Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
840s -
max time network
845s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2025, 17:26 UTC
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://bsif64.farmboyusa.com/bforslund@montrose-env.com
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
http://bsif64.farmboyusa.com/bforslund@montrose-env.com
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
http://bsif64.farmboyusa.com/bforslund@montrose-env.com
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
http://bsif64.farmboyusa.com/bforslund@montrose-env.com
Resource
win10ltsc2021-20241211-en
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: bforslund@montrose-env.com
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2124 msedge.exe 2124 msedge.exe 2384 msedge.exe 2384 msedge.exe 1716 identity_helper.exe 1716 identity_helper.exe 1808 msedge.exe 1808 msedge.exe 1808 msedge.exe 1808 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2384 wrote to memory of 5044 2384 msedge.exe 82 PID 2384 wrote to memory of 5044 2384 msedge.exe 82 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 4540 2384 msedge.exe 83 PID 2384 wrote to memory of 2124 2384 msedge.exe 84 PID 2384 wrote to memory of 2124 2384 msedge.exe 84 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85 PID 2384 wrote to memory of 744 2384 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bsif64.farmboyusa.com/bforslund@montrose-env.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5c046f8,0x7fffa5c04708,0x7fffa5c047182⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:82⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1776
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestbsif64.farmboyusa.comIN AResponsebsif64.farmboyusa.comIN A172.67.171.93bsif64.farmboyusa.comIN A104.21.29.51
-
Remote address:172.67.171.93:80RequestGET /bforslund@montrose-env.com HTTP/1.1
Host: bsif64.farmboyusa.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 06 Jan 2025 18:26:42 GMT
Location: https://bsif64.farmboyusa.com/bforslund@montrose-env.com
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9xMKslcj7CRziR%2FXG8NqOzZQR25WAmXPjDgm3DTjNiqsO4RWwQQHA4o9Hgqjk1AK2z5NFfF7s5eH6ionfcVgctDQcY6k3Zfk5jwsjI5S3b1jsXtjF01qEXsZN7YqbYoCXxNitaFfZWE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8fdd6a23e85c77a2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=48677&min_rtt=48677&rtt_var=24338&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=479&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
-
Remote address:172.67.171.93:443RequestGET /bforslund@montrose-env.com HTTP/2.0
host: bsif64.farmboyusa.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-type: text/html; charset=utf-8
location: https://login-microsoftonline.bossdesk.org/pjdsuJPvysi3649X03NiVt6BiCA7E1zbecFqJ5SFycLOn35LnVZpS4M6feAghFWcpd3DOKIafqJjM7tzHdqIo4To51lxa6XtaWCUhFWY3k1izNycaTN7pULmOUVF5SsJmb#C0Y0JnVxanNkdDBENCYxMyYxMyZCMSZDNCY6MyY5MyZpdGJJb3BqdWJkcE1ob2p0VmVicG1mczEzJkU0JjEzJmVicG1vcC94cGVvangxMyYxMyYxMyYxMyZCMSZFOCYxMyYxMyYxMyYxMyZCMSZDNCYzMyZucGQvd29mLmZ0cHN1b3BuQWVvdm10c3BnYzMzJjEzJkU0JjEzJml0Ymkvb3BqdWJkcG0veHBlb2p4MTMmMTMmMTMmMTMmMTMmMTMmQjEmQzgmMTMmRjQmRTQmMTMmOjMmOTMmMTMmRTQmMTMmaXRiSW9wanViZHBNaG9qdFZlYnBtZnMxMyZ1dG9wZDEzJjEzJjEzJjEzJkIxJkY0JjMzJnVxanNkdGJ3YmszMyZFNCZob2JtMTMmdXFqc2R0RDQmMTMmQjEmRjQmdXFqc2R0MEQ0JjEzJkY0JjMzJnRrL2JpZHVxYmQwbnBkL3tmc2J2a2dmanQveHh4MDBCNCZ0cXV1aTMzJkU0JmRzdDEzJnVxanNkdEQ0Jgs
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6mS43zHAs4KwfLhyPO3iaazUEA%2BwmlvuRT8ne0Gaj%2BLqyodF20y3IWwXwUR7j%2FCvWMW7AVW22mDRL9iDN9sgF7udP5Vh6POMkwpVRWmDTcEGzO8lXLQ683l%2BFBeIuYENZiD7Hr%2BxpU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fdd6a250e3594f0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47533&min_rtt=46931&rtt_var=13826&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1186&delivery_rate=57829&cwnd=252&unsent_bytes=0&cid=15eb3b58ba407cb1&ts=357&x=0"
-
Remote address:172.67.171.93:443RequestGET /A/bforslund@montrose-env.com HTTP/2.0
host: swy8r6.farmboyusa.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-type: text/html; charset=utf-8
location: https://login-microsoftonline.bossdesk.org/ZipXFcJzO2hlYLKZxcoqgknkAxhhYVzUhyvzp5lWH4fHTK1DRYUdXCqVnWIcDZUOalUNmzA9tgnmi1F1NZg2Lojfsg1cpOyoyILX5rssaAZ1M6xSRGlEWzmJMXUdPyVYIu#C0Y0JnVxanNkdDBENCYxMyYxMyZCMSZDNCY6MyY5MyZpdGJJb3BqdWJkcE1ob2p0VmVicG1mczEzJkU0JjEzJmVicG1vcC94cGVvangxMyYxMyYxMyYxMyZCMSZFOCYxMyYxMyYxMyYxMyZCMSZDNCYzMyZucGQvd29mLmZ0cHN1b3BuQWVvdm10c3BnYzMzJjEzJkU0JjEzJml0Ymkvb3BqdWJkcG0veHBlb2p4MTMmMTMmMTMmMTMmMTMmMTMmQjEmQzgmMTMmRjQmRTQmMTMmOjMmOTMmMTMmRTQmMTMmaXRiSW9wanViZHBNaG9qdFZlYnBtZnMxMyZ1dG9wZDEzJjEzJjEzJjEzJkIxJkY0JjMzJnVxanNkdGJ3YmszMyZFNCZob2JtMTMmdXFqc2R0RDQmMTMmQjEmRjQmdXFqc2R0MEQ0JjEzJkY0JjMzJnRrL3lmZW9qMG5wZC97ZnNidmtnZmp0L3h4eDAwQjQmdHF1dWkzMyZFNCZkc3QxMyZ1cWpzZHRENCYL
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qeci6Zsqm1yLZBV38vf4eYQHA%2BMcHLzjsga6QhTuSsfbP565kTd0dp4%2Fxp6qj5s0TnMl8HGDqaF%2BomqIoUR%2Bt623ufHTslXklXM0XvSlReDjh%2BlxuCgJS3Bsp7s%2BsdJ%2FEgh5fOyMBPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fdd6a5c5ff394f0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47450&min_rtt=46931&rtt_var=7921&sent=11&recv=11&lost=0&retrans=0&sent_bytes=5734&recv_bytes=1319&delivery_rate=114951&cwnd=256&unsent_bytes=0&cid=15eb3b58ba407cb1&ts=9227&x=0"
-
Remote address:8.8.8.8:53Requestlogin-microsoftonline.bossdesk.orgIN AResponselogin-microsoftonline.bossdesk.orgIN CNAMEmate1313.pages.devmate1313.pages.devIN A172.66.47.10mate1313.pages.devIN A172.66.44.246
-
GEThttps://login-microsoftonline.bossdesk.org/pjdsuJPvysi3649X03NiVt6BiCA7E1zbecFqJ5SFycLOn35LnVZpS4M6feAghFWcpd3DOKIafqJjM7tzHdqIo4To51lxa6XtaWCUhFWY3k1izNycaTN7pULmOUVF5SsJmbmsedge.exeRemote address:172.66.47.10:443RequestGET /pjdsuJPvysi3649X03NiVt6BiCA7E1zbecFqJ5SFycLOn35LnVZpS4M6feAghFWcpd3DOKIafqJjM7tzHdqIo4To51lxa6XtaWCUhFWY3k1izNycaTN7pULmOUVF5SsJmb HTTP/2.0
host: login-microsoftonline.bossdesk.org
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qpc28hZj%2BOdvqqpSOD3MUYrFj8%2FwRD9cFZJpU5m%2BraCCEaRbV1io4i8AxTSudrAYo%2F3KxIBqqm%2FPyqw2XU6t8xdaratb6%2FsLbNIzOBGvkTFjQOOEforPJbm2291pu0Vxz3lTvtDb3g%2Fm4JNTqXQaOfdiLd7p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a285d7f8873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47187&min_rtt=47138&rtt_var=13355&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1279&delivery_rate=57563&cwnd=252&unsent_bytes=0&cid=55cde6b76dc4b964&ts=176&x=0"
-
Remote address:172.66.47.10:443RequestGET /favicon.ico HTTP/2.0
host: login-microsoftonline.bossdesk.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://login-microsoftonline.bossdesk.org/pjdsuJPvysi3649X03NiVt6BiCA7E1zbecFqJ5SFycLOn35LnVZpS4M6feAghFWcpd3DOKIafqJjM7tzHdqIo4To51lxa6XtaWCUhFWY3k1izNycaTN7pULmOUVF5SsJmb
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZdbjVRc8DCrmQ%2FDNmm5e5NXGnIy6VqPGTWdhuGeNBZFKL%2BRZcRBkh0BxX2tuX%2FQkfV3JpIu89PKlCIsXTkiux0DjT4It%2FtgGlvz%2FyRZ0oNPqiBp9dfMNRKNuq1QPFnUynA2kokgL4XLinFkVfzWBALqE3BfZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a329a368873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53750&min_rtt=47138&rtt_var=20425&sent=10&recv=11&lost=0&retrans=0&sent_bytes=3919&recv_bytes=1540&delivery_rate=57563&cwnd=255&unsent_bytes=0&cid=55cde6b76dc4b964&ts=1744&x=0"
-
GEThttps://login-microsoftonline.bossdesk.org/ZipXFcJzO2hlYLKZxcoqgknkAxhhYVzUhyvzp5lWH4fHTK1DRYUdXCqVnWIcDZUOalUNmzA9tgnmi1F1NZg2Lojfsg1cpOyoyILX5rssaAZ1M6xSRGlEWzmJMXUdPyVYIumsedge.exeRemote address:172.66.47.10:443RequestGET /ZipXFcJzO2hlYLKZxcoqgknkAxhhYVzUhyvzp5lWH4fHTK1DRYUdXCqVnWIcDZUOalUNmzA9tgnmi1F1NZg2Lojfsg1cpOyoyILX5rssaAZ1M6xSRGlEWzmJMXUdPyVYIu HTTP/2.0
host: login-microsoftonline.bossdesk.org
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yhSX4nh0N4vW2LHkODGN6Cqhwv7Ruk4%2B1Fk4ustw91h4ToymunCB0lxykteURBSFMtai7m%2B5fhOrD1ljAHYjpKnzvPIjOqwZl8dv0dNfY75V%2FSftxGzXg%2BI1L8627QIa1nOrHbQpWxbLzxw0iSiPxD3AA%2BgS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a5eac508873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=52712&min_rtt=47138&rtt_var=13288&sent=15&recv=14&lost=0&retrans=0&sent_bytes=4791&recv_bytes=1740&delivery_rate=109889&cwnd=257&unsent_bytes=0&cid=55cde6b76dc4b964&ts=8803&x=0"
-
Remote address:172.66.47.10:443RequestGET /favicon.ico HTTP/2.0
host: login-microsoftonline.bossdesk.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://login-microsoftonline.bossdesk.org/ZipXFcJzO2hlYLKZxcoqgknkAxhhYVzUhyvzp5lWH4fHTK1DRYUdXCqVnWIcDZUOalUNmzA9tgnmi1F1NZg2Lojfsg1cpOyoyILX5rssaAZ1M6xSRGlEWzmJMXUdPyVYIu
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8DCv9RIIm0j1xm%2Bfdb8BL3P7SsjhBq4naWE87MjKPEUN6d6iYDugAOdjS5CSNSJZxbJLD7msnZqw7qgSQiLlKTYGsOP%2B4zSiLxnbGEcAxKTngrGiiKLq7ysNXwiFUn%2B6dAoCxYkDf%2F2FkJpKG1lzUaoJnVI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a63baae8873-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=52273&min_rtt=47138&rtt_var=8190&sent=20&recv=17&lost=0&retrans=0&sent_bytes=5661&recv_bytes=1938&delivery_rate=109889&cwnd=257&unsent_bytes=0&cid=55cde6b76dc4b964&ts=9626&x=0"
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request93.171.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.siefjuarez.comIN AResponsewww.siefjuarez.comIN CNAMEmate1313.pages.devmate1313.pages.devIN A172.66.47.10mate1313.pages.devIN A172.66.44.246
-
Remote address:172.66.47.10:443RequestGET /captcha.js HTTP/2.0
host: www.siefjuarez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f2eb4e339d876432bf78458ccdbb6aa9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SuLtIAVk1jh%2Fa9Z6M9lq2dzxs0bkEtM%2BCUAiYsQ7l6brgko2NdR5TIMShuKhgYdWzUl1WEl0nUys%2Bgcta5X2YRGGYIoxQlnLFmmYVb6pX%2BCNDF2N3UYXYaphCryF2ZX9hxCAa3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a2b6be9f654-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=48843&min_rtt=46845&rtt_var=18994&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2805&recv_bytes=1121&delivery_rate=57935&cwnd=251&unsent_bytes=0&cid=53cc2478d0b92978&ts=99&x=0"
-
Remote address:172.66.47.10:443RequestGET /index.js HTTP/2.0
host: www.siefjuarez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3d5cf3216d60da009da3b889449eaaea"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zAU9Zcoo4DRnAFh0ssSh65iijUVIiLhXb79Uui6O9IcgNfd%2B54Am5twsyE%2FZLDEuDuavf0DsKx6AG1Ld6Eq%2FM%2FMUVk9CIacZL5rE2fD0SktuEuL9rQvSTd5I38tytp%2BVqOecbwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a6138a0f654-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=58266&min_rtt=46845&rtt_var=14480&sent=25&recv=23&lost=0&retrans=0&sent_bytes=16204&recv_bytes=1212&delivery_rate=296618&cwnd=257&unsent_bytes=0&cid=53cc2478d0b92978&ts=8695&x=0"
-
Remote address:8.8.8.8:53Requestchallenges.cloudflare.comIN AResponsechallenges.cloudflare.comIN A104.18.95.41challenges.cloudflare.comIN A104.18.94.41
-
Remote address:8.8.8.8:53Requestjs.hcaptcha.comIN AResponsejs.hcaptcha.comIN A104.19.230.21js.hcaptcha.comIN A104.19.229.21
-
Remote address:8.8.8.8:53Requestfindicons.comIN AResponsefindicons.comIN A13.249.9.96findicons.comIN A13.249.9.31findicons.comIN A13.249.9.79findicons.comIN A13.249.9.113
-
Remote address:104.18.95.41:443RequestGET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/849bfe45bf45/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a2d3adbef46-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.95.41:443RequestGET /turnstile/v0/g/849bfe45bf45/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 02 Jan 2025 13:52:36 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fdd6a2f8a4bef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/msedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/ HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
server: cloudflare
cf-ray: 8fdd6a2ffbbbef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8fdd6a310edaef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8fdd6a2ffbbbef46&lang=automsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8fdd6a2ffbbbef46&lang=auto HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8fdd6a30feb8ef46-LHR
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDmsedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD HTTP/2.0
host: challenges.cloudflare.com
content-length: 3854
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
cf-chl-retryattempt: 0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: Bbx5DmEzWdVTXY2X5qVS+gTF6yUqWJ69iBpB6idT2WCwD6LC/lwwr+O+pGjOnyHdaiZ4RPrqLi/KrPCxzFOLJkznTsU1BH30xXPbDQJlCHQRoYa8oiTUA7zYBVvln3mAC3ipXC8KX4ouwc2SVUefzVW8JTF7uLLfo4fcKMimGHG6TSkT1FDkzgiHSKz6y3MeEj2vrcXnWfc4Kid5OLqR/3pPr7qMOIiOKhO+k6qNngzRj88G/Gm4qgdOhoYCiLzE9Mn+VN8E7FygUSDhOqLyt04+TeIyeFDyRHRZwsrXuo4/TxnGpDoCa9QtD6cmW6cUT+fDJCWNMQlInuxqNmI364HoRumKbA4ZAxvrI1LTJSTjXt+elGr14sGOHslvh9tcT6E8JxZmXw4fQRRPx57+uOx8idThgRiTfcnijLu6JTaOf4UQ/PGayWfkqfFvW71VHkkW537BrZdHcogMImnswZBOykeC$DZwprQ5XouMWhz0i
server: cloudflare
cf-ray: 8fdd6a328b65ef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8fdd6a2ffbbbef46/1736184404899/3Hkje4f1dIXXJ-Bmsedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/g/i/8fdd6a2ffbbbef46/1736184404899/3Hkje4f1dIXXJ-B HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8fdd6a3a0c8fef46-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8fdd6a2ffbbbef46/1736184404900/1edb60493e3595cc042976429fb35ff7677fa6db5097e38289d191f6af14d224/cuXWAmBLjaHQ4f9msedge.exeRemote address:104.18.95.41:443RequestGET /cdn-cgi/challenge-platform/h/g/pat/8fdd6a2ffbbbef46/1736184404900/1edb60493e3595cc042976429fb35ff7677fa6db5097e38289d191f6af14d224/cuXWAmBLjaHQ4f9 HTTP/2.0
host: challenges.cloudflare.com
cache-control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 401
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gHttgST41lcwEKXZCn7Nf92d_pttQl-OCidGR9q8U0iQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIB7bYEk-NZXMBCl2Qp-zX_dnf6bbUJfjgonRkfavFNIkABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIB7bYEk-NZXMBCl2Qp-zX_dnf6bbUJfjgonRkfavFNIkABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA0Bg4_P76wfMEmDzHK9N8yyWImWxay1z7HPRnKoNyIW_Kt8Rk4JPinNDLa3LlBgTYMoR4v3RICP4X4zaAzY3cxkst6Rpr-Py-3J7VIv4tDxbhYpyAJpzUm3uLOHmGHY_CoipSic72M1Fa_ltrFceiOzvXMAMmq9kyyOOtf9OkrAyjZjlUWJke61DQJEIuvkzoa1TZ0vzYhu0Tk_PmJkQB7g-FiJne2dp-7uJFizTT0oatWJgKSOcI9bZpT__32BhyfyCjE-1JMrNXglwYWKaIdnnmWh-1b9zPsCSav_GOwSPUyhyqOykRladYl-k7vKxZJ2AtvfObQaF5muLp21p9sQIDAQAB", max-age=20
server: cloudflare
cf-ray: 8fdd6a3b793fef46-LHR
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDmsedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD HTTP/2.0
host: challenges.cloudflare.com
content-length: 30266
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
cf-chl-retryattempt: 0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/plain; charset=UTF-8
cf-chl-gen: E7CuZryjXm8k6RP4e8ZXPtoydOD9qZUtBp7OAuOH1JBwNv/4ZlDgjfdf+Y6UQF+611c=$JVT2oRwoi+f8KN4/
server: cloudflare
cf-ray: 8fdd6a3d6f97ef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
POSThttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDmsedge.exeRemote address:104.18.95.41:443RequestPOST /cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD HTTP/2.0
host: challenges.cloudflare.com
content-length: 32568
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
cf-chl-retryattempt: 0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
cf-challenge: l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wD
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://challenges.cloudflare.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
cf-chl-out-s: 5wT/z/cy1xam+iIn5OiDllIiincovFwaKCHYB/rwuazTZmhzCz5Qn8K5fLrhamajZGW28//hD8u5u1JBafUKx462La9HRV9gjMNGAx+dFsEj21Z1OuOAb6xfaR/p7Lo8XYuI21SicC/VDRp+skpGkKZg0dNSLV+HzRZMRkxs4HaOC2EqAyvFdWZnhXELPJwcP0pbuY5brP/BxMqFEvem6l3Qwyjcq97nw53IbHP+YS8nhCzIPVErZeNE5uCFj0NIPy6WhCj6r7xil0cIgRB1YDq6nogJdt3EWqXzTnvchYpsCwtoCjUNz6jAl4pUM4XdWwgvugtVnu5aiK/dJy+LyjWonWx2uxrfukONMgpmPv7DuQPDAMtdympKdHRecg5P/QoVjazWNSGzocv4ewknGpPDwwSbXPVlP4REUerDK2AhUO/NPfj6TNC2zCdnu1qrk+wgPkkQrrwpWLZBuajMQDWczLOmim+qeWLHCvKrtmyR7k8x6J8kmNTpIiJ1dd9mw2SuAwBRurpjNp07Lae0FuHOLCv5zO1XmqBpbUNYlBFHoQGZaDAPue9QVXjm4389ti/D8YHjjdRsv/3SmHMfNpYhVobR2Z4LaCzlTKMmHlte7SnQrcSvQ8ViiReVp1a6tQ+4tHAF0lx1DXCh9ZFWyxxUe3rg/9gRsBtxwGRJsrhJN2cvvVoLvMtwPNu72+saFWnXjhbFKp3b0PKirYnwhOoQ5mvu2FfBPaMm4hyD3m867e/ItSsMmxpX3UBFp6agpWPrSuG9QrI38TnEBQjuqHWyazzzV9r2Qi/pbE8CJHGU6bHZk6+EoBx9GARz4WLXn1zWownlorpbpWbae/nF21IREUSO/CyTyQbRb6jsNwLWN+NNJsvlfOD272EE3F7CN5GOXZJa0+ZCXFiY5uHb/p0PZrZNdY9wNR8kWvmsrgYwmeMmF4/e9R6vNkQ9axLIZLzNF6DxEqVVJodkJp7X7KRh6vTAXOLjaWDAT3bpOlcNYKofLDdh/mGss2aCjr31+VY0bISL9hRFpewEGhyaZouaIETJ+iPBSfh1DeKbqly25Tn5nr6qkuLT+jMWoijv9ODFSH1d8wIW8q999G5VV35qLfAahYID$R3qF0iZ8yLww+6Kx
cf-chl-out: S9UYYah/3Wa+LjCcYEMpFRRey0s26ApKJNLy0JFeFQjCdFhFR5oI5zedD9+xBBGXcUSDwH+w++GnAgFDuODhqZOopG4tMdpED8SwGm44Rw==$KCtPAcQdTxsXOrJ/
server: cloudflare
cf-ray: 8fdd6a54fdc7ef46-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:104.19.230.21:443RequestGET /1/api.js HTTP/2.0
host: js.hcaptcha.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript
content-length: 48184
content-encoding: gzip
cache-control: max-age=300
etag: "180b69f6bf96d221e8ae6e915712d32f"
vary: accept-encoding
vary: Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 8fdd6a2d48796442-LHR
-
Remote address:104.19.230.21:443RequestGET /captcha/v1/b4956db/static/hcaptcha.html HTTP/2.0
host: newassets.hcaptcha.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html
cache-control: max-age=3600
vary: accept-encoding
vary: Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
server: cloudflare
cf-ray: 8fdd6a2e293a6442-LHR
content-encoding: br
-
POSThttps://api2.hcaptcha.com/checksiteconfig?v=b4956db&host=login-microsoftonline.bossdesk.org&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=0msedge.exeRemote address:104.19.230.21:443RequestPOST /checksiteconfig?v=b4956db&host=login-microsoftonline.bossdesk.org&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=0 HTTP/2.0
host: api2.hcaptcha.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
origin: https://newassets.hcaptcha.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://newassets.hcaptcha.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/json
content-length: 772
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFiy4sSqK1JbQoGkPQSsCrbBoVQR; SameSite=None; Secure; path=/; expires=Mon, 06-Jan-25 17:56:44 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8fdd6a2fbaa26442-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://newassets.hcaptcha.com/c/fe8bf5a16a9db504f8aba2aec3f8f5eb2c013bd8a80f6268abbae03fe760d754/hsw.jsmsedge.exeRemote address:104.19.230.21:443RequestGET /c/fe8bf5a16a9db504f8aba2aec3f8f5eb2c013bd8a80f6268abbae03fe760d754/hsw.js HTTP/2.0
host: newassets.hcaptcha.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://newassets.hcaptcha.com/captcha/v1/b4956db/static/hcaptcha.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript
content-encoding: gzip
cache-control: max-age=3024000
etag: W/"b231d6ca7477c9dc56545e2dfec383bc"
vary: accept-encoding
vary: Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8fdd6a304b516442-LHR
-
GEThttps://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.pngmsedge.exeRemote address:13.249.9.96:443RequestGET /files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP/2.0
host: findicons.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 301
location: https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
server: CloudFront
date: Fri, 03 Jan 2025 02:41:54 GMT
x-cache: Hit from cloudfront
via: 1.1 3d31b9207a0bab7982999e9846baee80.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG53-C1
x-amz-cf-id: S3umlH-BC2gvVPOur42CYQzOk3vHuJrcvruVo8g9Re4eSzRJ4YnMuw==
age: 312290
-
Remote address:8.8.8.8:53Requestcrt.rootg2.amazontrust.comIN AResponsecrt.rootg2.amazontrust.comIN A3.164.163.127crt.rootg2.amazontrust.comIN A3.164.163.59crt.rootg2.amazontrust.comIN A3.164.163.90crt.rootg2.amazontrust.comIN A3.164.163.87
-
Remote address:8.8.8.8:53Requestnewassets.hcaptcha.comIN AResponsenewassets.hcaptcha.comIN A104.19.229.21newassets.hcaptcha.comIN A104.19.230.21
-
Remote address:3.164.163.127:80RequestGET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crt.rootg2.amazontrust.com
ResponseHTTP/1.1 200 OK
Content-Length: 1145
Connection: keep-alive
Last-Modified: Thu, 02 Jan 2025 12:12:02 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 8BDeZh_YQ77uc8Ttu_yUu.f3QcyIWl9E
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 06 Jan 2025 14:16:37 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
X-Cache: Hit from cloudfront
Via: 1.1 b7c17dda962249acad4693c264f9df0e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG55-P3
X-Amz-Cf-Id: BeWSzAnATJ3aibaFccl91pXPc0zaCjpeTRpbxI0JA1shqYT08RvOkA==
Age: 11408
-
Remote address:8.8.8.8:53Request41.95.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.47.66.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request96.9.249.13.in-addr.arpaIN PTRResponse96.9.249.13.in-addr.arpaIN PTRserver-13-249-9-96cdg53r cloudfrontnet
-
Remote address:8.8.8.8:53Request21.230.19.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestapi2.hcaptcha.comIN AResponseapi2.hcaptcha.comIN A104.19.230.21api2.hcaptcha.comIN A104.19.229.21
-
Remote address:8.8.8.8:53Requestimages.freeimages.comIN AResponseimages.freeimages.comIN A18.245.199.28images.freeimages.comIN A18.245.199.127images.freeimages.comIN A18.245.199.42images.freeimages.comIN A18.245.199.14
-
GEThttps://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findiconsmsedge.exeRemote address:18.245.199.28:443RequestGET /fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons HTTP/2.0
host: images.freeimages.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-length: 254
date: Mon, 08 Jul 2024 20:25:55 GMT
last-modified: Tue, 20 Dec 2022 05:17:19 GMT
etag: "57ab754695eb0a2c74201ecd6948c12f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 80aba93d53aa5c566027db2247a3a1ee.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG55-P2
x-amz-cf-id: w4YnydmZwX0kLFU5sqE6YZcBtZUnu2W1heikQxm_FYudj07PMpif3g==
age: 15714049
x-xss-protection: 1; mode=block
x-frame-options: DENY
referrer-policy: origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
-
Remote address:8.8.8.8:53Request127.163.164.3.in-addr.arpaIN PTRResponse127.163.164.3.in-addr.arpaIN PTRserver-3-164-163-127cdg55r cloudfrontnet
-
Remote address:8.8.8.8:53Request28.199.245.18.in-addr.arpaIN PTRResponse28.199.245.18.in-addr.arpaIN PTRserver-18-245-199-28cdg55r cloudfrontnet
-
Remote address:8.8.8.8:53Request50.201.222.52.in-addr.arpaIN PTRResponse50.201.222.52.in-addr.arpaIN PTRserver-52-222-201-50cdg50r cloudfrontnet
-
Remote address:8.8.8.8:53Requestswy8r6.farmboyusa.comIN AResponseswy8r6.farmboyusa.comIN A172.67.171.93swy8r6.farmboyusa.comIN A104.21.29.51
-
Remote address:8.8.8.8:53Requestswy8r6.farmboyusa.comIN A
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A172.217.16.234
-
Remote address:172.217.16.234:443RequestGET /ajax/libs/jquery/3.6.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestwork.foundationacademy.suIN AResponsework.foundationacademy.suIN A104.21.57.169work.foundationacademy.suIN A172.67.147.218
-
GEThttps://work.foundationacademy.su/6bc3218f-0083-4afe-aaa4-510712e1c21b/p5Qw9X8rN3.phpmsedge.exeRemote address:104.21.57.169:443RequestGET /6bc3218f-0083-4afe-aaa4-510712e1c21b/p5Qw9X8rN3.php HTTP/2.0
host: work.foundationacademy.su
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: */*
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
origin: https://login-microsoftonline.bossdesk.org
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://login-microsoftonline.bossdesk.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=gke2oqvcdue45ga3q24cccohg8; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fdd6a661f366334-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=50648&min_rtt=48088&rtt_var=15341&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1149&delivery_rate=56438&cwnd=249&unsent_bytes=0&cid=8d239ae01d4b0133&ts=873&x=0"
-
Remote address:8.8.8.8:53Request234.16.217.172.in-addr.arpaIN PTRResponse234.16.217.172.in-addr.arpaIN PTRlhr48s28-in-f101e100net234.16.217.172.in-addr.arpaIN PTRmad08s04-in-f10�I
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN AResponsea.nel.cloudflare.comIN A35.190.80.1
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN A
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN A
-
Remote address:8.8.8.8:53Request169.57.21.104.in-addr.arpaIN PTRResponse
-
OPTIONShttps://a.nel.cloudflare.com/report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dHmsedge.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dH HTTP/2.0
host: a.nel.cloudflare.com
origin: https://work.foundationacademy.su
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
POSThttps://a.nel.cloudflare.com/report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dHmsedge.exeRemote address:35.190.80.1:443RequestPOST /report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dH HTTP/2.0
host: a.nel.cloudflare.com
content-length: 504
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request1.80.190.35.in-addr.arpaIN PTRResponse1.80.190.35.in-addr.arpaIN PTR18019035bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request1.80.190.35.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request212.20.149.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request166.190.18.2.in-addr.arpaIN PTRResponse166.190.18.2.in-addr.arpaIN PTRa2-18-190-166deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request137.71.105.51.in-addr.arpaIN PTRResponse
-
1.1kB 1.7kB 14 13
HTTP Request
GET http://bsif64.farmboyusa.com/bforslund@montrose-env.comHTTP Response
301 -
190 B 132 B 4 3
-
2.4kB 9.7kB 24 28
HTTP Request
GET https://bsif64.farmboyusa.com/bforslund@montrose-env.comHTTP Response
302HTTP Request
GET https://swy8r6.farmboyusa.com/A/bforslund@montrose-env.comHTTP Response
302 -
3.2kB 8.1kB 29 36
HTTP Request
GET https://login-microsoftonline.bossdesk.org/pjdsuJPvysi3649X03NiVt6BiCA7E1zbecFqJ5SFycLOn35LnVZpS4M6feAghFWcpd3DOKIafqJjM7tzHdqIo4To51lxa6XtaWCUhFWY3k1izNycaTN7pULmOUVF5SsJmbHTTP Response
200HTTP Request
GET https://login-microsoftonline.bossdesk.org/favicon.icoHTTP Response
200HTTP Request
GET https://login-microsoftonline.bossdesk.org/ZipXFcJzO2hlYLKZxcoqgknkAxhhYVzUhyvzp5lWH4fHTK1DRYUdXCqVnWIcDZUOalUNmzA9tgnmi1F1NZg2Lojfsg1cpOyoyILX5rssaAZ1M6xSRGlEWzmJMXUdPyVYIuHTTP Response
200HTTP Request
GET https://login-microsoftonline.bossdesk.org/favicon.icoHTTP Response
200 -
3.2kB 32.1kB 43 53
HTTP Request
GET https://www.siefjuarez.com/captcha.jsHTTP Response
200HTTP Request
GET https://www.siefjuarez.com/index.jsHTTP Response
200 -
104.18.95.41:443https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDtls, http2msedge.exe78.5kB 217.3kB 191 229
HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackHTTP Response
302HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/g/849bfe45bf45/api.jsHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/e1cua/0x4AAAAAAA2FHkcYSBQqAh4m/auto/fbE/normal/auto/HTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8fdd6a2ffbbbef46&lang=autoHTTP Response
200HTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8fdd6a2ffbbbef46/1736184404899/3Hkje4f1dIXXJ-BHTTP Response
200HTTP Request
GET https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8fdd6a2ffbbbef46/1736184404900/1edb60493e3595cc042976429fb35ff7677fa6db5097e38289d191f6af14d224/cuXWAmBLjaHQ4f9HTTP Response
401HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDHTTP Response
200HTTP Request
POST https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2028460678:1736180298:xklaS1tEciMCtYc_DCkr0RBH8StEcCXn0PrAnm8WhUI/8fdd6a2ffbbbef46/l02HiWhp8hszLg08SP6MG_VZ2AdNVne8ixn.Fxj84Gg-1736184404-1.1.1.1-nHkosFtuXCaQTC00bbvaZHGWAdG1GV6YpHPc5WQ9Z4SI_VV.Arg_0LRDtl0e98wDHTTP Response
200 -
104.19.230.21:443https://newassets.hcaptcha.com/c/fe8bf5a16a9db504f8aba2aec3f8f5eb2c013bd8a80f6268abbae03fe760d754/hsw.jstls, http2msedge.exe11.9kB 495.0kB 223 385
HTTP Request
GET https://js.hcaptcha.com/1/api.jsHTTP Response
200HTTP Request
GET https://newassets.hcaptcha.com/captcha/v1/b4956db/static/hcaptcha.htmlHTTP Response
200HTTP Request
POST https://api2.hcaptcha.com/checksiteconfig?v=b4956db&host=login-microsoftonline.bossdesk.org&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=0HTTP Response
200HTTP Request
GET https://newassets.hcaptcha.com/c/fe8bf5a16a9db504f8aba2aec3f8f5eb2c013bd8a80f6268abbae03fe760d754/hsw.jsHTTP Response
200 -
13.249.9.96:443https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.pngtls, http2msedge.exe2.0kB 6.3kB 18 19
HTTP Request
GET https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.pngHTTP Response
301 -
413 B 1.9kB 6 5
HTTP Request
GET http://crt.rootg2.amazontrust.com/rootg2.cerHTTP Response
200 -
18.245.199.28:443https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findiconstls, http2msedge.exe2.0kB 6.8kB 18 20
HTTP Request
GET https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findiconsHTTP Response
200 -
172.217.16.234:443https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.jstls, http2msedge.exe3.2kB 40.3kB 44 42
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js -
1.4kB 2.0kB 17 16
-
104.21.57.169:443https://work.foundationacademy.su/6bc3218f-0083-4afe-aaa4-510712e1c21b/p5Qw9X8rN3.phptls, http2msedge.exe2.1kB 4.9kB 21 22
HTTP Request
GET https://work.foundationacademy.su/6bc3218f-0083-4afe-aaa4-510712e1c21b/p5Qw9X8rN3.phpHTTP Response
404 -
35.190.80.1:443https://a.nel.cloudflare.com/report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dHtls, http2msedge.exe4.0kB 5.6kB 33 33
HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dHHTTP Request
POST https://a.nel.cloudflare.com/report/v4?s=qGecYl5Ia4JfM6y773TMKWFpSRW16kSNV%2F6jxoSraWxLxy0yIH9yAJWBDKoKRJWP9ccJyJDaD4oeJAfTFsZqMM5vZOfzaoGAF8D9muo1%2BlVg%2FP303QWkAOrt%2BN6b30dcOnu07Ui7YWuAp9dH
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
67 B 99 B 1 1
DNS Request
bsif64.farmboyusa.com
DNS Response
172.67.171.93104.21.29.51
-
80 B 144 B 1 1
DNS Request
login-microsoftonline.bossdesk.org
DNS Response
172.66.47.10172.66.44.246
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
93.171.67.172.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
73.159.190.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
64 B 128 B 1 1
DNS Request
www.siefjuarez.com
DNS Response
172.66.47.10172.66.44.246
-
71 B 103 B 1 1
DNS Request
challenges.cloudflare.com
DNS Response
104.18.95.41104.18.94.41
-
61 B 93 B 1 1
DNS Request
js.hcaptcha.com
DNS Response
104.19.230.21104.19.229.21
-
59 B 123 B 1 1
DNS Request
findicons.com
DNS Response
13.249.9.9613.249.9.3113.249.9.7913.249.9.113
-
72 B 136 B 1 1
DNS Request
crt.rootg2.amazontrust.com
DNS Response
3.164.163.1273.164.163.593.164.163.903.164.163.87
-
68 B 100 B 1 1
DNS Request
newassets.hcaptcha.com
DNS Response
104.19.229.21104.19.230.21
-
71 B 133 B 1 1
DNS Request
41.95.18.104.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
10.47.66.172.in-addr.arpa
-
70 B 125 B 1 1
DNS Request
96.9.249.13.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
21.230.19.104.in-addr.arpa
-
63 B 95 B 1 1
DNS Request
api2.hcaptcha.com
DNS Response
104.19.230.21104.19.229.21
-
67 B 131 B 1 1
DNS Request
images.freeimages.com
DNS Response
18.245.199.2818.245.199.12718.245.199.4218.245.199.14
-
72 B 129 B 1 1
DNS Request
127.163.164.3.in-addr.arpa
-
72 B 129 B 1 1
DNS Request
28.199.245.18.in-addr.arpa
-
72 B 129 B 1 1
DNS Request
50.201.222.52.in-addr.arpa
-
524 B 8
-
134 B 99 B 2 1
DNS Request
swy8r6.farmboyusa.com
DNS Request
swy8r6.farmboyusa.com
DNS Response
172.67.171.93104.21.29.51
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
172.217.16.234
-
71 B 103 B 1 1
DNS Request
work.foundationacademy.su
DNS Response
104.21.57.169172.67.147.218
-
73 B 142 B 1 1
DNS Request
234.16.217.172.in-addr.arpa
-
198 B 82 B 3 1
DNS Request
a.nel.cloudflare.com
DNS Request
a.nel.cloudflare.com
DNS Request
a.nel.cloudflare.com
DNS Response
35.190.80.1
-
72 B 134 B 1 1
DNS Request
169.57.21.104.in-addr.arpa
-
140 B 120 B 2 1
DNS Request
1.80.190.35.in-addr.arpa
DNS Request
1.80.190.35.in-addr.arpa
-
1.7kB 3.8kB 4 6
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
212.20.149.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
166.190.18.2.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
137.71.105.51.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD59dc3a091ab6c36eed17783c2db6551f3
SHA1edd790080c16eb1027b152782a0a763f41639886
SHA2563a94e0978707c35432c9f27571eb3d37b359f80a7795f1b72c822b4757362747
SHA512283c8dc2bc57847781a0e26c19431744041fb91465588dc02c9ba4f5e22be916990878edbca152ce5917557e717de9668f5d82ca7bbd2a5f92ce03dec1a1a26a
-
Filesize
1KB
MD53f684c9470d1b78fcbd5c376445b309d
SHA1c169d53d7e249fdca158e2cd287a112acc193966
SHA256c0b855faa25dfa771c344593e12acd7bb737e902ed29fd43881df83c3c52e884
SHA5129175169f0cd01c1fe3b90782020bf04ac96d77b0a37b2d22a4689759de220ea3de25c4e7e9f95f25d7c36f184e4becd709c2873d9f39167bb995ced6c48aa5c4
-
Filesize
6KB
MD520abb80e067f692c786a1cd8bf64f5d0
SHA183d5dbc471325a761964451bef9519935abc915a
SHA2568633ef514be3f6199461e901074878b17aa389e30b5388fddef6093224cbad2b
SHA512c49c4999ea870912a0f62eff312e49e14d24c41d7989c76a9ec4587f9d5186b5e033714d065cebc7e2647f773ea1a3de84bab212a2cde6253d1bdd6c769d0ac9
-
Filesize
5KB
MD52e06901358d674b2ba98ad39cb6ca059
SHA1fd90d72e9c805a534bd0044e15a455919d033aed
SHA2563919658aa82b7f97a3b09f3e298a131ee0926a55ca0528d17980b68ef6affc96
SHA512a9903012bedb18c4a0776d7832529f822305fead0957523123d53f6b1cc09b272b095a16017ad611746f8194762feb0c365d9b1fb0be54a26b4cb05705c63527
-
Filesize
6KB
MD529b9ee40c57598c57a4ddadf966f1026
SHA11c388d35af364821908e021ab8b68f136faade6d
SHA256f109629e870913899e9fc5398c1e10152bedae96871c0b59284a23fb23c14dd1
SHA512564233b6dec65a7407d2f9cc1994d04a29cf92468fd66baf02bc60ae0dbd2f2bb9041366193ba85782524bff89a423a1448052f2076256b6681a16656cb71230
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD564993fcf97f8831a8f3ac18399554a65
SHA17725d909a821eb09117714d7d27c692a3a9ab5f1
SHA25622e96f8e9acfb71d02f50df24169ef4ea5690dfdd7124787d5bb254d84288f91
SHA51259f5e7d2ba925ecb67e24b5d66c1ce3cf14263d01fc57810d710ede359e651d5ea076dcc9631396a46c56058d545e899c314e40b229e8cf4bea6c920ca404111