  msedge.exe
                                  Remote address:
                                  104.21.73.205:443
                                  Request
                                  GET /?qrc=abc@test.com HTTP/2.0
                                  host: 816b462f.5880c482d0a3061180a519e9.workers.dev
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  sec-ch-ua-mobile: ?0
                                  dnt: 1
                                  upgrade-insecure-requests: 1
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  sec-fetch-site: none
                                  sec-fetch-mode: navigate
                                  sec-fetch-user: ?1
                                  sec-fetch-dest: document
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:40 GMT
                                  content-type: text/html
                                  report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P4tHNWADo0zKjU6zoNcx42aRs189GnSxittlELHvvL7xfUI54c0uh2WuI%2BFlEDtetMl3378epijNKRGGiIi5dTIkfVOWJMWbmXkPDgvTwog6n3ZcR1Jc6HCqMvc1cAWJkmYk13rHGuo1FTbGyn15mjQ4S7PC3C0wrr%2BQiVqReJk%3D"}],"group":"cf-nel","max_age":604800}
                                  nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 8d47352fdd14bed5-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://816b462f.5880c482d0a3061180a519e9.workers.dev/favicon.ico
                                  msedge.exe
                                  Remote address:
                                  104.21.73.205:443
                                  Request
                                  GET /favicon.ico HTTP/2.0
                                  host: 816b462f.5880c482d0a3061180a519e9.workers.dev
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:40 GMT
                                  content-type: text/html
                                  report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Kqk0yDARVeEkBASng0eAOb7FmER8HReizH5t2tVnhPgucdUNFuVglYLTp%2BI%2FtkSABeB9sH7QvsZbHY8BFrLTNa8%2FygQ%2BWkRady1tbMS%2FzhHpxf40xwzYlU9Lcg2YRJVgae%2FQUbHCf6NHoawhsC1ltxy8LOeafucCV2hm5P3zPA%3D"}],"group":"cf-nel","max_age":604800}
                                  nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 8d473531ffd9bed5-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  DNS
                                  challenges.cloudflare.com
                                  msedge.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  challenges.cloudflare.com
                                  IN A
                                  Response
                                  challenges.cloudflare.com
                                  IN A
                                  104.18.95.41
                                  challenges.cloudflare.com
                                  IN A
                                  104.18.94.41
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 302
                                  date: Fri, 18 Oct 2024 08:37:40 GMT
                                  content-length: 0
                                  access-control-allow-origin: *
                                  cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
                                  cross-origin-resource-policy: cross-origin
                                  location: /turnstile/v0/b/62ec4f065604/api.js
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 8d4735315a03bf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /turnstile/v0/b/62ec4f065604/api.js HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:40 GMT
                                  content-type: application/javascript; charset=UTF-8
                                  last-modified: Tue, 01 Oct 2024 14:19:56 GMT
                                  cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
                                  access-control-allow-origin: *
                                  cross-origin-resource-policy: cross-origin
                                  vary: Accept-Encoding
                                  server: cloudflare
                                  cf-ray: 8d4735319a43bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/ HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  sec-ch-ua-mobile: ?0
                                  upgrade-insecure-requests: 1
                                  dnt: 1
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: navigate
                                  sec-fetch-dest: iframe
                                  referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:40 GMT
                                  content-type: text/html; charset=UTF-8
                                  content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
                                  critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                  cross-origin-resource-policy: cross-origin
                                  cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                  document-policy: js-profiling
                                  origin-agent-cluster: ?1
                                  referrer-policy: same-origin
                                  permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                  cross-origin-opener-policy: same-origin
                                  cross-origin-embedder-policy: require-corp
                                  accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                  server: cloudflare
                                  cf-ray: 8d473531eaa6bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3D
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3D HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:41 GMT
                                  content-type: image/png
                                  content-length: 61
                                  cache-control: max-age=2629800, public
                                  server: cloudflare
                                  cf-ray: 8d4735337c3dbf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=auto
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=auto HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:41 GMT
                                  content-type: application/javascript; charset=UTF-8
                                  cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                  server: cloudflare
                                  cf-ray: 8d473533ecbcbf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  POST
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  POST /cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9 HTTP/2.0
                                  host: challenges.cloudflare.com
                                  content-length: 2851
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  cf-challenge: 7d14c79bf1119e9
                                  content-type: application/x-www-form-urlencoded
                                  accept: */*
                                  origin: https://challenges.cloudflare.com
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:41 GMT
                                  content-type: text/plain; charset=UTF-8
                                  cf-chl-gen: RXNTZg7z/an3q3uZKllinhI1PCM5IbMHcvj64G4sXBVK7kSZ3mPKqLPwmCm6WgPs1jtnNwOHmowDApEYEvmBw7Zr8lBxzO2mEQsvnJ1M2ormbk5dJa8L/8W1NdpwCVrEP/1xhBS+GziCAaat3VdxInb8uMxYBKdMTYZVboBxc7mylaN4l8wu+A4/nCMzOua6lLKueU4WOX0F7/AWfxBqhaMo1VkbzYgUZ3olY0yrYgbLJx5KzxPFu6zwuY7Aqo0YZOW0eBPF+BhU4SzQ+N7kMEErAP4BNKfBtCWrhTtBO/Hgoe88jywFuhq+laFhyik12SV3IwM6B943B6gi3vKDthYegzoieKX39QFf+KWx9BBta6HqTkT05BVG+nJ23ZjjYsgO8t7U3hKuHjY71V9pSTzl/K3f0vq5rTAUqnmzNHs/5SFaGjAacFfVPU5aH1R698Km6ibi+mnLUUvFUg==$QotPxjHFLYms/uhh
                                  server: cloudflare
                                  cf-ray: 8d473535ae9dbf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4h
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4h HTTP/2.0
                                  host: challenges.cloudflare.com
                                  cache-control: max-age=0
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 401
                                  date: Fri, 18 Oct 2024 08:37:42 GMT
                                  content-type: text/plain; charset=UTF-8
                                  content-length: 1
                                  www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gSH2jxDGPHTxOxgrQxZYnTyMJB09_tt9hCUy0Zynl0H0AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIEh9o8Qxjx08TsYK0MWWJ08jCQdPf7bfYQlMtGcp5dB9ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIEh9o8Qxjx08TsYK0MWWJ08jCQdPf7bfYQlMtGcp5dB9ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwOXxuf_YfH60WXLdHNNMi668yTzkAIuksAL2v5Hmho3odFuawAT0cyief1oGo8EaTM_mzmbWK1XdowTDWz2k8-mVmWsgyW3NdrIQwZo-pqOoSiMOVVjpDsnwZmGR_SeoYczHldSUjidO3m4djRGeWR4Iv7sZ131HRg8MZGc0BLoTAJ8WLryDVz1Kp_D_qSxsI1b5cap8Y1yGShRIAZ1O6b3zuooeDoLh9q098fsCdlZbnGh28gTNXgdkiFt_yjyaf5upGTHXcizT4TWTDdmvgSNE19n7ahXuj-_GH_XzP42QLUomcuqNEhu5wSj7XNnyRFURH19l6_sLROivytIY2wIDAQAB", max-age=20
                                  server: cloudflare
                                  cf-ray: 8d473539dabebf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4 HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:42 GMT
                                  content-type: image/png
                                  content-length: 61
                                  server: cloudflare
                                  cf-ray: 8d47353cad79bf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  POST
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  POST /cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9 HTTP/2.0
                                  host: challenges.cloudflare.com
                                  content-length: 29182
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  cf-challenge: 7d14c79bf1119e9
                                  content-type: application/x-www-form-urlencoded
                                  accept: */*
                                  origin: https://challenges.cloudflare.com
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:37:43 GMT
                                  content-type: text/plain; charset=UTF-8
                                  cf-chl-gen: p0fr3vfWuJzreaeKNQ7KTxRkxzQ4r9PhJbWgFS6ElbsI3APJQdmAOVms6denKb0Vq0AmzuNR+zc1BX3I$3YNKRMx2lP3gbMiW
                                  server: cloudflare
                                  cf-ray: 8d47353fb859bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/ HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  sec-ch-ua-mobile: ?0
                                  upgrade-insecure-requests: 1
                                  dnt: 1
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                  sec-fetch-site: cross-site
                                  sec-fetch-mode: navigate
                                  sec-fetch-dest: iframe
                                  referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:39:43 GMT
                                  content-type: text/html; charset=UTF-8
                                  permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                  cross-origin-opener-policy: same-origin
                                  critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                  cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                  accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                  content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
                                  document-policy: js-profiling
                                  origin-agent-cluster: ?1
                                  referrer-policy: same-origin
                                  cross-origin-embedder-policy: require-corp
                                  cross-origin-resource-policy: cross-origin
                                  server: cloudflare
                                  cf-ray: 8d47382e6811bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=auto
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=auto HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: script
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:39:43 GMT
                                  content-type: application/javascript; charset=UTF-8
                                  cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                  server: cloudflare
                                  cf-ray: 8d47383049cbbf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  POST
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  POST /cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb HTTP/2.0
                                  host: challenges.cloudflare.com
                                  content-length: 2893
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  cf-challenge: 2c536582bfbdacb
                                  content-type: application/x-www-form-urlencoded
                                  accept: */*
                                  origin: https://challenges.cloudflare.com
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:39:43 GMT
                                  content-type: text/plain; charset=UTF-8
                                  cf-chl-gen: IRxdgONwXMRpOSBhEsCbCAiL39aGzXgsDP+FXxCIHHQuKDeeVHkcG+LyWx8+1vXoPA6D31zvMky4V1IIHoOIkvlLG7HQhniACjTZWxiIKBsnF6jUBCtosNgJWtHR5lVNIGB1gcAP7fMRvsF14afzSrnktO0ZkghTEl4kSG3gJEcnvRSQB/gQSr1wVtJVURqzn5YD6hZu2qGdQChy6jP09U1rnsnxNczSyjcFIzaymG4EedRcxTsIH5ffFEwFcUuxvXCmAij0Y/Qvc2CKFims/Dgg7O9O6V+PdOz2InijR6yd2oIJ7Pi7Bc/02VeZumdJiKgCCp2FzGUGYiX0lHUERbB+yrAKEmxo8nVhAsuP7G6PU+56k7WajEwmgQZiZmyp936ASc/VB0/w7smMpS6bgySmfhbRaYfUYfRvTaJ+L0iZQPT6G/qckpqw68oPybQw02z2mJDUynYfXuoJSw==$gCYR4nEqtr+NGi7E
                                  server: cloudflare
                                  cf-ray: 8d473831db73bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMX
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMX HTTP/2.0
                                  host: challenges.cloudflare.com
                                  cache-control: max-age=0
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: */*
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 401
                                  date: Fri, 18 Oct 2024 08:39:44 GMT
                                  content-type: text/plain; charset=UTF-8
                                  content-length: 1
                                  www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gBMGToaELdNOVoA9x6i1qRk19lLqWlgTTHc2baPypn6kAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIATBk6GhC3TTlaAPceotakZNfZS6lpYE0x3Nm2j8qZ-pABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIATBk6GhC3TTlaAPceotakZNfZS6lpYE0x3Nm2j8qZ-pABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwOXxuf_YfH60WXLdHNNMi668yTzkAIuksAL2v5Hmho3odFuawAT0cyief1oGo8EaTM_mzmbWK1XdowTDWz2k8-mVmWsgyW3NdrIQwZo-pqOoSiMOVVjpDsnwZmGR_SeoYczHldSUjidO3m4djRGeWR4Iv7sZ131HRg8MZGc0BLoTAJ8WLryDVz1Kp_D_qSxsI1b5cap8Y1yGShRIAZ1O6b3zuooeDoLh9q098fsCdlZbnGh28gTNXgdkiFt_yjyaf5upGTHXcizT4TWTDdmvgSNE19n7ahXuj-_GH_XzP42QLUomcuqNEhu5wSj7XNnyRFURH19l6_sLROivytIY2wIDAQAB", max-age=20
                                  server: cloudflare
                                  cf-ray: 8d473836580bbf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  GET
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7P
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  GET /cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7P HTTP/2.0
                                  host: challenges.cloudflare.com
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: no-cors
                                  sec-fetch-dest: image
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:39:44 GMT
                                  content-type: image/png
                                  content-length: 61
                                  server: cloudflare
                                  cf-ray: 8d4738369842bf0f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  POST
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb
                                  msedge.exe
                                  Remote address:
                                  104.18.95.41:443
                                  Request
                                  POST /cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb HTTP/2.0
                                  host: challenges.cloudflare.com
                                  content-length: 29498
                                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                  dnt: 1
                                  sec-ch-ua-mobile: ?0
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                  cf-challenge: 2c536582bfbdacb
                                  content-type: application/x-www-form-urlencoded
                                  accept: */*
                                  origin: https://challenges.cloudflare.com
                                  sec-fetch-site: same-origin
                                  sec-fetch-mode: cors
                                  sec-fetch-dest: empty
                                  referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
                                  accept-encoding: gzip, deflate, br
                                  accept-language: en-US,en;q=0.9
                                  Response
                                  HTTP/2.0 200
                                  date: Fri, 18 Oct 2024 08:39:45 GMT
                                  content-type: text/plain; charset=UTF-8
                                  cf-chl-gen: 3gKHPiZCn1I7ZTzAmWRzWidoLt02B6Xibt8Of5STRAnyQRMfUPBo35eR6NhAy4JF3qlM/Mg0SThOUsHf$TRWRBxNvgFJ5B4uz
                                  server: cloudflare
                                  cf-ray: 8d47383bee24bf0f-LHR
                                  content-encoding: br
                                  alt-svc: h3=":443"; ma=86400
                                • flag-us
                                  DNS
                                  154.239.44.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  154.239.44.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  205.73.21.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  205.73.21.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  73.31.126.40.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  73.31.126.40.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  41.95.18.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  41.95.18.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  95.221.229.192.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  95.221.229.192.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  26.35.223.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  26.35.223.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  13.86.106.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  13.86.106.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  241.150.49.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  241.150.49.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  53.210.109.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  53.210.109.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  171.39.242.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  171.39.242.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  75.117.19.2.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  75.117.19.2.in-addr.arpa
                                  IN PTR
                                  Response
                                  75.117.19.2.in-addr.arpa
                                  IN PTR
                                  a2-19-117-75deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  172.210.232.199.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  172.210.232.199.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  57.169.31.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  57.169.31.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  23.236.111.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  23.236.111.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  tse1.mm.bing.net
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  tse1.mm.bing.net
                                  IN A
                                  Response
                                  tse1.mm.bing.net
                                  IN CNAME
                                  mm-mm.bing.net.trafficmanager.net
                                  mm-mm.bing.net.trafficmanager.net
                                  IN CNAME
                                  ax-0001.ax-msedge.net
                                  ax-0001.ax-msedge.net
                                  IN A
                                  150.171.27.10
                                  ax-0001.ax-msedge.net
                                  IN A
                                  150.171.28.10
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 668226
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: 2D657D747EA5457897BBF972C88E8C70 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 761345
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: 0EB4706E09094EE0ADB99D17A617BE64 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 944920
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: CC5920BE4B3342B59BC396041CEBF3DB Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 800951
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: D2886978AB1D4F2DB95428EE074C7D85 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 940027
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: 8DCBDC55AB9F4776A2C181877658FC12 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  GET
                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                  Remote address:
                                  150.171.27.10:443
                                  Request
                                  GET /th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                  host: tse1.mm.bing.net
                                  accept: */*
                                  accept-encoding: gzip, deflate, br
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                  Response
                                  HTTP/2.0 200
                                  cache-control: public, max-age=2592000
                                  content-length: 1061732
                                  content-type: image/jpeg
                                  x-cache: TCP_HIT
                                  access-control-allow-origin: *
                                  access-control-allow-headers: *
                                  access-control-allow-methods: GET, POST, OPTIONS
                                  timing-allow-origin: *
                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                  x-msedge-ref: Ref A: DAF29CB4758247DAA641B67813B5DC79 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
                                  date: Fri, 18 Oct 2024 08:39:21 GMT
                                • flag-us
                                  DNS
                                  88.156.103.20.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  88.156.103.20.in-addr.arpa
                                  IN PTR
                                  Response
                                • 104.21.73.205:443
                                  https://816b462f.5880c482d0a3061180a519e9.workers.dev/favicon.ico
                                  tls, http2
                                  msedge.exe
                                  2.2kB
                                  9.6kB
                                  18
                                  22

                                  HTTP Request

                                  GET https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://816b462f.5880c482d0a3061180a519e9.workers.dev/favicon.ico

                                  HTTP Response

                                  200
                                • 104.18.95.41:443
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb
                                  tls, http2
                                  msedge.exe
                                  83.3kB
                                  475.4kB
                                  327
                                  436

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

                                  HTTP Response

                                  302

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3D

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=auto

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4h

                                  HTTP Response

                                  401

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=auto

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMX

                                  HTTP Response

                                  401

                                  HTTP Request

                                  GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7P

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb

                                  HTTP Response

                                  200
                                • 150.171.27.10:443
                                  tse1.mm.bing.net
                                  tls, http2
                                  1.2kB
                                  6.9kB
                                  15
                                  13
                                • 150.171.27.10:443
                                  tse1.mm.bing.net
                                  tls, http2
                                  1.2kB
                                  6.9kB
                                  15
                                  13
                                • 150.171.27.10:443
                                  https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                  tls, http2
                                  183.1kB
                                  5.4MB
                                  3897
                                  3890

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                  HTTP Response

                                  200

                                  HTTP Response

                                  200

                                  HTTP Response

                                  200

                                  HTTP Response

                                  200

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                  HTTP Response

                                  200
                                • 150.171.27.10:443
                                  tse1.mm.bing.net
                                  tls, http2
                                  1.2kB
                                  6.9kB
                                  15
                                  13
                                • 150.171.27.10:443
                                  tse1.mm.bing.net
                                  tls, http2
                                  1.2kB
                                  6.9kB
                                  15
                                  13
                                • 8.8.8.8:53
                                  816b462f.5880c482d0a3061180a519e9.workers.dev
                                  dns
                                  msedge.exe
                                  91 B
                                  123 B
                                  1
                                  1

                                  DNS Request

                                  816b462f.5880c482d0a3061180a519e9.workers.dev

                                  DNS Response

                                  104.21.73.205
                                  172.67.192.37

                                • 8.8.8.8:53
                                  challenges.cloudflare.com
                                  dns
                                  msedge.exe
                                  71 B
                                  103 B
                                  1
                                  1

                                  DNS Request

                                  challenges.cloudflare.com

                                  DNS Response

                                  104.18.95.41
                                  104.18.94.41

                                • 8.8.8.8:53
                                  154.239.44.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  154.239.44.20.in-addr.arpa

                                • 8.8.8.8:53
                                  205.73.21.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  205.73.21.104.in-addr.arpa

                                • 8.8.8.8:53
                                  73.31.126.40.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  73.31.126.40.in-addr.arpa

                                • 8.8.8.8:53
                                  41.95.18.104.in-addr.arpa
                                  dns
                                  71 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  41.95.18.104.in-addr.arpa

                                • 8.8.8.8:53
                                  95.221.229.192.in-addr.arpa
                                  dns
                                  73 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  95.221.229.192.in-addr.arpa

                                • 224.0.0.251:5353
                                  518 B
                                  8
                                • 8.8.8.8:53
                                  26.35.223.20.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  26.35.223.20.in-addr.arpa

                                • 8.8.8.8:53
                                  13.86.106.20.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  13.86.106.20.in-addr.arpa

                                • 8.8.8.8:53
                                  241.150.49.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  241.150.49.20.in-addr.arpa

                                • 8.8.8.8:53
                                  53.210.109.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  53.210.109.20.in-addr.arpa

                                • 8.8.8.8:53
                                  171.39.242.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  171.39.242.20.in-addr.arpa

                                • 8.8.8.8:53
                                  75.117.19.2.in-addr.arpa
                                  dns
                                  70 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  75.117.19.2.in-addr.arpa

                                • 8.8.8.8:53
                                  172.210.232.199.in-addr.arpa
                                  dns
                                  74 B
                                  128 B
                                  1
                                  1

                                  DNS Request

                                  172.210.232.199.in-addr.arpa

                                • 8.8.8.8:53
                                  57.169.31.20.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  57.169.31.20.in-addr.arpa

                                • 8.8.8.8:53
                                  23.236.111.52.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  23.236.111.52.in-addr.arpa

                                • 8.8.8.8:53
                                  tse1.mm.bing.net
                                  dns
                                  62 B
                                  170 B
                                  1
                                  1

                                  DNS Request

                                  tse1.mm.bing.net

                                  DNS Response

                                  150.171.27.10
                                  150.171.28.10

                                • 8.8.8.8:53
                                  88.156.103.20.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  88.156.103.20.in-addr.arpa

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  1b9739f5776a018d1dfea64dee3f4897

                                  SHA1

                                  3dcea83f53d046c24318fb0748f4d0652b213456

                                  SHA256

                                  a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

                                  SHA512

                                  d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  2c40d5d7c5e0a85321aa5a230e68a231

                                  SHA1

                                  c4ac788ba4da6897adc3c9ef661ca6b469fc547e

                                  SHA256

                                  9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

                                  SHA512

                                  bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\598f85ff-36fc-416f-b0da-9f23a24143b6.tmp

                                  Filesize

                                  5KB

                                  MD5

                                  dd3e6dc495e436f615e1c9b9ddd1a330

                                  SHA1

                                  da29c27abb05009340dc5f50b7ecc5e3ef837f7e

                                  SHA256

                                  e0297d83cc455b0fabfcab23c9ca1569c105710192b7f082287fc94f158b7218

                                  SHA512

                                  1ae3e1fd93cea4bf8f0012c383dcae41ad0e7fdc671dfb8c018d293bc822231e774cd583061117e7ff47dce4c589cc02e3ccdd479adc35e146aecde4e501a406

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  96B

                                  MD5

                                  fb8d7b3330b1911e208cec8902798222

                                  SHA1

                                  82a8eb271af25519539704d5a1c9f10846275651

                                  SHA256

                                  0b06179bda1835f1a0975b520288cff26b3500aa71cb033c025c8d9b50a08bd4

                                  SHA512

                                  618014a289f602bb1b4228ce9107d5dadb829d9b53ec035b6a7a56d78bbd15a80900a9c0da5f914564bbccfb689ed592eb5cab2f113ca085e50428474317fa80

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  120B

                                  MD5

                                  eac9d8588ea5fc83b5fd3f78c3797e57

                                  SHA1

                                  492ba46229f16e4082f397bbabb5d7c9d3a8d8da

                                  SHA256

                                  45125341318d440fdb9d179261e21157683429389ff42529271ddaf842bae4ed

                                  SHA512

                                  a957222c7209c9dd0e8330e795475ad59729fb8f8930eacce026e43fce07c459280addb39868840054a42010b756d2de0315fe5c82bbd63506c535e670a4e65c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  296B

                                  MD5

                                  0d0932996e14604f2bf56eaafc718dc4

                                  SHA1

                                  08f106474fa0c9490ee925c0e10ab8b69bcb08d8

                                  SHA256

                                  b13a229e246f41546cc14ecdeffd4300fd53488f2f73e0954d601a61a0aa1994

                                  SHA512

                                  801fd3e1d8e11deaacd5d8530a9412f9c80ee7b663ffbc9b0f9ec9c471e5981aa373f6046a3144cf094e53021d487e543a93538b8afb27c1d6663d603c433059

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  e93fe2546258f48b5a369047a43f0c45

                                  SHA1

                                  4cc4b473de5d227798f84fd15e9ce5e42d5ec6e0

                                  SHA256

                                  e6ffaceac535e77a75862e1368798153b0c97365f860362d23f03781d873e4d8

                                  SHA512

                                  3927091d1788dd5517e24678b52f991aed38a7c080fd9485d5c19290063aa7a14b4a70aa525ae43cad31280b07fa218fae5f82a05e6186b0f1a86b2746a9ce7d

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                  Filesize

                                  24KB

                                  MD5

                                  62fa438b48fdfb61c360e6d4fd356110

                                  SHA1

                                  6e54e946a5211afa1459715b9f37a18ea92cdd57

                                  SHA256

                                  fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

                                  SHA512

                                  01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  bc038d097a0593c64ee017e369f2b50d

                                  SHA1

                                  3bef5c78d6128a0f0cd5cc82e54145f28e7ea31a

                                  SHA256

                                  7c7cde2463ae6f3b1f6b459dfe41b6bbcb015ed25164ba7062a9118ed85a5eaa

                                  SHA512

                                  6e5ae8821950bf93c0daa042868e8d6f6e7fcddd9be8c3ae57b62573a73d582cada8c91509163434ce0b85d6d703ddbb54c56b31eabdf50a19f136ddf96d2251

                                We care about your privacy.

                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.