hxxps://www[.]notion[.]so/1c194f407be88057ad86f2f4295a79b6

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 09:41 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.notion.so/1c194f407be88057ad86f2f4295a79b6

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 3 IoCs

phishing microsoft

flow	pid	Process
63	5044	chrome.exe
63	5044	chrome.exe
63	5044	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873692994777562"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5376	chrome.exe
5376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe
Token: SeShutdownPrivilege	5956	chrome.exe
Token: SeCreatePagefilePrivilege	5956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe
5956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5956 wrote to memory of 5340	5956	chrome.exe	85
PID 5956 wrote to memory of 5340	5956	chrome.exe	85
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 2244	5956	chrome.exe	86
PID 5956 wrote to memory of 5044	5956	chrome.exe	87
PID 5956 wrote to memory of 5044	5956	chrome.exe	87
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89
PID 5956 wrote to memory of 5560	5956	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.notion.so/1c194f407be88057ad86f2f4295a79b6
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb840cdcf8,0x7ffb840cdd04,0x7ffb840cdd10
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2260,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3864,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4464 /prefetch:2
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2920,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3320,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4740,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4608,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5956,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5972,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3872 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5636,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4492,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=728 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5996,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6096,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5920,i,16804067108912796504,7594144239519407619,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5652

Network

DNS

www.notion.so

chrome.exe

Remote address:

8.8.8.8:53

Request

www.notion.so

IN A

Response

www.notion.so

IN A

208.103.161.2

www.notion.so

IN A

208.103.161.1
GET

https://www.notion.so/1c194f407be88057ad86f2f4295a79b6

chrome.exe

Remote address:

208.103.161.2:443

Request

GET /1c194f407be88057ad86f2f4295a79b6 HTTP/2.0
host: www.notion.so
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 301

date: Tue, 25 Mar 2025 09:41:34 GMT
content-type: text/html; charset=utf-8
content-length: 200
location: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
cf-ray: 925d7409deaa8ae0-LHR
cf-cache-status: DYNAMIC
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
expires: 0
set-cookie: notion_browser_id=587293aa-23fe-4511-916a-5178c53a911b; Domain=www.notion.so; Path=/; Expires=Wed, 25 Mar 2026 09:41:34 GMT; Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
pragma: no-cache
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://identity.notion.so
document-policy: js-profiling
referrer-policy: strict-origin-when-cross-origin
server-timing: r;dur=685
surrogate-control: no-store
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-notion-request-id: 329c22b1-ccaf-4db8-ae86-b520713f3758
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: device_id=1c1d872b-594c-817b-ae46-003b6262d5c9; Domain=www.notion.so; Path=/; Expires=Wed, 25 Mar 2026 09:41:34 GMT; HttpOnly; Secure
set-cookie: notion_check_cookie_consent=true; Domain=www.notion.so; Path=/; Expires=Wed, 26 Mar 2025 09:41:34 GMT; Secure
set-cookie: __cf_bm=wcsHwVM4.n_.zkPfQgWhVym9KLhA0rVcXDtPPyEidno-1742895694-1.0.1.1-giIfbla9HKTOjwHgu1pVBGo3zpKAoLB2NOwKoO2o.QmtoFDLxWGsmOaauo9vJ.I6D0STtyNen0VKAqzQQB892JRkVzNTlpLNkkrvEOOoKXc; path=/; expires=Tue, 25-Mar-25 10:11:34 GMT; domain=.notion.so; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=ZovUFiYLctLOantzzruYYE8Xw6kHFhmQWrPBZnKgAi8-1742895694703-0.0.1.1-604800000; path=/; domain=.notion.so; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
DNS

artistic-earwig-eb3.notion.site

chrome.exe

Remote address:

8.8.8.8:53

Request

artistic-earwig-eb3.notion.site

IN A

Response

artistic-earwig-eb3.notion.site

IN A

208.103.161.33

artistic-earwig-eb3.notion.site

IN A

208.103.161.32
GET

https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /1c194f407be88057ad86f2f4295a79b6 HTTP/2.0
host: artistic-earwig-eb3.notion.site
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: text/html; charset=utf-8
cf-ray: 925d740d28723eca-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
last-modified: Tue, 25 Mar 2025 07:56:52 GMT
set-cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980; Domain=artistic-earwig-eb3.notion.site; Path=/; Expires=Wed, 25 Mar 2026 09:41:35 GMT; Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Language, Accept-Encoding
pragma: no-cache
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://identity.notion.so
document-policy: js-profiling
referrer-policy: strict-origin-when-cross-origin
server-timing: r;dur=174
surrogate-control: no-store
x-amz-id-2: cSElCCOrnqL1b3ABnNBjUMv9lpohXMdHMahxyr2ey4XyQneFv4IqNY9600k473xsW2s25/rh4cQqxxLq6qJZLA==
x-amz-request-id: DK12MGAG24KXP3GQ
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-notion-request-id: bd576fe1-59c8-45ac-b44e-d6b77098dcab
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21; Domain=artistic-earwig-eb3.notion.site; Path=/; Expires=Wed, 25 Mar 2026 09:41:35 GMT; HttpOnly; Secure
set-cookie: notion_check_cookie_consent=true; Domain=artistic-earwig-eb3.notion.site; Path=/; Expires=Wed, 26 Mar 2025 09:41:35 GMT; Secure
set-cookie: notion_locale=en-US%2Fautodetect; Domain=artistic-earwig-eb3.notion.site; Path=/; Expires=Wed, 25 Mar 2026 09:41:35 GMT; Secure
set-cookie: NEXT_LOCALE=en-US; Domain=artistic-earwig-eb3.notion.site; Path=/; Expires=Wed, 25 Mar 2026 09:41:35 GMT; Secure
set-cookie: __cf_bm=oOZ46OMi.ZXYQ3S5L_lMOivS50BMBxiq3fIx6OyTG0I-1742895695-1.0.1.1-Rs3V0AJCHHtaSEa2N4F6rI5z55XXSyDHFsoowz0qNxMUzFLOS0fErreTCAO4oxwgCOTqyW_ZyaocePdwGdQF4WPxdf.S.rHfuMqC88ru3v4; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/app-271f4bf5b014fd7d.css

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/app-271f4bf5b014fd7d.css HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US
priority: u=0

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: application/javascript
content-length: 7650
cf-ray: 925d7411dcd23eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 431940
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "e82ef081afc9b57b1b6ebf8bc27c9efa"
last-modified: Tue, 18 Mar 2025 09:47:01 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/75676-*.js", id="_assets/75676-ba3836397bafe53b.js"
x-amzn-remapped-content-length: 7650
x-amzn-remapped-date: Tue, 18 Mar 2025 10:43:11 GMT
x-amzn-requestid: 8fe0c33f-cc66-4ebc-aacb-abc155160a35
x-amzn-trace-id: Root=1-67d94e3e-693bbf7731bbc52813cf2985;Parent=5710e6c43fa753e5;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=eTE5tBlMRYBxlP0FkCjSnJ9ExOn3qQaWycQSKiLfIxw-1742895695-1.0.1.1-055.VAktf1TAaYRD.stJ4_B1cw4WEsjgvhoKHGgJFk5FiirYWOXKlejoqg_F_BcVEJn9JJw3zBunrpiqhuRK6dF5CEufLultK8qAmIiNf1A; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/14020-b72d567fefcfa8d7.js

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/14020-b72d567fefcfa8d7.js HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: application/javascript
content-length: 21977
cf-ray: 925d7411dcd13eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 223632
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "9964132de93ec3d6c0d61ef333e6e50d"
last-modified: Thu, 20 Mar 2025 08:58:31 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/27316-*.js", id="_assets/27316-c43e23588883911a.js"
x-amzn-remapped-content-length: 21977
x-amzn-remapped-date: Thu, 20 Mar 2025 09:12:39 GMT
x-amzn-requestid: 28165e7f-70fe-45aa-84f9-7c8b10f90b94
x-amzn-trace-id: Root=1-67dbdc06-7c5647e52a1911545115e620;Parent=505a0f2729896c93;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=9gvIcrDyDM5vgWjd2ba1nSfmendodXOUibEBwsk0Lsg-1742895695-1.0.1.1-Kh4raKYIpRoLH9.62UfQferGY48ZxnmPEsLX6Z1R7pRcH6tri5E_vRaHo5NID59Z4_AQNLsAHM_dPkmG85NetDTcx_G_J.NxK4DlpSzl57U; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/app-fc6b5fe80b494eed.js

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/app-fc6b5fe80b494eed.js HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: application/javascript
content-length: 119059
cf-ray: 925d7411dcc73eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 1178578
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "c1ee25041636e4bd3413f16b2556989a"
last-modified: Tue, 11 Mar 2025 18:18:29 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/14020-*.js", id="_assets/14020-b72d567fefcfa8d7.js"
x-amzn-remapped-content-length: 119059
x-amzn-remapped-date: Tue, 11 Mar 2025 18:18:37 GMT
x-amzn-requestid: 63db6a41-118c-4e59-8f02-d58b341d6954
x-amzn-trace-id: Root=1-67d07e7c-2d9ec15c174e6e28046295f2;Parent=48bcff300d0c5132;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=JZ5oOWigLSCgO.Hz8yYi18gSxoxsPCvwALyPTE6myOo-1742895695-1.0.1.1-WIw_KfripGKCnxRl4e.9DVs.jro_S.tYUsS1usSTKavCoO8QGSdBy.4c97yAU3Y9m_LXUugXXQVVVmkRdoild1rzZk3CixiHcQDA57zhjkQ; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/ClientFramework-48005d011f673f55.js

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/ClientFramework-48005d011f673f55.js HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: application/javascript
content-length: 113951
cf-ray: 925d7411dcca3eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 6281
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "fb2b4a731f7ff983383ac6b24ff985dc"
last-modified: Tue, 25 Mar 2025 07:56:50 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/app-*.js", id="_assets/app-fc6b5fe80b494eed.js"
x-amzn-remapped-content-length: 113951
x-amzn-remapped-date: Tue, 25 Mar 2025 07:56:54 GMT
x-amzn-requestid: 50daa086-052f-4a7d-8106-e6ddc82cf0c7
x-amzn-trace-id: Root=1-67e261c5-1b1233242430508c6f3a8e8e;Parent=348b22454584e689;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=e_ZmUH7WjIRyMX7TYmtUlwsmAm6HFIPrZD6vg4CEBMk-1742895695-1.0.1.1-t3tbENzC6_ZGWBSiTO8_jIfam6vvoo_zM0ULJV7ca6i1lLi4YCavmSVQQmVjtmlmt7ZKvIdTKdT5kQo1myZ1cPRwBZZYywNj9wt6E2Dqu7g; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/27316-c43e23588883911a.js

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/27316-c43e23588883911a.js HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: text/css
content-length: 8241
cf-ray: 925d7411dcc43eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 459085
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "78dbfdf377c7e3082d9cf5235dc3a692"
last-modified: Thu, 20 Mar 2025 02:10:03 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/app-*.css", id="_assets/app-271f4bf5b014fd7d.css"
x-amzn-remapped-content-length: 8241
x-amzn-remapped-date: Thu, 20 Mar 2025 02:10:11 GMT
x-amzn-requestid: 0f4c8edb-fd2c-4e98-a3fe-8f0aac69c65f
x-amzn-trace-id: Root=1-67db7902-4e24c0395a17183304b47659;Parent=40a580abd28f0a1f;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=7cYuOusCXeIxprvQe5r9o6r_gxi10iHWGVXxDvxrXdQ-1742895695-1.0.1.1-MgxN5uDLApwfXbH.vIASvwDPaM48PNbMukGfL9wc8h__SnJI.h8oxxPTkgU.xyYGvAONCJ0x7YibwaXlExt1STByYZRtNS6v6twJSUUue5Y; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/_assets/75676-ba3836397bafe53b.js

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /_assets/75676-ba3836397bafe53b.js HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: text/css; charset=utf-8
cf-ray: 925d7411dcd33eca-LHR
cf-cache-status: HIT
age: 25477
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
etag: "e2ba4c318d5eceba8b285f2ec70f5add"
last-modified: Tue, 25 Mar 2025 02:10:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://identity.notion.so
document-policy: js-profiling
referrer-policy: strict-origin-when-cross-origin
server-timing: r;dur=440
x-amz-id-2: Ge5jJrd1YAoQEhJ18DoOAk2Gx3ser4NDaOEGZiY0Gm3bVwtKFVhNdQYtq99nylgJz7e+0aHC7fQ=
x-amz-request-id: X9DFA8ZPC5VWYKCB
x-amz-server-side-encryption: AES256
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-notion-request-id: 832f49ee-0e23-45f6-8a67-702bda246fa4
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: __cf_bm=YvmQYpIJSJqCn0KMD.nNdrVNTCem4lT4xZ27EDjBMbs-1742895695-1.0.1.1-UhqAkkPlWD01xImKV49w.PhnRgHiwFbr2ncGxVm_s.CmwUAQvaaGICLuwe.A5rwe61m.0cB1i.1aqInk8v5goZyMnQEiAPJRFOSiKlcr_J4; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://artistic-earwig-eb3.notion.site/print.e2ba4c31.css

chrome.exe

Remote address:

208.103.161.33:443

Request

GET /print.e2ba4c31.css HTTP/2.0
host: artistic-earwig-eb3.notion.site
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: notion_browser_id=560c75b0-fc3f-44aa-b49d-7f76ff72e980
cookie: device_id=1c1d872b-594c-8156-b022-003b8db7ef21
cookie: notion_check_cookie_consent=true
cookie: notion_locale=en-US%2Fautodetect
cookie: NEXT_LOCALE=en-US
priority: u=4

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:35 GMT
content-type: application/javascript
content-length: 28102
cf-ray: 925d7411dccd3eca-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 9700
cache-control: public,max-age=31536000,immutable
content-encoding: zstd
etag: "2ab0088e0544b34ffb8becd6559290c4"
last-modified: Thu, 20 Mar 2025 03:27:50 GMT
vary: Accept-Encoding, Available-Dictionary
use-as-dictionary: match="/_assets/ClientFramework-*.js", id="_assets/ClientFramework-48005d011f673f55.js"
x-amzn-remapped-content-length: 28102
x-amzn-remapped-date: Thu, 20 Mar 2025 04:21:03 GMT
x-amzn-requestid: 4e8be7be-9a60-4c40-a8e0-98e3a9453a60
x-amzn-trace-id: Root=1-67db97ae-2bbde6b200e6ad0c5070615f;Parent=7ceffd159880ac82;Sampled=0;Lineage=1:d43fe12a:0
x-requested-encoding: gzip, deflate, br, zstd
set-cookie: __cf_bm=IncxAYSubZGXHaz9EeIqrQRwt6aH59qUtpo41SWYA9g-1742895695-1.0.1.1-E.8XYtlOJcuI0oFXf1dxJJuE7fcW48J5Dn2Ggl2lZHPHvOZswBhFtB5u_Bbbq9d5JOj.fEC7aKO6xiFd3tis1D.8G23qV1HoxtDzx1S46Bg; path=/; expires=Tue, 25-Mar-25 10:11:35 GMT; domain=.notion.site; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=04FCD49C7D67621D2445C1267C4063B9; domain=.bing.com; expires=Sun, 19-Apr-2026 09:41:35 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FD92344DA884CF4B0B55590B719B79B Ref B: LON04EDGE0611 Ref C: 2025-03-25T09:41:35Z
date: Tue, 25 Mar 2025 09:41:35 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=04FCD49C7D67621D2445C1267C4063B9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=FSSzgQIr4Opal3AOIwY3OYGqB1P-59wMilshZNRFWk0; domain=.bing.com; expires=Sun, 19-Apr-2026 09:41:35 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2399FE0EEDB744F7B57B09E68EC364D6 Ref B: LON04EDGE0611 Ref C: 2025-03-25T09:41:35Z
date: Tue, 25 Mar 2025 09:41:35 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=04FCD49C7D67621D2445C1267C4063B9; MSPTC=FSSzgQIr4Opal3AOIwY3OYGqB1P-59wMilshZNRFWk0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9950617334DC4D048FB1519EC3BA94BF Ref B: LON04EDGE0611 Ref C: 2025-03-25T09:41:36Z
date: Tue, 25 Mar 2025 09:41:35 GMT
DNS

exp.notion.so

chrome.exe

Remote address:

8.8.8.8:53

Request

exp.notion.so

IN A

Response

exp.notion.so

IN A

208.103.161.1

exp.notion.so

IN A

208.103.161.2
POST

https://exp.notion.so/v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895694643&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1

chrome.exe

Remote address:

208.103.161.1:443

Request

POST /v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895694643&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1 HTTP/2.0
host: exp.notion.so
content-length: 952
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:36 GMT
content-type: application/json; charset=utf-8
content-length: 112148
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
stale-if-error: 86400
statsig-final-byte-size: 112148
x-statsig-region: gke-europe-north1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
set-cookie: GCLB="ce3cf778756fe13b"; Max-Age=1; Path=/; HttpOnly
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: __cf_bm=f0FpmvE2i8IratIqyAJSBFIw6u1VhiKhsh5xXqGi5DI-1742895696-1.0.1.1-Eg_TEI3IyCrZqqTqopQNYicoIIlutQJ1qVTJT_TXNyPoRUg5lBJTsQIiWQhonpt6uwDfZApEABoSxweFsebIZyt_ZyqdN4SJVYdUWu2e0t0; path=/; expires=Tue, 25-Mar-25 10:11:36 GMT; domain=.notion.so; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=684LFi.i2zDf7.PWiphXQpLHHIYyxeoD074ERvqZRI8-1742895696210-0.0.1.1-604800000; path=/; domain=.notion.so; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 925d7414282a945d-LHR
POST

https://exp.notion.so/v1//rgstr?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695821&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&ec=52

chrome.exe

Remote address:

208.103.161.1:443

Request

POST /v1//rgstr?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695821&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&ec=52 HTTP/2.0
host: exp.notion.so
content-length: 100379
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 202

date: Tue, 25 Mar 2025 09:41:37 GMT
content-type: application/json
content-length: 16
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
permissions-policy: interest-cohort=()
x-response-time: 4 ms
access-control-allow-credentials: true
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
set-cookie: GCLB="5593ea7cfc61a39b"; Max-Age=1; Path=/; HttpOnly
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: __cf_bm=LKIzQ50Q87YpSj49Gy5y69P7g.3Q8SHXH9dsLqbiFZQ-1742895697-1.0.1.1-nXdNWEQJEYgRFH7s6hiDk8oBE5ekk3V2LzKIw2zJQMJ.FdnDUNTR9toR9.oa8PszKJkHJadPuUO_9bO4OPQDd1a7f9T64lEDyk9F1l2Gzp0; path=/; expires=Tue, 25-Mar-25 10:11:37 GMT; domain=.notion.so; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=GFsnXDAzjitbjbONBMzMHJcO4RpbBY0zGUWa63Tfch8-1742895697219-0.0.1.1-604800000; path=/; domain=.notion.so; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 925d741a9d63945d-LHR
POST

https://exp.notion.so/v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695858&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1

chrome.exe

Remote address:

208.103.161.1:443

Request

POST /v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695858&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1 HTTP/2.0
host: exp.notion.so
content-length: 1032
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:37 GMT
content-type: application/json; charset=utf-8
content-length: 112440
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
stale-if-error: 86400
statsig-final-byte-size: 112440
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-statsig-region: gke-europe-west1
set-cookie: GCLB="74c74db11c40593c"; Max-Age=1; Path=/; HttpOnly
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: __cf_bm=mIWivOW8hF_a.vLvodFKfY9MDxWB5eZa6LjpvbJz7XM-1742895697-1.0.1.1-y6IGZRrY4kyIIh7DoVIRyq26gTU437bD.EdqW9i9be4YNuKmqI9cixDfZIiXVdVrdaqnJ8rXjA9gBGzvAI8aaSzYzHyR_YReseG7T.UxRzg; path=/; expires=Tue, 25-Mar-25 10:11:37 GMT; domain=.notion.so; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=rj63WUlDDJbw2AIpepR6_ZI3AajKK.6V1SJ2PP7X0UM-1742895697293-0.0.1.1-604800000; path=/; domain=.notion.so; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 925d741b3dd2945d-LHR
OPTIONS

https://www.notion.so/api/v3/etClient

chrome.exe

Remote address:

208.103.161.1:443

Request

OPTIONS /api/v3/etClient HTTP/2.0
host: www.notion.so
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://artistic-earwig-eb3.notion.site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:39 GMT
content-type: text/html; charset=utf-8
content-length: 13
x-notion-request-id: 03cc0a06-c4b4-4eec-a256-f29b10f8ab10
server-timing: r;dur=459
content-security-policy: default-src 'none'
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 0
access-control-allow-origin: *
access-control-allow-headers: content-type
allow: GET,HEAD,POST
etag: W/"d-bMedpZYGrVt1nR4x+qdNZ2GqyRo"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=129ClMIncmEt1Y075YZHKSw852eitIT9cMz4Fue5NbM-1742895699-1.0.1.1-ljQsF8TTOSrllVpLA2eUXRodYxeP5ixMZ7d_wN5kFYL2uqo8dFWQy6fKTvUIaplV3RfysRMDQp.BMdYGR3i8smaMC1UB_ffhhHwRubS8ZYs; path=/; expires=Tue, 25-Mar-25 10:11:39 GMT; domain=.notion.so; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=x8.Q.taMGiikjK86v9CdYcQ6b6Yv.h3J.WWxTXfYVLM-1742895699618-0.0.1.1-604800000; path=/; domain=.notion.so; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 925d7429893a945d-LHR
alt-svc: h3=":443"; ma=86400
DNS

http-inputs-notion.splunkcloud.com

chrome.exe

Remote address:

8.8.8.8:53

Request

http-inputs-notion.splunkcloud.com

IN A

Response

http-inputs-notion.splunkcloud.com

IN CNAME

notion-0-68ad571cf79e9e82.elb.us-east-1.amazonaws.com

notion-0-68ad571cf79e9e82.elb.us-east-1.amazonaws.com

IN A

44.215.234.239

notion-0-68ad571cf79e9e82.elb.us-east-1.amazonaws.com

IN A

34.228.45.57

notion-0-68ad571cf79e9e82.elb.us-east-1.amazonaws.com

IN A

18.214.252.60
OPTIONS

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

OPTIONS /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization
origin: https://artistic-earwig-eb3.notion.site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:36 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
allow: POST,OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Authorization
access-control-allow-methods: POST,OPTIONS
x-frame-options: SAMEORIGIN
server: Splunkd
OPTIONS

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

OPTIONS /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization
origin: https://artistic-earwig-eb3.notion.site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:36 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
allow: POST,OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Authorization
access-control-allow-methods: POST,OPTIONS
x-frame-options: SAMEORIGIN
server: Splunkd
POST

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

POST /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
content-length: 1142
sec-ch-ua-platform: "Windows"
authorization: Splunk EA76605A-F565-4B17-A496-34435622A1EB
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain; charset=utf-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:37 GMT
content-type: application/json; charset=UTF-8
content-length: 27
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
vary: Authorization
x-frame-options: SAMEORIGIN
server: Splunkd
POST

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

POST /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
content-length: 321
sec-ch-ua-platform: "Windows"
authorization: Splunk EA76605A-F565-4B17-A496-34435622A1EB
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain; charset=utf-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:37 GMT
content-type: application/json; charset=UTF-8
content-length: 27
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
vary: Authorization
x-frame-options: SAMEORIGIN
server: Splunkd
POST

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

POST /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
content-length: 692
sec-ch-ua-platform: "Windows"
authorization: Splunk EA76605A-F565-4B17-A496-34435622A1EB
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain; charset=utf-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:38 GMT
content-type: application/json; charset=UTF-8
content-length: 27
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
vary: Authorization
x-frame-options: SAMEORIGIN
server: Splunkd
POST

https://http-inputs-notion.splunkcloud.com/services/collector/raw

chrome.exe

Remote address:

44.215.234.239:443

Request

POST /services/collector/raw HTTP/2.0
host: http-inputs-notion.splunkcloud.com
content-length: 696
sec-ch-ua-platform: "Windows"
authorization: Splunk EA76605A-F565-4B17-A496-34435622A1EB
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain; charset=utf-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:38 GMT
content-type: application/json; charset=UTF-8
content-length: 27
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
vary: Authorization
x-frame-options: SAMEORIGIN
server: Splunkd
DNS

o324374.ingest.sentry.io

chrome.exe

Remote address:

8.8.8.8:53

Request

o324374.ingest.sentry.io

IN A

Response

o324374.ingest.sentry.io

IN A

34.120.195.249
DNS

img.notionusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

img.notionusercontent.com

IN A

Response

img.notionusercontent.com

IN A

208.103.161.2

img.notionusercontent.com

IN A

208.103.161.1
POST

https://o324374.ingest.sentry.io/api/5741876/envelope/?sentry_key=704fe3b1898d4ccda1d05fe1ee79a1f7&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.117.0

chrome.exe

Remote address:

34.120.195.249:443

Request

POST /api/5741876/envelope/?sentry_key=704fe3b1898d4ccda1d05fe1ee79a1f7&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.117.0 HTTP/2.0
host: o324374.ingest.sentry.io
content-length: 465
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://artistic-earwig-eb3.notion.site
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i
GET

https://img.notionusercontent.com/s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F33ec28d4-fcbc-41d5-859f-394ec703e1de%2Fphoto_2024-02-18_21-52-44.jpg/size/w=2000?exp=1742982098&sig=cYw6vjbkN6CLOFTQV4OuM38FXGPtE-xja0cwfqNyJOE

chrome.exe

Remote address:

208.103.161.2:443

Request

GET /s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F33ec28d4-fcbc-41d5-859f-394ec703e1de%2Fphoto_2024-02-18_21-52-44.jpg/size/w=2000?exp=1742982098&sig=cYw6vjbkN6CLOFTQV4OuM38FXGPtE-xja0cwfqNyJOE HTTP/2.0
host: img.notionusercontent.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:38 GMT
content-type: image/webp
content-length: 13532
cf-ray: 925d742409edbeb6-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 22573
cache-control: private,max-age=7776000,immutable
content-disposition: inline; filename="photo_2024-02-18_21-52-44.webp"
last-modified: Tue, 25 Mar 2025 02:29:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Origin, Accept-Encoding
content-security-policy: script-src 'none'
no-vary-search: params=("sig" "exp")
x-content-type-options: nosniff
x-request-id: kKl0aNbYgXxYYshxGuPIC
set-cookie: __cf_bm=kFU0S8GKuPQSgf7_fQ.SNm8K5IsvgHaow446MWPLbRg-1742895698-1.0.1.1-4Cfz6wDKdykf2zVcBO9a71yhrl.mypNzWNjGameW4Pb4AzxhARaUPqqW6.Xk7Ddsnys5av7BTTZe7olD_LaXpgyEQwLmJD4HSMc638TOAus; path=/; expires=Tue, 25-Mar-25 10:11:38 GMT; domain=.notionusercontent.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://img.notionusercontent.com/s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F514abb93-6587-47cf-9b7b-e16b1531faa2%2Fpdf.png/size/w=170?exp=1742982098&sig=jMCpPo6U89mc-3FpkbnKJZaH4j6hUT8BflgueAG-Hp4

chrome.exe

Remote address:

208.103.161.2:443

Request

GET /s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F514abb93-6587-47cf-9b7b-e16b1531faa2%2Fpdf.png/size/w=170?exp=1742982098&sig=jMCpPo6U89mc-3FpkbnKJZaH4j6hUT8BflgueAG-Hp4 HTTP/2.0
host: img.notionusercontent.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://artistic-earwig-eb3.notion.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

date: Tue, 25 Mar 2025 09:41:38 GMT
content-type: image/webp
content-length: 2184
cf-ray: 925d742409f1beb6-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 22572
cache-control: private,max-age=7776000,immutable
content-disposition: inline; filename="pdf.webp"
last-modified: Tue, 25 Mar 2025 02:29:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Origin, Accept-Encoding
content-security-policy: script-src 'none'
no-vary-search: params=("sig" "exp")
x-content-type-options: nosniff
x-request-id: g5dst4s4HVGuTCHvR3Z0A
set-cookie: __cf_bm=4t2uHgPOAttqjrll5rpXLyF1ZfoRhq2hc..m9G5VxSw-1742895698-1.0.1.1-S0tgITSROE.5dTq8hMFXE8ixX.gay9oNO3eoZih8i1bYNIm5IFmZ0pfh2c3nY_ReMlexR24Sg1nivibqBn1f7wcNqDC7wxmtPSqJFDDejAk; path=/; expires=Tue, 25-Mar-25 10:11:38 GMT; domain=.notionusercontent.com; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400
DNS

stuckegroup.phase-eu.com

chrome.exe

Remote address:

8.8.8.8:53

Request

stuckegroup.phase-eu.com

IN A

Response

stuckegroup.phase-eu.com

IN A

172.104.148.48
GET

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:41:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
POST

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
content-length: 11512
cache-control: max-age=0
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
origin: https://stuckegroup.phase-eu.com
content-type: application/x-www-form-urlencoded
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:41:58 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://d8503f99b8094a509e43d430611852f1.gtfareo.com?9bb6tdSpc=67e27a64afe269f717c9965d
GET

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:31 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
POST

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
content-length: 12615
cache-control: max-age=0
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
origin: https://stuckegroup.phase-eu.com
content-type: application/x-www-form-urlencoded
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:32 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://521065cb40394b6691b92044b29518ca.gtfareo.com?9bb6tdSpc=67e27a86c48180c247995488
GET

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:45 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
POST

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /2142c65e88914bcab60b247133332402/ HTTP/2.0
host: stuckegroup.phase-eu.com
content-length: 12695
cache-control: max-age=0
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
origin: https://stuckegroup.phase-eu.com
content-type: application/x-www-form-urlencoded
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:45 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com?9bb6tdSpc=67e27a94a76f4bc9cc9bf912
DNS

d8503f99b8094a509e43d430611852f1.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

d8503f99b8094a509e43d430611852f1.gtfareo.com

IN A

Response

d8503f99b8094a509e43d430611852f1.gtfareo.com

IN A

172.104.148.48
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/?9bb6tdSpc=67e27a64afe269f717c9965d

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /?9bb6tdSpc=67e27a64afe269f717c9965d HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:41:59 GMT
content-type: text/html; charset=utf-8
content-length: 42292
location: https://fd76e665ded746449f12ccad049264ab.gtfareo.com/login#
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 3fe42d96-2f58-48eb-bf78-d30622f35d00
x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
set-cookie: 9bb6tdSpc=67e27a64afe269f717c9965d; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
GET

https://fd76e665ded746449f12ccad049264ab.gtfareo.com/login

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /login HTTP/2.0
host: fd76e665ded746449f12ccad049264ab.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:00 GMT
content-type: text/html; charset=utf-8
content-length: 20
location: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
vary: Accept-Encoding
request-context: appId=
referrer-policy: strict-origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
request-id: c81fd83f-5c28-4ad8-8e40-2000b04815dd
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:00 GMT
content-type: text/html; charset=utf-8
content-length: 50795
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: a3a5e060-c66e-44f4-a7a0-236363c97d00
x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,50168,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://c9177342efcb43b2b527e71484389b67.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/2.0
host: c9177342efcb43b2b527e71484389b67.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:01 GMT
content-type: application/x-javascript
content-length: 50037
last-modified: Wed, 29 Jan 2025 22:54:06 GMT
accept-ranges: bytes
etag: "0x8DD40B7D5C9F36B"
x-ms-request-id: c664c6e9-601e-0016-068c-76a219000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=27262500
vary: Accept-Encoding
akamai-grn: 0.6cb6655f.1742895721.26c15e95
content-encoding: gzip
GET

https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/2.0
host: c9177342efcb43b2b527e71484389b67.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:01 GMT
content-type: application/x-javascript
content-length: 40488
last-modified: Wed, 04 Dec 2024 23:54:18 GMT
accept-ranges: bytes
etag: "0x8DD14BEF7727D3E"
x-ms-request-id: 4432e4a5-401e-00d4-689b-663136000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=25510197
vary: Accept-Encoding
akamai-grn: 0.6cb6655f.1742895721.26c16198
content-encoding: gzip
GET

https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/2.0
host: c9177342efcb43b2b527e71484389b67.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:02 GMT
content-type: application/x-javascript
content-length: 4914
last-modified: Wed, 04 Dec 2024 23:52:01 GMT
accept-ranges: bytes
etag: "0x8DD14BEA5DAB73B"
x-ms-request-id: 5e137707-001e-0000-7b9c-6654ce000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=25510147
vary: Accept-Encoding
akamai-grn: 0.6cb6655f.1742895722.26c16499
content-encoding: gzip
GET

https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/2.0
host: c9177342efcb43b2b527e71484389b67.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:02 GMT
content-type: application/x-javascript
content-length: 3921
last-modified: Wed, 04 Dec 2024 23:54:18 GMT
accept-ranges: bytes
etag: "0x8DD14BEF787743E"
x-ms-request-id: 40a276aa-f01e-0014-379c-661ca1000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=25510159
vary: Accept-Encoding
akamai-grn: 0.6cb6655f.1742895722.26c166a0
content-encoding: gzip
POST

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
content-length: 13085
sec-ch-ua-platform: "Windows"
hpgid: 6
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQE0Kq25eOPXdVlW32l5KfLuyY4Rr-v3xgoEb7_a4p9aRD0nL-Ou50O_p5Usx1QKg0EE0CS4ui4jz4bH-Nw_VE0XXIy0tbVQQWvUUf4nl1AtCUi9su7srqicmoPxW9MahFLNk6TIxOPVNJgUStnh1XldUZcdEEY8To-GvJk2mUI2RaB1TGnAAj_lsbfpp3hh3wi9kXR5aXrQvBUDxS7cmDVEiAA
sec-ch-ua-mobile: ?0
client-request-id: 746127e3-116f-4563-be5d-2a749a8939af
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:03 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 746127e3-116f-4563-be5d-2a749a8939af
x-ms-request-id: 6691867e-a4da-4de5-9c6c-ec5536e26100
x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=0, i

Response

HTTP/2.0 404

server: nginx
date: Tue, 25 Mar 2025 09:42:03 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: private
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: d9e9a232-49b6-4ed3-95f8-c007373ba000
x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/favicon.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /favicon.ico HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:03 GMT
content-type: text/html; charset=utf-8
content-length: 58365
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
link: <https://b7324355307e471882c97418ed073914.gtfareo.com>; rel=preconnect; ,<https://b7324355307e471882c97418ed073914.gtfareo.com>; rel=dns-prefetch,<https://c9177342efcb43b2b527e71484389b67.gtfareo.com>; rel=dns-prefetch
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 5675f67a-80cf-4480-827b-f2e36be32200
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=0

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:03 GMT
content-type: application/x-javascript
content-length: 16623
cache-control: public, max-age=31536000
last-modified: Mon, 03 Mar 2025 20:34:37 GMT
etag: 0x8DD5A92D0BABA3E
x-ms-request-id: 823710f4-601e-0075-7f85-95dfc5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094203Z-r15d84578dc62dk5hC1FRAhrs80000000yng00000000uwd8
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:04 GMT
content-type: application/x-javascript
content-length: 122986
cache-control: public, max-age=31536000
last-modified: Tue, 25 Feb 2025 19:12:56 GMT
etag: 0x8DD55D0698478AA
x-ms-request-id: 6e0e611a-d01e-0057-5594-9c6d65000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094203Z-r15d84578dcq9vcghC1FRAnhgc00000003sg00000000fbdg
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:04 GMT
content-type: text/css
content-length: 20410
cache-control: public, max-age=31536000
last-modified: Fri, 08 Nov 2024 04:59:25 GMT
etag: 0x8DCFFB21E496F3A
x-ms-request-id: b386359b-901e-000b-0a04-95383d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094203Z-r15d84578dc8sr7chC1FRAs41c0000000ymg0000000009r1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: 5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
purpose: prefetch
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:04 GMT
content-type: application/x-javascript
content-length: 61220
cache-control: public, max-age=31536000
last-modified: Thu, 25 May 2023 17:22:47 GMT
etag: 0x8DB5D44A8CEE4F4
x-ms-request-id: 3647a633-a01e-0010-7b85-95063e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094204Z-r15d84578dcwlzfdhC1FRA66p40000000yvg00000000dpke
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:04 GMT
content-type: application/x-javascript
content-length: 40488
cache-control: public, max-age=31536000
last-modified: Fri, 26 Feb 2021 06:13:13 GMT
etag: 0x8D8DA1D997CA245
x-ms-request-id: dd8bba5e-f01e-0005-75ec-956632000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094204Z-r15d84578dcxsh84hC1FRAkf2w0000000xa000000000n0zp
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:04 GMT
content-type: text/html; charset=utf-8
content-length: 1600
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C546_BL2
x-ms-request-id: fe29b90a-1df1-4e62-aa6f-61875060b178
ppserver: PPV: 30 H: BL02EPF0001D980 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:05 GMT
content-type: application/x-javascript
content-length: 4914
cache-control: public, max-age=31536000
last-modified: Thu, 22 Oct 2020 20:43:21 GMT
etag: 0x8D876CB1D67B929
x-ms-request-id: d03402dd-b01e-0014-1e15-96fc86000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094205Z-r15d84578dc5dckkhC1FRA9kvs0000000wsg0000000028zw
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:06 GMT
content-type: application/x-javascript
content-length: 3921
cache-control: public, max-age=31536000
last-modified: Tue, 28 Jun 2022 20:27:38 GMT
etag: 0x8DA5944A4FF258E
x-ms-request-id: fd710542-901e-0003-29ec-95558d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094206Z-r15d84578dcxsh84hC1FRAkf2w0000000xc000000000bw77
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:06 GMT
content-type: image/x-icon
content-length: 20580
cache-control: public, max-age=31536000
last-modified: Sun, 18 Oct 2020 03:02:03 GMT
etag: 0x8D8731230C851A6
x-ms-request-id: 9c2e3c5d-d01e-002d-7f7d-96079a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094206Z-r15d84578dcfc6kshC1FRAn8n40000000uu000000000tv99
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
POST

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: d8503f99b8094a509e43d430611852f1.gtfareo.com
content-length: 14225
sec-ch-ua-platform: "Windows"
hpgid: 1104
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEYHkZxa8y6z8N-y55x6gKLKCz21xFEzOWMFcxeB-DsC4nCV3CtmRl7kBZRCmfpfysTkT_8Klpn--HksyQ22LFT-5afQHh89R1VP87RL0juV4qSWcQlt9jtf3TdVO2f6v3Q0tACet3qiBCnYabGQSa7Hpn_EWB4i92xRQ9q8X_oiTlIiY5Hroyu3VEEIdCPpHEm4lag7wR2OOcciO2JHTseCAA
sec-ch-ua-mobile: ?0
client-request-id: 746127e3-116f-4563-be5d-2a749a8939af
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
cookie: MicrosoftApplicationsTelemetryDeviceId=2cda30f7-6b80-4223-90fc-4d55ffa7b7e4
cookie: brcap=0
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:06 GMT
content-type: application/x-javascript
content-length: 116531
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A06FA62FD8
x-ms-request-id: f0d90c59-201e-005b-2d64-958dd2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094206Z-r15d84578dccgpgnhC1FRAtre80000000zhg000000009eq9
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:06 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 746127e3-116f-4563-be5d-2a749a8939af
x-ms-request-id: b905dfd5-029b-4e10-9cca-2303b6ad5f00
x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:07 GMT
content-type: application/x-javascript
content-length: 5564
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A0700F50D0
x-ms-request-id: 9701052c-b01e-0059-4acb-96336a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094207Z-r18967bb5ddcflxphC1DUSvv7c0000000u6g0000000087eh
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:07 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4911527F
x-ms-request-id: f4469886-001e-007b-1761-9d81ca000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094207Z-r15d84578dcph2b4hC1FRA0ze400000000sg000000009g6x
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:07 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 60adc950-501e-000c-1f7d-9623e1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094207Z-r15d84578dcfc6kshC1FRAn8n40000000v0g000000002mv5
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:07 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4904824B
x-ms-request-id: 9179e3bb-a01e-0027-6194-9ca32d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094207Z-r15d84578dcq9vcghC1FRAnhgc00000003v0000000004z0v
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:07 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:47 GMT
etag: 0x8DB5C3F48EC4154
x-ms-request-id: 45821ae5-d01e-0060-5a15-96c876000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094207Z-r15d84578dcgtr68hC1FRAv1cn0000000w9000000000fyp9
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: 5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:08 GMT
content-type: text/html; charset=utf-8
content-length: 1600
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C509_SN1
x-ms-request-id: 4618ff98-ebdf-46f8-a9e3-97dd5d56a75d
ppserver: PPV: 30 H: SN1PEPF0002F085 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:08 GMT
content-type: application/x-javascript
content-length: 35229
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:56 GMT
etag: 0x8DD35A07159E4E7
x-ms-request-id: e9b07a36-701e-003c-1485-95ea91000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094208Z-r15d84578dc62dk5hC1FRAhrs80000000yng00000000uwyv
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/2.0
host: b7324355307e471882c97418ed073914.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:08 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:49 GMT
etag: 0x8DB5C3F49ED96E0
x-ms-request-id: d1e86af8-e01e-0012-73ce-95872b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094208Z-r15d84578dcqwknjhC1FRAd5e00000000xu000000000v3da
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
POST

https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: 75ded698cadc4bb2be368a8638d59905.gtfareo.com
content-length: 1717
sec-ch-ua-platform: "Windows"
cache-control: no-cache, no-store
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
client-id: NO_AUTH
upload-time: 1742895728884
time-delta-to-apply-millis: use-collector-delta
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type: application/x-json-stream
client-version: 1DS-Web-JS-3.2.6
apikey: b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951
accept: */*
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:11 GMT
content-type: application/json
content-length: 153
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
time-delta-millis: 2169
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
access-control-expose-headers: time-delta-millis
POST

https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895731147&ext.intweb.msfpc=GUID%3Dc95c9359b0c34b3a9d7640785e1585d7%26HASH%3Dc95c%26LV%3D202503%26V%3D4%26LU%3D1742895731053&time-delta-to-apply-millis=2169&w=0&NoResponseBody=true

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895731147&ext.intweb.msfpc=GUID%3Dc95c9359b0c34b3a9d7640785e1585d7%26HASH%3Dc95c%26LV%3D202503%26V%3D4%26LU%3D1742895731053&time-delta-to-apply-millis=2169&w=0&NoResponseBody=true HTTP/2.0
host: 75ded698cadc4bb2be368a8638d59905.gtfareo.com
content-length: 972
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=4, i

Response

HTTP/2.0 204

server: nginx
date: Tue, 25 Mar 2025 09:42:12 GMT
time-delta-millis: 1548
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
access-control-expose-headers: time-delta-millis
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/?9bb6tdSpc=67e27a86c48180c247995488

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /?9bb6tdSpc=67e27a86c48180c247995488 HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:32 GMT
content-type: text/html; charset=utf-8
content-length: 42293
location: https://9d2302c540684954a7f54ffbcc76c975.gtfareo.com/login#
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 6b12e413-cebd-446f-bdd6-786b4c7b4900
x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
set-cookie: 9bb6tdSpc=67e27a86c48180c247995488; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
GET

https://9d2302c540684954a7f54ffbcc76c975.gtfareo.com/login

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /login HTTP/2.0
host: 9d2302c540684954a7f54ffbcc76c975.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:33 GMT
content-type: text/html; charset=utf-8
content-length: 20
location: https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
vary: Accept-Encoding
request-context: appId=
referrer-policy: strict-origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
request-id: 95e92430-0409-4560-bda6-471e0b19288a
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:33 GMT
content-type: text/html; charset=utf-8
content-length: 50786
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 7fac3893-c309-486e-a209-68c528ce4400
x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,50168,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:34 GMT
content-type: application/x-javascript
content-length: 50036
cache-control: public, max-age=31536000
last-modified: Wed, 29 Jan 2025 22:53:23 GMT
etag: 0x8DD40B7BBC6F429
x-ms-request-id: 8280725a-201e-006c-7764-9528c1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094234Z-r15d84578dccgpgnhC1FRAtre80000000zd000000000ty8s
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:35 GMT
content-type: application/x-javascript
content-length: 40487
cache-control: public, max-age=31536000
last-modified: Fri, 26 Feb 2021 06:13:13 GMT
etag: 0x8D8DA1D997CA245
x-ms-request-id: daaf4e01-701e-0003-6dd6-9a2232000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094234Z-r15d84578dcrsht2hC1FRA9tus0000000at0000000008449
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:36 GMT
content-type: application/x-javascript
content-length: 4912
cache-control: public, max-age=31536000
last-modified: Thu, 22 Oct 2020 20:43:21 GMT
etag: 0x8D876CB1D67B929
x-ms-request-id: dfc6b24f-901e-0071-1395-9552c2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094235Z-r18967bb5ddwrxkphC1DUSkfng0000000yp000000000p1u0
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:36 GMT
content-type: application/x-javascript
content-length: 3921
cache-control: public, max-age=31536000
last-modified: Tue, 28 Jun 2022 20:27:38 GMT
etag: 0x8DA5944A4FF258E
x-ms-request-id: 1a07f2ff-d01e-007b-3a85-95be67000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094236Z-r15d84578dcghlvfhC1FRAzrz40000000z30000000006s73
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
POST

https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
content-length: 13085
sec-ch-ua-platform: "Windows"
hpgid: 6
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEFb5D9bLywezlQMbvsO3USmn1BfSmHp4HbLDdCfa3IMp9GJn_edkMKhhkYZbPB_HClH-yAGbagyv8VJN2OxPt5MBJqAIjD-DBWpEVfIsHlkjf5cMjsnKOjCWbUQuYjAjzkj7HakBjfoHK9C1hvU3G0WCRwu5zY38O4aKEok8MaoGrLuqtIXmpKEyCtailxSPuHtYM4nN3UESF7o1up048QCAA
sec-ch-ua-mobile: ?0
client-request-id: 85a8025e-d706-442d-9a11-e54b1d37b98a
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:37 GMT
content-type: text/html; charset=utf-8
content-length: 58380
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
link: <https://02fdefbcf70b458586f41356dfa21205.gtfareo.com>; rel=preconnect; , <https://02fdefbcf70b458586f41356dfa21205.gtfareo.com>; rel=preconnect; ,<https://02fdefbcf70b458586f41356dfa21205.gtfareo.com>; rel=dns-prefetch, <https://02fdefbcf70b458586f41356dfa21205.gtfareo.com>; rel=preconnect; ,<https://02fdefbcf70b458586f41356dfa21205.gtfareo.com>; rel=dns-prefetch,<https://347a18e7aa5b4df38d40944fa3f04690.gtfareo.com>; rel=dns-prefetch
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 61a94cdd-c2f6-40ce-808f-c8ab713a3300
x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:37 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 85a8025e-d706-442d-9a11-e54b1d37b98a
x-ms-request-id: 7de6ffbc-5342-4a2f-a0ad-43407f4c7b00
x-ms-ests-server: 2.1.20329.5 - NEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/favicon.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /favicon.ico HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=1, i

Response

HTTP/2.0 404

server: nginx
date: Tue, 25 Mar 2025 09:42:37 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: private
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 562a3af8-9e37-405b-98aa-0f78852f6000
x-ms-ests-server: 2.1.20329.5 - WEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=0

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:37 GMT
content-type: text/css
content-length: 20410
cache-control: public, max-age=31536000
last-modified: Fri, 08 Nov 2024 04:59:25 GMT
etag: 0x8DCFFB21E496F3A
x-ms-request-id: b386359b-901e-000b-0a04-95383d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094237Z-r15d84578dc62dk5hC1FRAhrs80000000yq000000000px0z
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:38 GMT
content-type: application/x-javascript
content-length: 122983
cache-control: public, max-age=31536000
last-modified: Tue, 25 Feb 2025 19:12:56 GMT
etag: 0x8DD55D0698478AA
x-ms-request-id: f7f60388-201e-0053-347d-96e062000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094237Z-r15d84578dcnhgwghC1FRA5ff00000000vbg0000000077k5
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:38 GMT
content-type: application/x-javascript
content-length: 16623
cache-control: public, max-age=31536000
last-modified: Mon, 03 Mar 2025 20:34:37 GMT
etag: 0x8DD5A92D0BABA3E
x-ms-request-id: 19c4a48d-e01e-007b-5165-95f675000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094238Z-r15d84578dccgpgnhC1FRAtre80000000zn0000000000351
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://fa135dd492b94104a62fe62d24b376a3.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: fa135dd492b94104a62fe62d24b376a3.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
purpose: prefetch
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:38 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 85a8025e-d706-442d-9a11-e54b1d37b98a
x-ms-request-id: 9ad9744e-2e43-4c05-8b16-f1160f9f7000
x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:38 GMT
content-type: application/x-javascript
content-length: 61215
cache-control: public, max-age=31536000
last-modified: Thu, 25 May 2023 17:22:47 GMT
etag: 0x8DB5D44A8CEE4F4
x-ms-request-id: 38c862e7-101e-0077-477d-9616c2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094238Z-r15d84578dcfc6kshC1FRAn8n40000000v10000000000vep
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
POST

https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: 521065cb40394b6691b92044b29518ca.gtfareo.com
content-length: 14062
sec-ch-ua-platform: "Windows"
hpgid: 1104
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEFYK0p9kWbvmo56yvfaJy6EuP7VnQx6OmaTf6GXIp9fHAXw36qzjunGU6PKb3atA24qFHti5YZcev7HGt4sdCF_rOGHnFZxIs957D4nRkyfHCzTIkLSUwg0PUDf5xKeLkDxdSwFGvDGrbYTCrThnKwlMjhTKPUzXpLAY94jxM6HMXQNM24JJH7WWO3_2GncRqoFsrCjW0bK7pBuJ3yLgl0CAA
sec-ch-ua-mobile: ?0
client-request-id: 85a8025e-d706-442d-9a11-e54b1d37b98a
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:39 GMT
content-type: text/html; charset=utf-8
content-length: 1597
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C502_BAY
x-ms-request-id: 684bf8b5-dc0d-47e8-9e1f-9106ae4a0707
ppserver: PPV: 30 H: PH1PEPF0001B648 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:39 GMT
content-type: image/x-icon
content-length: 20502
cache-control: public, max-age=31536000
last-modified: Sun, 18 Oct 2020 03:02:03 GMT
etag: 0x8D8731230C851A6
x-ms-request-id: 0853a23e-201e-006c-2d4e-9628c1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094239Z-r15d84578dcprpmdhC1FRA6sc40000000w0g00000000g6ux
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:39 GMT
content-type: application/x-javascript
content-length: 116523
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A06FA62FD8
x-ms-request-id: ef15bea4-901e-002c-10ec-955846000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094239Z-r15d84578dcxdptjhC1FRA2w1n0000000xe000000000r76d
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:40 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4904824B
x-ms-request-id: acca3b77-601e-0033-6164-95a350000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094240Z-r15d84578dccgpgnhC1FRAtre80000000zfg00000000h5sb
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:40 GMT
content-type: application/x-javascript
content-length: 5561
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A0700F50D0
x-ms-request-id: af348104-a01e-004d-1985-950cba000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094240Z-r15d84578dc8sr7chC1FRAs41c0000000yk0000000005usp
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:40 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:47 GMT
etag: 0x8DB5C3F48EC4154
x-ms-request-id: dc938f8b-901e-0061-607d-9697aa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094240Z-r15d84578dcnhgwghC1FRA5ff00000000vd00000000029xe
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:41 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4911527F
x-ms-request-id: 301198cb-701e-0056-2ba8-954506000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094241Z-r15d84578dc8sr7chC1FRAs41c0000000yk0000000005uuq
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:41 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: a4cb953d-601e-0023-2078-956638000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094241Z-r15d84578dcghlvfhC1FRAzrz40000000z30000000006su4
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://fa135dd492b94104a62fe62d24b376a3.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: fa135dd492b94104a62fe62d24b376a3.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:41 GMT
content-type: text/html; charset=utf-8
content-length: 1597
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C531_BL2
x-ms-request-id: daed6e87-74ac-4d17-b027-62dc89b749c3
ppserver: PPV: 30 H: BL02EPF0001D899 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:42 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:49 GMT
etag: 0x8DB5C3F49ED96E0
x-ms-request-id: d1e86af8-e01e-0012-73ce-95872b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094242Z-r15d84578dcqwknjhC1FRAd5e00000000y1g000000000809
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/2.0
host: 02fdefbcf70b458586f41356dfa21205.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=1, i

Response

HTTP/2.0 204

server: nginx
date: Tue, 25 Mar 2025 09:42:42 GMT
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
time-delta-millis: 1614
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
access-control-expose-headers: time-delta-millis
POST

https://c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895761292&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895761292&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/2.0
host: c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com
content-length: 2608
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://521065cb40394b6691b92044b29518ca.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:43 GMT
content-type: application/x-javascript
content-length: 35229
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:56 GMT
etag: 0x8DD35A07159E4E7
x-ms-request-id: d01e2633-801e-0038-7923-966796000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094242Z-r15d84578dc5dckkhC1FRA9kvs0000000ws0000000004ce5
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/?9bb6tdSpc=67e27a94a76f4bc9cc9bf912

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /?9bb6tdSpc=67e27a94a76f4bc9cc9bf912 HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a86c48180c247995488
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:46 GMT
content-type: text/html; charset=utf-8
content-length: 42293
location: https://f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com/login#
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 952b95e3-a8d6-4af8-a0b3-ffaf7390af00
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
set-cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
GET

https://f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com/login

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /login HTTP/2.0
host: f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=0, i

Response

HTTP/2.0 302

server: nginx
date: Tue, 25 Mar 2025 09:42:47 GMT
content-type: text/html; charset=utf-8
content-length: 20
location: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
vary: Accept-Encoding
request-context: appId=
referrer-policy: strict-origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
request-id: 46538a13-212d-477b-80a3-c88d8e971e75
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0 HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://stuckegroup.phase-eu.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:47 GMT
content-type: text/html; charset=utf-8
content-length: 50778
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 9fc3597a-a761-4364-bff9-e109d9165800
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,50168,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:48 GMT
content-type: application/x-javascript
content-length: 50036
cache-control: public, max-age=31536000
last-modified: Wed, 29 Jan 2025 22:53:23 GMT
etag: 0x8DD40B7BBC6F429
x-ms-request-id: 03769f6d-d01e-000a-7b5c-9567e1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094248Z-r18967bb5ddrcjr7hC1DUSvpgg0000000zn000000000cfmq
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:49 GMT
content-type: application/x-javascript
content-length: 40486
cache-control: public, max-age=31536000
last-modified: Fri, 26 Feb 2021 06:13:13 GMT
etag: 0x8D8DA1D997CA245
x-ms-request-id: 2587db4d-d01e-0068-7223-96a5c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094248Z-r15d84578dcbmgpshC1FRAnams0000000wfg00000000ec6t
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:49 GMT
content-type: application/x-javascript
content-length: 4912
cache-control: public, max-age=31536000
last-modified: Thu, 22 Oct 2020 20:43:21 GMT
etag: 0x8D876CB1D67B929
x-ms-request-id: 811a35a8-c01e-002a-1b2f-9623eb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094249Z-r18967bb5ddkptmwhC1DUS5bfc0000000wh0000000008be5
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:50 GMT
content-type: application/x-javascript
content-length: 3921
cache-control: public, max-age=31536000
last-modified: Tue, 28 Jun 2022 20:27:38 GMT
etag: 0x8DA5944A4FF258E
x-ms-request-id: fd710542-901e-0003-29ec-95558d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094250Z-r15d84578dcxsh84hC1FRAkf2w0000000xd0000000008cpp
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
POST

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
content-length: 13082
sec-ch-ua-platform: "Windows"
hpgid: 6
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEY3nXvi6A1c1FuxAat8rTngYGAzpFNpKpo5Iop1UtRYBys9-E6ar5Y-_7Pq5tUQYkpgSmOxcvAXt7WRnW2ioBYqPSlxL6ykF4isFUbjAFx2gByWcmQysU0KD4DTYlGFYFv1xXhTg70Ow8jC78JPfNHB6q7lQblgKH0xJeRtuY_2iV4JyilwtKVjdBSUxQ61PeMhF_8-TlyJniZ73ehienJiAA
sec-ch-ua-mobile: ?0
client-request-id: 537d0fe2-8452-4db1-be51-19c07f80c6c1
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1, i

Response

HTTP/2.0 404

server: nginx
date: Tue, 25 Mar 2025 09:42:50 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: private
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: c226b12e-7853-4c8f-bafa-f70df9c96700
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:51 GMT
content-type: text/html; charset=utf-8
content-length: 58371
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding
link: <https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com>; rel=preconnect; ,<https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com>; rel=dns-prefetch,<https://0d929bffa8d041deae109e5fcf04bc37.gtfareo.com>; rel=dns-prefetch
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 8942d7a8-75f2-485e-b96c-850e8d414400
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-clitelem: 1,0,0,,
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/favicon.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /favicon.ico HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:51 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 537d0fe2-8452-4db1-be51-19c07f80c6c1
x-ms-request-id: 9dc8a034-fce6-422c-a2aa-d225d58a3900
x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=0

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:52 GMT
content-type: application/x-javascript
content-length: 16623
cache-control: public, max-age=31536000
last-modified: Mon, 03 Mar 2025 20:34:37 GMT
etag: 0x8DD5A92D0BABA3E
x-ms-request-id: 987f2e51-201e-0029-587e-968a9d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094251Z-r15d84578dctwj8shC1FRA83sg0000000v3000000000fccn
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:52 GMT
content-type: text/css
content-length: 20410
cache-control: public, max-age=31536000
last-modified: Fri, 08 Nov 2024 04:59:25 GMT
etag: 0x8DCFFB21E496F3A
x-ms-request-id: fbac900a-901e-0046-25ca-96f7d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094251Z-r15d84578dctg8w8hC1FRAxcvs0000000t2000000000e60w
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:52 GMT
content-type: application/x-javascript
content-length: 122985
cache-control: public, max-age=31536000
last-modified: Tue, 25 Feb 2025 19:12:56 GMT
etag: 0x8DD55D0698478AA
x-ms-request-id: 94b6c329-901e-0013-4ecb-9690e5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094252Z-r15d84578dct9z46hC1FRA7a3n0000000u70000000005e3t
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://dd43991a637c4651b776cbdb3c66da7a.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: dd43991a637c4651b776cbdb3c66da7a.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
purpose: prefetch
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:52 GMT
content-type: text/html; charset=utf-8
content-length: 1594
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C544_BL2
x-ms-request-id: 6a05cc19-69b7-4104-89ab-0bf3af8fe5d3
ppserver: PPV: 30 H: BL02EPF0001D960 V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:53 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-store, no-cache
pragma: no-cache
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 537d0fe2-8452-4db1-be51-19c07f80c6c1
x-ms-request-id: 26939ca8-5ddc-432a-95eb-b30cebd44e00
x-ms-ests-server: 2.1.20329.5 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
POST

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/handlers/watson

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /common/handlers/watson HTTP/2.0
host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
content-length: 14060
sec-ch-ua-platform: "Windows"
hpgid: 1104
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
hpgact: 1800
canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQED1VQYAEWcgXQwBcY1_T-OL5HfXt5Zsw5txOKiIeJdYzCGhVP_CZc6OsL9cA2mJUV6ie2GULaaJ8Hzf5Pv5mDhS9PLBf06ERGCGCuA30H8Qf6Dm72jXKBWThXXfa_EXtt50FBuKovSV6zdyRdxip5HD50oaHwNipBta_IriOkiCSPYciTaldtv7AwS3mHj3QrXgNNzBoAL8setEHw5Ql18iAA
sec-ch-ua-mobile: ?0
client-request-id: 537d0fe2-8452-4db1-be51-19c07f80c6c1
x-requested-with: XMLHttpRequest
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: application/json
content-type: application/json; charset=UTF-8
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
cookie: AADSSO=NA|NoExtension
cookie: SSOCOOKIEPULLED=1
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:53 GMT
content-type: application/x-javascript
content-length: 61216
cache-control: public, max-age=31536000
last-modified: Thu, 25 May 2023 17:22:47 GMT
etag: 0x8DB5D44A8CEE4F4
x-ms-request-id: ad7ab7da-601e-001f-3015-967052000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094253Z-r15d84578dc5dckkhC1FRA9kvs0000000wrg000000006mw1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:54 GMT
content-type: image/x-icon
content-length: 20475
cache-control: public, max-age=31536000
last-modified: Sun, 18 Oct 2020 03:02:03 GMT
etag: 0x8D8731230C851A6
x-ms-request-id: aa151486-101e-006f-410c-9abe1a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094254Z-r18967bb5ddlpl7shC1DUS4gyg0000000drg00000000dtwq
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:54 GMT
content-type: application/x-javascript
content-length: 116530
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A06FA62FD8
x-ms-request-id: 0f2cafcd-c01e-0074-49ca-96f7a6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094254Z-r15d84578dctg8w8hC1FRAxcvs0000000t4g000000004q1t
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:55 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:47 GMT
etag: 0x8DB5C3F48EC4154
x-ms-request-id: 55fad3b8-501e-0041-0bd6-9aec0d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094255Z-r15d84578dcrsht2hC1FRA9tus0000000asg000000009y1z
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:55 GMT
content-type: image/gif
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4904824B
x-ms-request-id: 662b143c-c01e-0053-707d-9697dd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094255Z-r15d84578dcnhgwghC1FRA5ff00000000v7g00000000q9f1
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:56 GMT
content-type: application/x-javascript
content-length: 5560
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:54 GMT
etag: 0x8DD35A0700F50D0
x-ms-request-id: 9b7dbd2b-e01e-004c-584e-965366000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094255Z-r15d84578dcprpmdhC1FRA6sc40000000w2g000000008u0p
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 56436f7e-101e-002a-5dde-9c1c46000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094256Z-r15d84578dcph2b4hC1FRA0ze400000000u0000000003w72
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:56 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:48 GMT
etag: 0x8DB5C3F4911527F
x-ms-request-id: 76577474-301e-003e-297d-966b84000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094256Z-r15d84578dctwj8shC1FRA83sg0000000v6000000000487x
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://dd43991a637c4651b776cbdb3c66da7a.gtfareo.com/Me.htm?v=3

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /Me.htm?v=3 HTTP/2.0
host: dd43991a637c4651b776cbdb3c66da7a.gtfareo.com
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=0, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:57 GMT
content-type: text/html; charset=utf-8
content-length: 1594
cache-control: max-age=315360000
vary: Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
referrer-policy: strict-origin-when-cross-origin
x-ms-route-info: C541_BL2
x-ms-request-id: d39dd282-1223-4ab8-8a4b-85b1e4e81d1b
ppserver: PPV: 30 H: BL02EPF0001D92E V: 0
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:58 GMT
content-type: image/svg+xml
cache-control: public, max-age=31536000
last-modified: Wed, 24 May 2023 10:11:49 GMT
etag: 0x8DB5C3F49ED96E0
x-ms-request-id: a2b55acd-301e-002d-31ca-967025000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094258Z-r15d84578dcdv5fmhC1FRA7za40000000t5g00000000x9rb
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
GET

https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/2.0
host: 161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:58 GMT
content-type: application/x-javascript
content-length: 35230
cache-control: public, max-age=31536000
last-modified: Wed, 15 Jan 2025 20:08:56 GMT
etag: 0x8DD35A07159E4E7
x-ms-request-id: f058949a-d01e-0060-1acb-96c876000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250325T094258Z-r18967bb5dd2wft8hC1DUScfzg0000000t7g000000006th3
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
content-encoding: gzip
POST

https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: 34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com
content-length: 1717
sec-ch-ua-platform: "Windows"
cache-control: no-cache, no-store
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
client-id: NO_AUTH
upload-time: 1742895778106
time-delta-to-apply-millis: use-collector-delta
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type: application/x-json-stream
client-version: 1DS-Web-JS-3.2.6
apikey: b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951
accept: */*
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:01 GMT
content-type: application/json
content-length: 153
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
time-delta-millis: 2841
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
access-control-expose-headers: time-delta-millis
POST

https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0 HTTP/2.0
host: 34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com
content-length: 972
sec-ch-ua-platform: "Windows"
cache-control: no-cache, no-store
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
client-id: NO_AUTH
upload-time: 1742895836105
time-delta-to-apply-millis: 2841
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
content-type: application/x-json-stream
client-version: 1DS-Web-JS-3.2.6
apikey: b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951
accept: */*
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:59 GMT
content-type: application/json
content-length: 24
time-delta-millis: 3162
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
access-control-expose-headers: time-delta-millis
DNS

fd76e665ded746449f12ccad049264ab.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

fd76e665ded746449f12ccad049264ab.gtfareo.com

IN A

Response

fd76e665ded746449f12ccad049264ab.gtfareo.com

IN A

172.104.148.48
DNS

c9177342efcb43b2b527e71484389b67.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c9177342efcb43b2b527e71484389b67.gtfareo.com

IN A

Response

c9177342efcb43b2b527e71484389b67.gtfareo.com

IN A

172.104.148.48
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a64afe269f717c9965d/ HTTP/1.1
Host: d8503f99b8094a509e43d430611852f1.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a64afe269f717c9965d
Sec-WebSocket-Key: OmNPO6lQNXQttwQoCCjtgA==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:01 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fzYMF5+Df2CtczP2G9gOPUAunUk=
Sec-WebSocket-Extensions: permessage-deflate
DNS

b7324355307e471882c97418ed073914.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

b7324355307e471882c97418ed073914.gtfareo.com

IN A

Response

b7324355307e471882c97418ed073914.gtfareo.com

IN A

172.104.148.48
DNS

5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com

IN A

Response

5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com

IN A

172.104.148.48
GET

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a64afe269f717c9965d/ HTTP/1.1
Host: d8503f99b8094a509e43d430611852f1.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a64afe269f717c9965d; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Sec-WebSocket-Key: N1GcO0+Rf38IvDV/i4aiPg==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:04 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HRAIfz3QjtKd31xHF9jilgk+5/o=
Sec-WebSocket-Extensions: permessage-deflate
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.178.10
GET

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCex-dLw3p-ClEgUN0VtRUhIFDVd69_0hWopJwbqY8oY=?alt=proto

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCex-dLw3p-ClEgUN0VtRUhIFDVd69_0hWopJwbqY8oY=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
x-client-data: CJmIywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
GET

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCVfnUqJzFAotEgUN0VtRUhIFDVd69_0hQB9NENiOkck=?alt=proto

chrome.exe

Remote address:

142.250.187.202:443

Request

GET /v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCVfnUqJzFAotEgUN0VtRUhIFDVd69_0hQB9NENiOkck=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
x-client-data: CJmIywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
DNS

75ded698cadc4bb2be368a8638d59905.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

75ded698cadc4bb2be368a8638d59905.gtfareo.com

IN A

Response

75ded698cadc4bb2be368a8638d59905.gtfareo.com

IN A

172.104.148.48
OPTIONS

https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: 75ded698cadc4bb2be368a8638d59905.gtfareo.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://d8503f99b8094a509e43d430611852f1.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:42:10 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: public, 3600
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
set-cookie: 9bb6tdSpc=67e27a64afe269f717c9965d; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: 34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:00 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: public, 3600
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
set-cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: 67dec864684449f697b05d5aceeffc9c.gtfareo.com
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:03 GMT
content-type: text/html
content-length: 7
access-control-allow-headers: content-type
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a64afe269f717c9965d; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com
origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:03 GMT
content-type: text/html
content-length: 7
access-control-allow-headers: content-type
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com
origin: https://d8503f99b8094a509e43d430611852f1.gtfareo.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:04 GMT
content-type: text/html
content-length: 7
access-control-allow-headers: content-type
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a86c48180c247995488; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
POST

https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com
content-length: 1329
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 503

server: nginx
date: Tue, 25 Mar 2025 09:43:04 GMT
content-type: text/html; charset=us-ascii
content-length: 326
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a64afe269f717c9965d; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
POST

https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: 67dec864684449f697b05d5aceeffc9c.gtfareo.com
content-length: 2667
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 429

server: nginx
date: Tue, 25 Mar 2025 09:43:05 GMT
content-type: text/html; charset=utf-8
content-length: 0
request-context: appId=cid-v1:20c536d6-d891-4743-bdc8-f66a2e341114
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
POST

https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

POST /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com
content-length: 2663
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:08 GMT
content-type: text/plain; charset=utf-8
content-length: 53
request-context: appId=cid-v1:27277200-e19a-465d-951d-bb90a149c996
access-control-allow-credentials: false
access-control-allow-methods: *, GET, OPTIONS, POST
access-control-allow-origin: *
set-cookie: 9bb6tdSpc=67e27a86c48180c247995488; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0 HTTP/2.0
host: 34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

server: nginx
date: Tue, 25 Mar 2025 09:43:57 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: public, 3600
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
set-cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; Domain=gtfareo.com; HttpOnly; Path=/; SameSite=none; Secure
OPTIONS

https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

chrome.exe

Remote address:

172.104.148.48:443

Request

OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/2.0
host: 67dec864684449f697b05d5aceeffc9c.gtfareo.com
origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 562299
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C840789E166B48AFA62364F27434FEDF Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:11Z
date: Tue, 25 Mar 2025 09:42:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 439394
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F71C31D2B9D04E40BBFF7D0DC635D2A6 Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:11Z
date: Tue, 25 Mar 2025 09:42:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 374381
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D7726B0E5E7400BA54E5B642617869E Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:11Z
date: Tue, 25 Mar 2025 09:42:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 695371
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 73514B1FCBEF4471B90A8EB6C7BBEA06 Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:11Z
date: Tue, 25 Mar 2025 09:42:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 747785
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A48A156EDB2F4E799818F0C281C32AEE Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:11Z
date: Tue, 25 Mar 2025 09:42:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 492694
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59EA9BA711D8425D9541558A690934D8 Ref B: LON04EDGE0911 Ref C: 2025-03-25T09:42:12Z
date: Tue, 25 Mar 2025 09:42:11 GMT
DNS

521065cb40394b6691b92044b29518ca.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

521065cb40394b6691b92044b29518ca.gtfareo.com

IN A

Response

521065cb40394b6691b92044b29518ca.gtfareo.com

IN A

172.104.148.48
DNS

9d2302c540684954a7f54ffbcc76c975.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

9d2302c540684954a7f54ffbcc76c975.gtfareo.com

IN A

Response

9d2302c540684954a7f54ffbcc76c975.gtfareo.com

IN A

172.104.148.48
DNS

02fdefbcf70b458586f41356dfa21205.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

02fdefbcf70b458586f41356dfa21205.gtfareo.com

IN A

Response

02fdefbcf70b458586f41356dfa21205.gtfareo.com

IN A

172.104.148.48
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.161.35
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a86c48180c247995488/ HTTP/1.1
Host: 521065cb40394b6691b92044b29518ca.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a86c48180c247995488
Sec-WebSocket-Key: /+DNtZso+HypXGK5Q8L4pQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:34 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 41nXEEJStwALjVMZeSw9s4wAcMg=
Sec-WebSocket-Extensions: permessage-deflate
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.161.35:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 272
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.161.35:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
DNS

347a18e7aa5b4df38d40944fa3f04690.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

347a18e7aa5b4df38d40944fa3f04690.gtfareo.com

IN A

Response

347a18e7aa5b4df38d40944fa3f04690.gtfareo.com

IN A

172.104.148.48
DNS

fa135dd492b94104a62fe62d24b376a3.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

fa135dd492b94104a62fe62d24b376a3.gtfareo.com

IN A

Response

fa135dd492b94104a62fe62d24b376a3.gtfareo.com

IN A

172.104.148.48
GET

https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a86c48180c247995488/ HTTP/1.1
Host: 521065cb40394b6691b92044b29518ca.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://521065cb40394b6691b92044b29518ca.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a86c48180c247995488; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Sec-WebSocket-Key: pBH+bRqISBdn0MxsizpRKw==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: K3Jr1/OmfttyJVaJshCZkmQoIyw=
Sec-WebSocket-Extensions: permessage-deflate
DNS

c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com

IN A

Response

c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com

IN A

172.104.148.48
DNS

3ca9f771e538411096141fe9edcb5958.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

3ca9f771e538411096141fe9edcb5958.gtfareo.com

IN A

Response

3ca9f771e538411096141fe9edcb5958.gtfareo.com

IN A

172.104.148.48
DNS

f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com

IN A

Response

f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com

IN A

172.104.148.48
DNS

161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com

IN A

Response

161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com

IN A

172.104.148.48
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a94a76f4bc9cc9bf912/ HTTP/1.1
Host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912
Sec-WebSocket-Key: 4fuH9ySuTgggPZ/1vj+7Dg==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:48 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: R7MTEVnaYCr47fWUtq39yxIdgmY=
Sec-WebSocket-Extensions: permessage-deflate
DNS

0d929bffa8d041deae109e5fcf04bc37.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

0d929bffa8d041deae109e5fcf04bc37.gtfareo.com

IN A

Response

0d929bffa8d041deae109e5fcf04bc37.gtfareo.com

IN A

172.104.148.48
DNS

dd43991a637c4651b776cbdb3c66da7a.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dd43991a637c4651b776cbdb3c66da7a.gtfareo.com

IN A

Response

dd43991a637c4651b776cbdb3c66da7a.gtfareo.com

IN A

172.104.148.48
GET

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

chrome.exe

Remote address:

172.104.148.48:443

Request

GET /67e27a94a76f4bc9cc9bf912/ HTTP/1.1
Host: 3ca9f771e538411096141fe9edcb5958.gtfareo.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://3ca9f771e538411096141fe9edcb5958.gtfareo.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: 9bb6tdSpc=67e27a94a76f4bc9cc9bf912; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Sec-WebSocket-Key: VUAcix+AFQvjQ5A5QuzxRw==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Tue, 25 Mar 2025 09:42:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VpYhHEGnVVa3/1dfgdzk8YElpUg=
Sec-WebSocket-Extensions: permessage-deflate
DNS

34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com

IN A

Response

34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com

IN A

172.104.148.48
DNS

c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com

IN A

Response

c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com

IN A

172.104.148.48
DNS

67dec864684449f697b05d5aceeffc9c.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

67dec864684449f697b05d5aceeffc9c.gtfareo.com

IN A

Response

67dec864684449f697b05d5aceeffc9c.gtfareo.com

IN A

172.104.148.48
DNS

ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com

IN A

Response

ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com

IN A

172.104.148.48
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.179.227
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.179.227:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Tue, 25 Mar 2025 09:11:47 GMT
Expires: Tue, 25 Mar 2025 10:01:47 GMT
Age: 1877
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding

208.103.161.2:443

https://www.notion.so/1c194f407be88057ad86f2f4295a79b6

tls, http2

chrome.exe

3.2kB
10.2kB
16
19

HTTP Request

GET https://www.notion.so/1c194f407be88057ad86f2f4295a79b6

HTTP Response

301
208.103.161.33:443

https://artistic-earwig-eb3.notion.site/print.e2ba4c31.css

tls, http2

chrome.exe

10.1kB
335.7kB
149
271

HTTP Request

GET https://artistic-earwig-eb3.notion.site/1c194f407be88057ad86f2f4295a79b6

HTTP Response

200

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/app-271f4bf5b014fd7d.css

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/14020-b72d567fefcfa8d7.js

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/app-fc6b5fe80b494eed.js

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/ClientFramework-48005d011f673f55.js

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/27316-c43e23588883911a.js

HTTP Request

GET https://artistic-earwig-eb3.notion.site/_assets/75676-ba3836397bafe53b.js

HTTP Request

GET https://artistic-earwig-eb3.notion.site/print.e2ba4c31.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

tls, http2

2.0kB
9.4kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d0b53c0f8c374725ab6b5c3a00b1e003&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204
208.103.161.1:443

https://www.notion.so/api/v3/etClient

tls, http2

chrome.exe

114.4kB
243.1kB
198
241

HTTP Request

POST https://exp.notion.so/v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895694643&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1

HTTP Response

200

HTTP Request

POST https://exp.notion.so/v1//rgstr?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695821&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&ec=52

HTTP Request

POST https://exp.notion.so/v1//initialize?k=client-Tgza5wNFa8dVt9BdeUfG6Vkm29bHxX10MhoztTMzLBB&st=javascript-client&sv=3.6.0&t=1742895695858&sid=3aa2cec6-9ae9-4545-8f0b-ea1a2d669f10&se=1

HTTP Response

202

HTTP Response

200

HTTP Request

OPTIONS https://www.notion.so/api/v3/etClient

HTTP Response

200
44.215.234.239:443

https://http-inputs-notion.splunkcloud.com/services/collector/raw

tls, http2

chrome.exe

7.2kB
8.2kB
28
28

HTTP Request

OPTIONS https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Request

OPTIONS https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Response

200

HTTP Request

POST https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Response

200

HTTP Request

POST https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Request

POST https://http-inputs-notion.splunkcloud.com/services/collector/raw

HTTP Response

200

HTTP Response

200
44.215.234.239:443

http-inputs-notion.splunkcloud.com

tls

chrome.exe

2.2kB
5.1kB
10
7
34.120.195.249:443

https://o324374.ingest.sentry.io/api/5741876/envelope/?sentry_key=704fe3b1898d4ccda1d05fe1ee79a1f7&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.117.0

tls, http2

chrome.exe

3.8kB
5.3kB
16
16

HTTP Request

POST https://o324374.ingest.sentry.io/api/5741876/envelope/?sentry_key=704fe3b1898d4ccda1d05fe1ee79a1f7&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.117.0
208.103.161.2:443

img.notionusercontent.com

tls

chrome.exe

2.1kB
3.7kB
7
6
208.103.161.2:443

https://img.notionusercontent.com/s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F514abb93-6587-47cf-9b7b-e16b1531faa2%2Fpdf.png/size/w=170?exp=1742982098&sig=jMCpPo6U89mc-3FpkbnKJZaH4j6hUT8BflgueAG-Hp4

tls, http2

chrome.exe

4.0kB
22.4kB
29
31

HTTP Request

GET https://img.notionusercontent.com/s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F33ec28d4-fcbc-41d5-859f-394ec703e1de%2Fphoto_2024-02-18_21-52-44.jpg/size/w=2000?exp=1742982098&sig=cYw6vjbkN6CLOFTQV4OuM38FXGPtE-xja0cwfqNyJOE

HTTP Request

GET https://img.notionusercontent.com/s3/prod-files-secure%2F6c42312d-69ca-4462-8613-8740e657ed92%2F514abb93-6587-47cf-9b7b-e16b1531faa2%2Fpdf.png/size/w=170?exp=1742982098&sig=jMCpPo6U89mc-3FpkbnKJZaH4j6hUT8BflgueAG-Hp4

HTTP Response

200

HTTP Response

200
172.104.148.48:443

https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

tls, http2

chrome.exe

53.3kB
614.1kB
291
475

HTTP Request

GET https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

200

HTTP Request

POST https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

302

HTTP Request

GET https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

200

HTTP Request

POST https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

302

HTTP Request

GET https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

200

HTTP Request

POST https://stuckegroup.phase-eu.com/2142c65e88914bcab60b247133332402/

HTTP Response

302
172.104.148.48:443

stuckegroup.phase-eu.com

tls, http2

chrome.exe

2.5kB
922 B
12
11
172.104.148.48:443

https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0

tls, http2

chrome.exe

163.4kB
2.2MB
1061
1843

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/?9bb6tdSpc=67e27a64afe269f717c9965d

HTTP Response

302

HTTP Request

GET https://fd76e665ded746449f12ccad049264ab.gtfareo.com/login

HTTP Response

302

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

HTTP Response

200

HTTP Request

GET https://c9177342efcb43b2b527e71484389b67.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

HTTP Response

200

HTTP Request

GET https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

HTTP Response

200

HTTP Request

GET https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

HTTP Response

200

HTTP Request

GET https://c9177342efcb43b2b527e71484389b67.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

HTTP Response

200

HTTP Request

POST https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/handlers/watson

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ffd76e665ded746449f12ccad049264ab.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925197385564.YjA5ZTYxZWItOTZmNi00YmI4LWFjZTYtMGNiNmNmMzYxZTJmOTM2NzAwM2ItNDk1Ni00NzY2LWEyZTQtMTFmNGViMTFhNTNm&ui_locales=en-US&mkt=en-US&client-request-id=746127e3-116f-4563-be5d-2a749a8939af&state=1NGW0vBEz9mgrQN_mrizfNTY-FkciMpeZY0QCQNs0uJnS5z8AN8cI6mJH_sWo4WWlbWbMYyOAa9XzRvwpcWO2m7sapmrYqVVi3fAxZjfgmN8CMhp3hwwEM1pxHIASgt66kvN4AtDjyjdkAHtjDZAkEvc6imQOGNWy_pcKONZUqWNXSoHnWHigZV68esdZayRcNU1HOcc03PE65Yd090E5LPQqgg0d_G0E8ReOZDXzXgADsVJShuinEydUYq4Vc50fGNyNYV9f6Jg2YZd_dK36g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/favicon.ico

HTTP Response

200

HTTP Response

404

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com/Me.htm?v=3

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

HTTP Request

POST https://d8503f99b8094a509e43d430611852f1.gtfareo.com/common/handlers/watson

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

HTTP Request

GET https://5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com/Me.htm?v=3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

HTTP Request

GET https://b7324355307e471882c97418ed073914.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895731147&ext.intweb.msfpc=GUID%3Dc95c9359b0c34b3a9d7640785e1585d7%26HASH%3Dc95c%26LV%3D202503%26V%3D4%26LU%3D1742895731053&time-delta-to-apply-millis=2169&w=0&NoResponseBody=true

HTTP Response

204

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/?9bb6tdSpc=67e27a86c48180c247995488

HTTP Response

302

HTTP Request

GET https://9d2302c540684954a7f54ffbcc76c975.gtfareo.com/login

HTTP Response

302

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

HTTP Response

200

HTTP Request

POST https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/handlers/watson

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F9d2302c540684954a7f54ffbcc76c975.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925531829711.Y2Q3MzJjZTUtMGQxMC00MjRhLTkyZTAtNDk3ZmU5MTIxN2MxMzgyZTUzN2QtZTNkZC00NzEzLTg2YzgtNTU0Y2JkMzQwNzc2&ui_locales=en-US&mkt=en-US&client-request-id=85a8025e-d706-442d-9a11-e54b1d37b98a&state=YoSYPTCDCJiVyLAwFh_10VdfLf4jdCPDjhH3MogNUc3khc_dhQngys_sJjiGJ11T5vYCHfHWLUTAvO6_2puZ5wkWBI3YMSaglbl7j_-hi1XjqYc7DqG4zc4kxCAxGArO-xr7ylCK-S9i0darS02T8Piwimy3o9DbhNvIrxP4K7sRhMv_4CiCH_09FXpRBynNhjHPlkzegrcmAGvwESATXK8DsU_WlpUueAsE84iIHuOq2XZ8c8ZrATwTk9ycN1UlZMmbZ1rg5VE50YT7jmUDEw&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/favicon.ico

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

HTTP Response

200

HTTP Response

404

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fa135dd492b94104a62fe62d24b376a3.gtfareo.com/Me.htm?v=3

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

HTTP Request

POST https://521065cb40394b6691b92044b29518ca.gtfareo.com/common/handlers/watson

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

HTTP Request

GET https://fa135dd492b94104a62fe62d24b376a3.gtfareo.com/Me.htm?v=3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

HTTP Request

GET https://02fdefbcf70b458586f41356dfa21205.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

HTTP Request

POST https://c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1742895761292&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

HTTP Response

200

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/?9bb6tdSpc=67e27a94a76f4bc9cc9bf912

HTTP Response

302

HTTP Request

GET https://f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com/login

HTTP Response

302

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

HTTP Response

200

HTTP Request

POST https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/handlers/watson

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Ff049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638784925670563265.ZGJmZjAwZTAtMjM4Ny00NDE2LTllMjgtMDg1MGQyMTBlMDY3OGQ4MTE4YzUtYjRmYS00Zjc2LWI3MmItMzZmNmI5MTBlZjk4&ui_locales=en-US&mkt=en-US&client-request-id=537d0fe2-8452-4db1-be51-19c07f80c6c1&state=ysSIbgw-QKuSaV1qJwaJUsQJi1fC_IdagsCyTHhjdnZ2A6B8sM1VGLfFkLLDYlFBtNq_oJKymn9YQvmtLXNebSUeS7Kz8vX3FgCxeryjxnyYBe81ea8LWfjbqgfklKd-7iXO2PUmDKwbnWQJW2mMr-Q8eKuoaWUWSjLRdJ6M785fNG50J4UY0cy9qZ7oOYStnMd0l3JcEMYUfgGy1OzMVmidSQxQe_ljt1I1KowYesHIJ8oWVXq7hZER_2JRV1OgJhKVkREmv87slZm2doXX0g&x-client-SKU=ID_NET8_0&x-client-ver=8.5.0.0&sso_reload=true

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/favicon.ico

HTTP Response

404

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://dd43991a637c4651b776cbdb3c66da7a.gtfareo.com/Me.htm?v=3

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js

HTTP Request

POST https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/common/handlers/watson

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

HTTP Request

GET https://dd43991a637c4651b776cbdb3c66da7a.gtfareo.com/Me.htm?v=3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js

HTTP Request

GET https://161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0

HTTP Response

200
172.104.148.48:443

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

tls, http

chrome.exe

3.3kB
1.1kB
12
11

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

HTTP Response

101
172.104.148.48:443

https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

tls, http

chrome.exe

3.5kB
1.6kB
16
21

HTTP Request

GET https://d8503f99b8094a509e43d430611852f1.gtfareo.com/67e27a64afe269f717c9965d/

HTTP Response

101
142.250.187.202:443

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCVfnUqJzFAotEgUN0VtRUhIFDVd69_0hQB9NENiOkck=?alt=proto

tls, http2

chrome.exe

3.6kB
8.4kB
20
23

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCex-dLw3p-ClEgUN0VtRUhIFDVd69_0hWopJwbqY8oY=?alt=proto

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTMzLjAuNjk0My42MBIgCVfnUqJzFAotEgUN0VtRUhIFDVd69_0hQB9NENiOkck=?alt=proto
172.104.148.48:443

https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

tls, http2

chrome.exe

12.7kB
8.8kB
47
55

HTTP Request

OPTIONS https://75ded698cadc4bb2be368a8638d59905.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

OPTIONS https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

OPTIONS https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Request

OPTIONS https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Request

OPTIONS https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Response

200

HTTP Request

POST https://ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Response

200

HTTP Request

POST https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Response

200

HTTP Request

POST https://c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com/api/report?catId=GW+estsfd+ams2

HTTP Response

503

HTTP Response

429

HTTP Response

200

HTTP Request

OPTIONS https://34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc574842d9eea4c9cb0b8e738c86b6b29%26HASH%3Dc574%26LV%3D202503%26V%3D4%26LU%3D1742895780947&w=0

HTTP Response

200

HTTP Request

OPTIONS https://67dec864684449f697b05d5aceeffc9c.gtfareo.com/api/report?catId=GW+estsfd+ams2
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

118.7kB
3.4MB
2484
2477

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360259211_1RHQV0P5DTUS9XFSL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360259212_1BAR08KBTVWDNYB0F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12
172.104.148.48:443

https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

tls, http

chrome.exe

3.2kB
3.5kB
13
13

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

HTTP Response

101
172.217.161.35:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.2kB
8.2kB
24
24

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
172.217.161.35:443

beacons.gcp.gvt2.com

tls, http2

chrome.exe

2.2kB
6.8kB
9
10
172.104.148.48:443

https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

tls, http

chrome.exe

3.5kB
1.4kB
14
17

HTTP Request

GET https://521065cb40394b6691b92044b29518ca.gtfareo.com/67e27a86c48180c247995488/

HTTP Response

101
172.104.148.48:443

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

tls, http

chrome.exe

3.2kB
3.5kB
13
14

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

HTTP Response

101
172.104.148.48:443

https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

tls, http

chrome.exe

3.6kB
1.6kB
16
19

HTTP Request

GET https://3ca9f771e538411096141fe9edcb5958.gtfareo.com/67e27a94a76f4bc9cc9bf912/

HTTP Response

101
142.250.179.227:80

http://c.pki.goog/r/r1.crl

http

384 B
355 B
4
3

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304

8.8.8.8:53

www.notion.so

dns

chrome.exe

59 B
91 B
1
1

DNS Request

www.notion.so

DNS Response

208.103.161.2

208.103.161.1
8.8.8.8:53

artistic-earwig-eb3.notion.site

dns

chrome.exe

77 B
109 B
1
1

DNS Request

artistic-earwig-eb3.notion.site

DNS Response

208.103.161.33

208.103.161.32
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
208.103.161.33:443

artistic-earwig-eb3.notion.site

https

chrome.exe

197.0kB
6.6MB
928
5693
8.8.8.8:53

exp.notion.so

dns

chrome.exe

59 B
91 B
1
1

DNS Request

exp.notion.so

DNS Response

208.103.161.1

208.103.161.2
8.8.8.8:53

http-inputs-notion.splunkcloud.com

dns

chrome.exe

80 B
192 B
1
1

DNS Request

http-inputs-notion.splunkcloud.com

DNS Response

44.215.234.239

34.228.45.57

18.214.252.60
208.103.161.1:443

exp.notion.so

https

chrome.exe

156.7kB
15.9kB
139
65
8.8.8.8:53

o324374.ingest.sentry.io

dns

chrome.exe

70 B
86 B
1
1

DNS Request

o324374.ingest.sentry.io

DNS Response

34.120.195.249
8.8.8.8:53

img.notionusercontent.com

dns

chrome.exe

71 B
103 B
1
1

DNS Request

img.notionusercontent.com

DNS Response

208.103.161.2

208.103.161.1
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

stuckegroup.phase-eu.com

dns

chrome.exe

70 B
86 B
1
1

DNS Request

stuckegroup.phase-eu.com

DNS Response

172.104.148.48
8.8.8.8:53

d8503f99b8094a509e43d430611852f1.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

d8503f99b8094a509e43d430611852f1.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

fd76e665ded746449f12ccad049264ab.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

fd76e665ded746449f12ccad049264ab.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

c9177342efcb43b2b527e71484389b67.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

c9177342efcb43b2b527e71484389b67.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

b7324355307e471882c97418ed073914.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

b7324355307e471882c97418ed073914.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

5da9ab9966fa4aeba39d9538c80e7bd2.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.202

172.217.169.10

216.58.212.202

216.58.212.234

142.250.180.10

142.250.200.10

142.250.200.42

216.58.201.106

142.250.187.234

172.217.169.42

172.217.16.234

142.250.179.234

216.58.204.74

142.250.178.10
8.8.8.8:53

75ded698cadc4bb2be368a8638d59905.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

75ded698cadc4bb2be368a8638d59905.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

521065cb40394b6691b92044b29518ca.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

521065cb40394b6691b92044b29518ca.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

9d2302c540684954a7f54ffbcc76c975.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

9d2302c540684954a7f54ffbcc76c975.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

02fdefbcf70b458586f41356dfa21205.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

02fdefbcf70b458586f41356dfa21205.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.161.35
8.8.8.8:53

347a18e7aa5b4df38d40944fa3f04690.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

347a18e7aa5b4df38d40944fa3f04690.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

fa135dd492b94104a62fe62d24b376a3.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

fa135dd492b94104a62fe62d24b376a3.gtfareo.com

DNS Response

172.104.148.48
142.250.187.202:443

content-autofill.googleapis.com

https

chrome.exe

4.8kB
9.6kB
9
14
8.8.8.8:53

c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

c68657fd4c804fdd816f6ec8b6ca3aae.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

3ca9f771e538411096141fe9edcb5958.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

3ca9f771e538411096141fe9edcb5958.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

f049ae0cc7fd40ad844e86efceb55e7f.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

161ed7adcbbe43ac80e6bbeba173bcc9.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

0d929bffa8d041deae109e5fcf04bc37.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

0d929bffa8d041deae109e5fcf04bc37.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

dd43991a637c4651b776cbdb3c66da7a.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

dd43991a637c4651b776cbdb3c66da7a.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

34c4da9278c34ae29af3b0c34caa41e8.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

c191b4abd8924b6bb54399d8d4dbd639.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

67dec864684449f697b05d5aceeffc9c.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

67dec864684449f697b05d5aceeffc9c.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com

dns

chrome.exe

90 B
106 B
1
1

DNS Request

ba796b1ea7434f93aaf72c1a0a114ba2.gtfareo.com

DNS Response

172.104.148.48
8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.179.227
172.217.161.35:443

beacons.gcp.gvt2.com

https

chrome.exe

4.2kB
9.0kB
7
11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\57cbd501-ba13-4046-9d50-512a11540ba7.tmp

Filesize
10KB

MD5
ecf9676d05276cfcf54204a3eab6f42f

SHA1
a959cbfebe7e0f4139a7891b0556ca4632cd8808

SHA256
6faa330de2c27ec1420512295020dfd9ae1fb838bea5ab855dea37a0a31d19f6

SHA512
9919b8abfe2e6ee48d622d66a5acb884380f66a635f4dfa84a1f22d598b9ce6e62a846a3dbc9ca670de8f189130965c1f9ebcfd4e4e90186fb93c6cbeb4a578d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
05f8c95a09277ff8a7b1f2bb8bc671be

SHA1
e211241242723293cd72015034f04a4ededbf8ad

SHA256
dfb1b2d8a1abd5a6ba91dd3a519892f3eaf0288d4d4d88c423235e4b507237db

SHA512
f9d0111386cb259d6ccc2e45d32a217d7870768079d7abc8f02f32d40f47f5ac40fd7377865b5a4567f1e9c5265c28f0de93a4653cb9d0890741b0d7d0343c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
39KB

MD5
52fac36b95665fe7f56e7eca7ef1988e

SHA1
1871d813ecec457d534027149807377e3d0aaa67

SHA256
b555e2e45ef92b1d99f39a3fd26b7a45ea40a90614985cde723644eb4379a131

SHA512
7e9ffab446c42f3964220c2436f0336cd2cc66b738200b9e4e2edf093d1c0d99c6556aeb0e4e434f812b4b56d070994bcc14e2003758c8d63b80579bd0782191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
16KB

MD5
77db2ade7579668daea24591f81ff351

SHA1
b0c1a5f460f5f9c2dc9f16e0de8584fb10c93e3b

SHA256
5784691da70ec328daad0416daa7cc1ee7da29be043d2f5dfd781ca57933e85c

SHA512
84206d03d144210381a0029b623ebd905ac3df1f86912f702e8ff4f0c57650752d10a4b4bf7d11e874f748047c8b6469cf88778b6ec2197740d5604920d4ecce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
19KB

MD5
273cc7fe2e205c99a9def22741097ac6

SHA1
3ce0c03b0ebb16cadafc0b49ba37c6227bedd113

SHA256
fc9cf55816165fbeec0c3af3b3ce6941739abeff02b74eba5f082a46fa27b205

SHA512
f0a1ea26e67a4f1e4573383a53dedbabb69f035ce52276938f69afaeeac5fc99859c024369aa43da368d5e0297d0d4e26fe0bec701fd31e7b9b21e34c22659c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8f4f6684adad756e49afbf8a62c53361

SHA1
9ca8c25497a5c762f2f339e340263c20a109b0d9

SHA256
cc93d3341692e068994a9d08a5d07f7e7c1376cdad44b10a55d73b93dc3a2b3e

SHA512
660cc347fe7a23fe76c8a6787b254f09b35a3a356def227217f40639c563dd735f90c5d3e81978953c5af9b3965eeba446946d070ae72c22bd3924212e835135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0e5b64c8097031e87ea93523c52aedd4

SHA1
817078664a33e3f9300e6dd67c9c50ef641c51af

SHA256
ba68c5070db290c60960ed7156ef6917923f64ba2663f3eb4717718cd839b11c

SHA512
d8abfe1cd1c3a5129ef46d9e38908803b9ee68f611dff3612b706cf9b99f6265ed0b231b1876784225da68b4202c9596c69d2b979620a691169a2fa7757f7dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\000004.log

Filesize
4KB

MD5
8083d8b35494836a8196b5d1d689239f

SHA1
c152a075cdb07ac8be7cf0fe44a37d75ecffe846

SHA256
28a20956e886a401b30448ae26e708cb7aee21a4836de7081735fe8ca28bc042

SHA512
ebb8ce9d3c383bedd89813ace48abd8e854a507c42e863f88338bfe4a6fb3c4ee7d711cb30709905df3b8632d18de41eb3c2f138ea6bef5eeabcc8434dfb3f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\000005.ldb

Filesize
656B

MD5
183042c62fe9d7f07c41c54fb3f6ce13

SHA1
94055b40c03206b56d7e93b8b7139a40c5623f6c

SHA256
5cc6b2467f3feabb49a7fcab4abd7c55bf7e60ebe7f1e0147cd3a2ea5ee68305

SHA512
d748d2d47ef89bad014112f0b10aeb19df17961e3bd6164501bf4bd14baebacdaf8ef922c793ae82d459f2ced7049f3e412bf3408a51fd13e607cbdc605965a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\LOG

Filesize
706B

MD5
6739d973d281b8c2c7ced3a17de669dd

SHA1
16f9dd7e80ef3b9699c548f312b1ab9241fa97d4

SHA256
bd9d834bea47503f40bd2e4459a857fe3190c7d55c8d2c99914007e086255b29

SHA512
f9938bbca64034baef0f4ec7f6e457ff32ca971def9976c0d12ff14a3c7bcb2d8e9e4094f13fac2ffd8c8b28f433af8b04ae8f36bfea94008996a20254644383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_artistic-earwig-eb3.notion.site_0.indexeddb.leveldb\MANIFEST-000001

Filesize
71B

MD5
b3c0d4f407602ef66c7a25b2e3e09ce3

SHA1
54fb3317d483962d87b4fc603025298b59e9e6c5

SHA256
bff95ecef457cb81bd5a8e3ac916c3558dae5907eab50f309da2eb83119dcb4f

SHA512
928ed115027963f5a0e058e16a05a90bf0ea6ee30bcb0bc4b89ffe5745b02c11ab9d3c63e7f248f77459a4ef8f1c72ba626be148e07b8ca0767c84586e500287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
159f910112917531d7e83eb67d84a070

SHA1
412bf31b8f146905909d171c89bb56b27430ea40

SHA256
bcfa3cf38f44289441a1f21c36b6b34bcebe8b946f5c85fe6572ae1f1c42c045

SHA512
11479d3712d59cf7ff38c35588c3d2f4bfe30fa83503020775d6f922bd3dbaa64e307cf9c9d41c7be3f8e37644991a643e06dfa6839607421c586dd324178aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
08ca07189098efa04e492d353018ab7c

SHA1
78418d033b9690c09cbb9ce7aa39217ae7325938

SHA256
da75faa4315a155bd4e5be22dbdfb52dfedaf9ebeb29503abc79308933cd34ec

SHA512
1b58a1b35778bf78bd959429211760b45a7bb4c09b2160182f27e74357c93aefc70b8f9eb400844be939a7045b097d303fcafb6d0b1e3d36935acba32753e46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6ef231ad14712ffb15359b675c623f33

SHA1
9687c158dd1e29cfda5c508595bcf23e18626e74

SHA256
86ac229225e35c2bb104ec6f10d0404f2b1024a7ad1ff24071c85d597068f59e

SHA512
52a7ff8356c05f953325908b60a1da995f99e7b8a93922e2b8cb0cdf30da080566171d8db77144f53577f2f50fa4f587e8a5fc9b1d456f2884566960bbfa5944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
34a21b67cb7250f41a2a9f13730e90df

SHA1
baf34c1f62433da1312850bf408fd4aa51379e06

SHA256
d30e4d90144ec70089c10245e18ed2066b51a2280016a1bd9e3be4e8975aae75

SHA512
079b5a1224e28cc7a2223e38f1f0ba95f100dfaccde45a14090298f3fd4b79cdef1f46cc8caa61405824093fb61ad2cd560cc44109545f58b822d90f8c299bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a5084b835034a01665108bdb10720f4a

SHA1
e1cead2b51add43b8bd6016d95d6b18d5bf6cae4

SHA256
2e7d37b4ea75abc42011a7cba8ae3a57d6037cde5fb83572bbc5a3a52972e528

SHA512
5fc906693c01795e1eb926a0d5e66b6259842fd59cf95ff4e69b3e0468ca90394c900e43408708a41094ca7d7b09e5e34d2d636d18ffee380215d6036e667c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b49c03d2bc0bf9caa0cb1d9caee8262

SHA1
0401770decdbc9fb07145d0f1cd69ea11bde352b

SHA256
202a9c06a1d38f5cb3dd20fec5b37c29d10019c39c8f87609582a2e129cf9c00

SHA512
3dd22c244f74719d5c64722b48b2e71748299025353a4dea89479152be8905f6bdcb0ce6316eb4133d456710104972aefdd13bc31855c9724bdab89a52f50238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fbf16677c17a8aa15eab267ca8391fd3

SHA1
ccd288e16d05c9a55d7e85a51114e4e127df60c5

SHA256
6eed44055ec61dcc7397844068160859d723b7c33edc02d1e4e8133d6b153d0f

SHA512
48066bafb140f35816d1d6e12ff4e4b6506a0439e2eb0915073a5f32f0640fa81b2903116bd82866d348c7e0803fe6f92e84c147e3b4644268bae55fa1981c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49c6e0ee09838f08ba315bc685fc4a79

SHA1
4aeed302ec8944eb268e6d5f3eb30f06744c6a53

SHA256
e65ea052f96d739b4c07e85bab8a4a5c0f217df40c73921e14e7a61b813fcf9c

SHA512
f54d2fe719b754515cd75e324585f7599dc68e08814203d1f2c243e127dddec3427c92a41adb347ab4159a837514de532b6c19a9dc81d9109851a61c7e97ea40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
87186ef28454676be80b9f8ae2edf78f

SHA1
75f1bb0f81b8529fdf791c4826d7b828d78ed536

SHA256
c0bab67241e88a62d74770409faf1a9abb24b992af3a634f661ffedd7411e8b3

SHA512
438be68813f3b5ee77937fd62dc7ec2e9e72789b17c2f7bd20ab53fcc186e2517b2a848eea6c25c2197e1337d8b70f30339cbd2f7959945e33f46a79ed05e55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d57d0e9270cdf62a515d202d48ea53f8

SHA1
d0d9febe1d2b83823689a59106c4f8f0df0ae8ab

SHA256
07bfe251b4dfb6968c700060551838c68871823927f3aeca4adee1ea90e90b56

SHA512
991c501448d1df995a38b3d1c74433531ee7c6d4dca5e16896e96a0d66d226ebab4fc407b40b1a6f63b8f68180d6a24a4fc992d72ad7c0c44e224880ca65738d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578bf4.TMP

Filesize
48B

MD5
b16cb53aa4f1a153855a2213130b1d01

SHA1
f5b43b2bf3fb31e7fa1d240c0c84ce3f5d48de40

SHA256
f9bdb0ebc12b465aa6e951fe78c9a72ccbc8e18150a7c72b3c17b3d2e306bd04

SHA512
e042977c5f26114c28053b4641b09bb835a7fe8a5318c2cabaaf01ed28aef0c5bf6a7fc1abdfada6728ba20355e9b369db5fbb218a679237579fe929f3274a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
4KB

MD5
21b66524e9d9ba562d11efc53db1bb77

SHA1
4c5fe428e5bc605db9302409ec17d297a776cb5c

SHA256
ef7401574303d6f0d89bbf50e9cc56135439cace291216ffc0991b56fc0cd525

SHA512
d12a241761034758ea78b1acd4bd33ac8233d8be9b401762dc10cbe65eb0de41aff410d6a432e0e32d23fd09b5f50f8613e9f23cb83c00116ac589d922c47f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
94dcead30629feb98afbf7a6c7c50885

SHA1
cdd778b453015346038718ebfac9f752c9c4565e

SHA256
b1b3aed690fe5302913b1e15f16b2fb1c420a0955b47623f2af9ec224fb0fe67

SHA512
e9d3badbde362f74d27b154ef1f339b9a358af63a1be92bcc1feb516fb1078a2fbc096ad3a193035de60c8928e7f00d751a16c8497a4c5daaaa7ca4ee4d9b39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
7b6f4f2be5eabcda3c32f28b66b0b8c5

SHA1
a972586e5268a9346446bf0460975a06606eed1d

SHA256
c5bd0febe41c8a760b28117086668f139030e208544cf6870fba5d40e6f77b9a

SHA512
2211c7295d4eb33f4c99668688e93d51d70ac377653ca1ed89319746ae0573a5ba502f8055fd8612f4d66c0316c79f65b3c6100fb3659a1de129ea7fd569484b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
be2d10c1251b3a97f428b940726f9104

SHA1
ac86f5226178062822c14c0e2d3494d09a8e8130

SHA256
423454c1c077d03c2a021f797792e666b9de4c5a9b7b54f31d28a58b233e6849

SHA512
f4197787d62b075fedf8734700da0ab531042005a5ebad58bc506fbc669469a5239212781cdb367e3a06794e55d9676dd043d61d5dfe24b819539a608653debf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
ccacab4e6806dbdbffe143f43b439182

SHA1
3fdd9a1578683f7ff9d90fa4a52a63c9ab4ca3fd

SHA256
d8287e52b86cb55fe308edaa65286a3c1c3679e4dc66ff60dd6942a9aafe89e3

SHA512
8ee53ce9c4b6f4443cb5dc239666b9b6bacf46a47107aa57436b91d0fac4ef9dbfafd5d37a8d62851cf45dcf8b09268a21c3df07f6db188545cd90df4e809823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1413ddaae84a342d700143133f0c0969

SHA1
42f40addb9e26c2b57be0bfa3939d0fa079b5818

SHA256
f607bda4b8031c21be7f5016f8b573cf67d92d84261758f59f92cdbd4c54146d

SHA512
6a36152fbc4c5004f695ff5bf041f6461ab327e5bea98780394d32723003252db035f6784e437f51def7e8fc844f81ac9bd455132a2c893a9151ebcff10fa14a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response