Resubmissions
18/10/2024, 08:45 UTC
241018-knxmvazgjp 818/10/2024, 08:37 UTC
241018-kjayaaxcpf 818/10/2024, 08:36 UTC
241018-khvw3axcmd 818/10/2024, 07:54 UTC
241018-jrwpaavhje 818/10/2024, 07:44 UTC
241018-jktw4svema 8Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18/10/2024, 08:37 UTC
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
Resource
win7-20241010-en
Behavioral task
behavioral3
Sample
https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
Resource
win10v2004-20241007-en
General
-
Target
https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 948 msedge.exe 948 msedge.exe 2364 msedge.exe 2364 msedge.exe 4368 identity_helper.exe 4368 identity_helper.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe 2152 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2364 wrote to memory of 900 2364 msedge.exe 84 PID 2364 wrote to memory of 900 2364 msedge.exe 84 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 1744 2364 msedge.exe 85 PID 2364 wrote to memory of 948 2364 msedge.exe 86 PID 2364 wrote to memory of 948 2364 msedge.exe 86 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87 PID 2364 wrote to memory of 3076 2364 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e47182⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:22⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:82⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4628
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:332
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4988
Network
-
Remote address:8.8.8.8:53Request816b462f.5880c482d0a3061180a519e9.workers.devIN AResponse816b462f.5880c482d0a3061180a519e9.workers.devIN A104.21.73.205816b462f.5880c482d0a3061180a519e9.workers.devIN A172.67.192.37
-
Remote address:104.21.73.205:443RequestGET /?qrc=abc@test.com HTTP/2.0
host: 816b462f.5880c482d0a3061180a519e9.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P4tHNWADo0zKjU6zoNcx42aRs189GnSxittlELHvvL7xfUI54c0uh2WuI%2BFlEDtetMl3378epijNKRGGiIi5dTIkfVOWJMWbmXkPDgvTwog6n3ZcR1Jc6HCqMvc1cAWJkmYk13rHGuo1FTbGyn15mjQ4S7PC3C0wrr%2BQiVqReJk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d47352fdd14bed5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.73.205:443RequestGET /favicon.ico HTTP/2.0
host: 816b462f.5880c482d0a3061180a519e9.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.com
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Kqk0yDARVeEkBASng0eAOb7FmER8HReizH5t2tVnhPgucdUNFuVglYLTp%2BI%2FtkSABeB9sH7QvsZbHY8BFrLTNa8%2FygQ%2BWkRady1tbMS%2FzhHpxf40xwzYlU9Lcg2YRJVgae%2FQUbHCf6NHoawhsC1ltxy8LOeafucCV2hm5P3zPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d473531ffd9bed5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestchallenges.cloudflare.comIN AResponsechallenges.cloudflare.comIN A104.18.95.41challenges.cloudflare.comIN A104.18.94.41
-
Remote address:104.18.95.41:443RequestGET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/62ec4f065604/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d4735315a03bf0f-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.95.41:443RequestGET /turnstile/v0/b/62ec4f065604/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 01 Oct 2024 14:19:56 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d4735319a43bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/msedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/ HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
origin-agent-cluster: ?1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
server: cloudflare
cf-ray: 8d473531eaa6bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3Dmsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3D HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8d4735337c3dbf0f-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=automsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=auto HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8d473533ecbcbf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9msedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9 HTTP/2.0
host: challenges.cloudflare.com
content-length: 2851
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: 7d14c79bf1119e9
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: RXNTZg7z/an3q3uZKllinhI1PCM5IbMHcvj64G4sXBVK7kSZ3mPKqLPwmCm6WgPs1jtnNwOHmowDApEYEvmBw7Zr8lBxzO2mEQsvnJ1M2ormbk5dJa8L/8W1NdpwCVrEP/1xhBS+GziCAaat3VdxInb8uMxYBKdMTYZVboBxc7mylaN4l8wu+A4/nCMzOua6lLKueU4WOX0F7/AWfxBqhaMo1VkbzYgUZ3olY0yrYgbLJx5KzxPFu6zwuY7Aqo0YZOW0eBPF+BhU4SzQ+N7kMEErAP4BNKfBtCWrhTtBO/Hgoe88jywFuhq+laFhyik12SV3IwM6B943B6gi3vKDthYegzoieKX39QFf+KWx9BBta6HqTkT05BVG+nJ23ZjjYsgO8t7U3hKuHjY71V9pSTzl/K3f0vq5rTAUqnmzNHs/5SFaGjAacFfVPU5aH1R698Km6ibi+mnLUUvFUg==$QotPxjHFLYms/uhh
server: cloudflare
cf-ray: 8d473535ae9dbf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4hmsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4h HTTP/2.0
host: challenges.cloudflare.com
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 401
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gSH2jxDGPHTxOxgrQxZYnTyMJB09_tt9hCUy0Zynl0H0AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIEh9o8Qxjx08TsYK0MWWJ08jCQdPf7bfYQlMtGcp5dB9ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIEh9o8Qxjx08TsYK0MWWJ08jCQdPf7bfYQlMtGcp5dB9ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwOXxuf_YfH60WXLdHNNMi668yTzkAIuksAL2v5Hmho3odFuawAT0cyief1oGo8EaTM_mzmbWK1XdowTDWz2k8-mVmWsgyW3NdrIQwZo-pqOoSiMOVVjpDsnwZmGR_SeoYczHldSUjidO3m4djRGeWR4Iv7sZ131HRg8MZGc0BLoTAJ8WLryDVz1Kp_D_qSxsI1b5cap8Y1yGShRIAZ1O6b3zuooeDoLh9q098fsCdlZbnGh28gTNXgdkiFt_yjyaf5upGTHXcizT4TWTDdmvgSNE19n7ahXuj-_GH_XzP42QLUomcuqNEhu5wSj7XNnyRFURH19l6_sLROivytIY2wIDAQAB", max-age=20
server: cloudflare
cf-ray: 8d473539dabebf0f-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4msedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4 HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8d47353cad79bf0f-LHR
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9msedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9 HTTP/2.0
host: challenges.cloudflare.com
content-length: 29182
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: 7d14c79bf1119e9
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: p0fr3vfWuJzreaeKNQ7KTxRkxzQ4r9PhJbWgFS6ElbsI3APJQdmAOVms6denKb0Vq0AmzuNR+zc1BX3I$3YNKRMx2lP3gbMiW
server: cloudflare
cf-ray: 8d47353fb859bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/msedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/ HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://816b462f.5880c482d0a3061180a519e9.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
document-policy: js-profiling
origin-agent-cluster: ?1
referrer-policy: same-origin
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 8d47382e6811bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=automsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=auto HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8d47383049cbbf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacbmsedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb HTTP/2.0
host: challenges.cloudflare.com
content-length: 2893
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: 2c536582bfbdacb
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: IRxdgONwXMRpOSBhEsCbCAiL39aGzXgsDP+FXxCIHHQuKDeeVHkcG+LyWx8+1vXoPA6D31zvMky4V1IIHoOIkvlLG7HQhniACjTZWxiIKBsnF6jUBCtosNgJWtHR5lVNIGB1gcAP7fMRvsF14afzSrnktO0ZkghTEl4kSG3gJEcnvRSQB/gQSr1wVtJVURqzn5YD6hZu2qGdQChy6jP09U1rnsnxNczSyjcFIzaymG4EedRcxTsIH5ffFEwFcUuxvXCmAij0Y/Qvc2CKFims/Dgg7O9O6V+PdOz2InijR6yd2oIJ7Pi7Bc/02VeZumdJiKgCCp2FzGUGYiX0lHUERbB+yrAKEmxo8nVhAsuP7G6PU+56k7WajEwmgQZiZmyp936ASc/VB0/w7smMpS6bgySmfhbRaYfUYfRvTaJ+L0iZQPT6G/qckpqw68oPybQw02z2mJDUynYfXuoJSw==$gCYR4nEqtr+NGi7E
server: cloudflare
cf-ray: 8d473831db73bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMXmsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMX HTTP/2.0
host: challenges.cloudflare.com
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 401
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gBMGToaELdNOVoA9x6i1qRk19lLqWlgTTHc2baPypn6kAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIATBk6GhC3TTlaAPceotakZNfZS6lpYE0x3Nm2j8qZ-pABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIATBk6GhC3TTlaAPceotakZNfZS6lpYE0x3Nm2j8qZ-pABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwOXxuf_YfH60WXLdHNNMi668yTzkAIuksAL2v5Hmho3odFuawAT0cyief1oGo8EaTM_mzmbWK1XdowTDWz2k8-mVmWsgyW3NdrIQwZo-pqOoSiMOVVjpDsnwZmGR_SeoYczHldSUjidO3m4djRGeWR4Iv7sZ131HRg8MZGc0BLoTAJ8WLryDVz1Kp_D_qSxsI1b5cap8Y1yGShRIAZ1O6b3zuooeDoLh9q098fsCdlZbnGh28gTNXgdkiFt_yjyaf5upGTHXcizT4TWTDdmvgSNE19n7ahXuj-_GH_XzP42QLUomcuqNEhu5wSj7XNnyRFURH19l6_sLROivytIY2wIDAQAB", max-age=20
server: cloudflare
cf-ray: 8d473836580bbf0f-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7Pmsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7P HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8d4738369842bf0f-LHR
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacbmsedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacb HTTP/2.0
host: challenges.cloudflare.com
content-length: 29498
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: 2c536582bfbdacb
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: 3gKHPiZCn1I7ZTzAmWRzWidoLt02B6Xibt8Of5STRAnyQRMfUPBo35eR6NhAy4JF3qlM/Mg0SThOUsHf$TRWRBxNvgFJ5B4uz
server: cloudflare
cf-ray: 8d47383bee24bf0f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.73.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.95.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request53.210.109.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.117.19.2.in-addr.arpaIN PTRResponse75.117.19.2.in-addr.arpaIN PTRa2-19-117-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 668226
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D657D747EA5457897BBF972C88E8C70 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 761345
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EB4706E09094EE0ADB99D17A617BE64 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 944920
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC5920BE4B3342B59BC396041CEBF3DB Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 800951
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2886978AB1D4F2DB95428EE074C7D85 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 940027
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8DCBDC55AB9F4776A2C181877658FC12 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1061732
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DAF29CB4758247DAA641B67813B5DC79 Ref B: LON601060102062 Ref C: 2024-10-18T08:39:22Z
date: Fri, 18 Oct 2024 08:39:21 GMT
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
104.21.73.205:443https://816b462f.5880c482d0a3061180a519e9.workers.dev/favicon.icotls, http2msedge.exe2.2kB 9.6kB 18 22
HTTP Request
GET https://816b462f.5880c482d0a3061180a519e9.workers.dev/?qrc=abc@test.comHTTP Response
200HTTP Request
GET https://816b462f.5880c482d0a3061180a519e9.workers.dev/favicon.icoHTTP Response
200 -
104.18.95.41:443https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacbtls, http2msedge.exe83.3kB 475.4kB 327 436
HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackHTTP Response
302HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.jsHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/HTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/cgqGdwECWZ0l%2BqhlK11yd%2Bx5hS12pvhB1sHMXO%2F%2F%2F3U%3DHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d473531eaa6bf0f&lang=autoHTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9HTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d473531eaa6bf0f/1729240661405/487da3c4318f1d3c4ec60ad0c596274f2309074f7fb6df61094cb46729e5d07d/yVgJiNo96roEU4hHTTP Response
401HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d473531eaa6bf0f/1729240661407/_y-o-BECQR-2Pv4HTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/811097616:1729236688:vC78YKvbHCsJWbBCiDqcx5hvnNfxbA-R4Jr1ym0o1Mg/8d473531eaa6bf0f/7d14c79bf1119e9HTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/vby6k/0x4AAAAAAAxrPigGZ5wBKw9b/auto/fbE/normal/auto/HTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d47382e6811bf0f&lang=autoHTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacbHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d47382e6811bf0f/1729240783680/04c193a1a10b74d395a00f71ea2d6a464d7d94ba969604d31dcd9b68fca99fa9/dW4o_X_weYPaQMXHTTP Response
401HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d47382e6811bf0f/1729240783681/5OW19TSSL0k3i7PHTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/568860141:1729236815:MGGGL2zIoKL4UUmkgQA9qXTx8fBUbHsMTIKLgUfH7XU/8d47382e6811bf0f/2c536582bfbdacbHTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2183.1kB 5.4MB 3897 3890
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629830_1RPYGH00DJD1WMKQO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629842_1ZAQRRM6HYDFONDBE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
91 B 123 B 1 1
DNS Request
816b462f.5880c482d0a3061180a519e9.workers.dev
DNS Response
104.21.73.205172.67.192.37
-
71 B 103 B 1 1
DNS Request
challenges.cloudflare.com
DNS Response
104.18.95.41104.18.94.41
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
205.73.21.104.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
73.31.126.40.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
41.95.18.104.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
518 B 8
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
53.210.109.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
75.117.19.2.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51b9739f5776a018d1dfea64dee3f4897
SHA13dcea83f53d046c24318fb0748f4d0652b213456
SHA256a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0
SHA512d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8
-
Filesize
152B
MD52c40d5d7c5e0a85321aa5a230e68a231
SHA1c4ac788ba4da6897adc3c9ef661ca6b469fc547e
SHA2569bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384
SHA512bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\598f85ff-36fc-416f-b0da-9f23a24143b6.tmp
Filesize5KB
MD5dd3e6dc495e436f615e1c9b9ddd1a330
SHA1da29c27abb05009340dc5f50b7ecc5e3ef837f7e
SHA256e0297d83cc455b0fabfcab23c9ca1569c105710192b7f082287fc94f158b7218
SHA5121ae3e1fd93cea4bf8f0012c383dcae41ad0e7fdc671dfb8c018d293bc822231e774cd583061117e7ff47dce4c589cc02e3ccdd479adc35e146aecde4e501a406
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5fb8d7b3330b1911e208cec8902798222
SHA182a8eb271af25519539704d5a1c9f10846275651
SHA2560b06179bda1835f1a0975b520288cff26b3500aa71cb033c025c8d9b50a08bd4
SHA512618014a289f602bb1b4228ce9107d5dadb829d9b53ec035b6a7a56d78bbd15a80900a9c0da5f914564bbccfb689ed592eb5cab2f113ca085e50428474317fa80
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5eac9d8588ea5fc83b5fd3f78c3797e57
SHA1492ba46229f16e4082f397bbabb5d7c9d3a8d8da
SHA25645125341318d440fdb9d179261e21157683429389ff42529271ddaf842bae4ed
SHA512a957222c7209c9dd0e8330e795475ad59729fb8f8930eacce026e43fce07c459280addb39868840054a42010b756d2de0315fe5c82bbd63506c535e670a4e65c
-
Filesize
296B
MD50d0932996e14604f2bf56eaafc718dc4
SHA108f106474fa0c9490ee925c0e10ab8b69bcb08d8
SHA256b13a229e246f41546cc14ecdeffd4300fd53488f2f73e0954d601a61a0aa1994
SHA512801fd3e1d8e11deaacd5d8530a9412f9c80ee7b663ffbc9b0f9ec9c471e5981aa373f6046a3144cf094e53021d487e543a93538b8afb27c1d6663d603c433059
-
Filesize
5KB
MD5e93fe2546258f48b5a369047a43f0c45
SHA14cc4b473de5d227798f84fd15e9ce5e42d5ec6e0
SHA256e6ffaceac535e77a75862e1368798153b0c97365f860362d23f03781d873e4d8
SHA5123927091d1788dd5517e24678b52f991aed38a7c080fd9485d5c19290063aa7a14b4a70aa525ae43cad31280b07fa218fae5f82a05e6186b0f1a86b2746a9ce7d
-
Filesize
24KB
MD562fa438b48fdfb61c360e6d4fd356110
SHA16e54e946a5211afa1459715b9f37a18ea92cdd57
SHA256fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798
SHA51201ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bc038d097a0593c64ee017e369f2b50d
SHA13bef5c78d6128a0f0cd5cc82e54145f28e7ea31a
SHA2567c7cde2463ae6f3b1f6b459dfe41b6bbcb015ed25164ba7062a9118ed85a5eaa
SHA5126e5ae8821950bf93c0daa042868e8d6f6e7fcddd9be8c3ae57b62573a73d582cada8c91509163434ce0b85d6d703ddbb54c56b31eabdf50a19f136ddf96d2251