URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Submission: On January 21 via automatic, source openphish — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 192.185.188.25, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is handlehalo.com.
TLS certificate: Issued by R3 on January 2nd 2023. Valid for: 3 months.
This is the only time handlehalo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 192.185.188.25 19871 (NETWORK-S...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
10 7
Apex Domain
Subdomains
Transfer
3 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 708
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2342
50 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
ajax.googleapis.com — Cisco Umbrella Rank: 292
32 KB
2 handlehalo.com
handlehalo.com
576 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 199
7 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 672
24 KB
10 5
Domain Requested by
2 maxcdn.bootstrapcdn.com handlehalo.com
2 fonts.googleapis.com handlehalo.com
2 handlehalo.com text
1 stackpath.bootstrapcdn.com handlehalo.com
1 ajax.googleapis.com handlehalo.com
1 cdnjs.cloudflare.com handlehalo.com
1 code.jquery.com handlehalo.com
10 7

This site contains no links.

Subject Issuer Validity Valid
www.handlehalo.com
R3
2023-01-02 -
2023-04-02
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-01-02 -
2023-03-27
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-12-30 -
2023-12-30
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2022-08-03 -
2023-07-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Frame ID: 5D76BE8737F6DE81A6658DD744B401D5
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

Sharing Link Validation

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • /popper\.js/([0-9.]+)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

691 kB
Transfer

1396 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.php
handlehalo.com/cgi-bin2/New%20onedrive/
492 KB
133 KB
Document
General
Full URL
https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.25 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-188-25.unifiedlayer.com
Software
Apache /
Resource Hash
e0899bde81d529892cf0da95126b4dc6b73921770cbf15c01df0293ab755a56a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 21 Jan 2023 01:12:32 GMT
server
Apache
vary
Accept-Encoding
css
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3262c2bd70d868ed379b89eb25e964bf826721f17189a5170c352d20a7563f94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://handlehalo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 21 Jan 2023 01:12:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 21 Jan 2023 01:06:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 21 Jan 2023 01:12:32 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/
141 KB
22 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://handlehalo.com/
Origin
https://handlehalo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
941
cdn-cachedat
12/09/2022 03:16:16
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"450fc463b8b1a349df717056fbb3e078"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
f52a666ecc7491c6f4edb6ea937d0540
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
78cc2ea37cc42c16-FRA
cdn-requestpullsuccess
True
css
fonts.googleapis.com/
0
704 B
Other
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://handlehalo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 21 Jan 2023 01:12:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 21 Jan 2023 00:35:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 21 Jan 2023 01:12:32 GMT
truncated
/
15 KB
0
Stylesheet
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b4f16075c1209ed4e2163e902f522bf130e223dc98e1e3c0f9c7eb3d22a7edf3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
text/css
020.png
handlehalo.com/cgi-bin2/New%20onedrive/
442 KB
443 KB
Image
General
Full URL
https://handlehalo.com/cgi-bin2/New%20onedrive/020.png
Requested by
Host: text
URL: data:text/css;base64,aHRtbCB7DQoJbGluZS1oZWlnaHQ6IDEuMTU7DQoJLW1zLXRleHQtc2l6ZS1hZGp1c3Q6IDEwMCU7DQoJLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiAxMDAlDQp9DQpib2R5IHsNCgloZWlnaHQ6IDEwMCU7DQoJbWFyZ2luOiAwDQp9DQphcnRpY2xlLCBhc2lkZSwgZm9vdGVyLCBoZWFkZXIsIG5hdiwgc2VjdGlvbiB7DQoJZGlzcGxheTogYmxvY2sNCn0NCmgxIHsNCglmb250LXNpemU6IDJlbTsNCgltYXJnaW46IC42N2VtIDANCn0NCmZpZ2NhcHRpb24sIGZpZ3VyZSwgbWFpbiB7DQoJZGlzcGxheTogYmxvY2sNCn0NCmZpZ3VyZSB7DQoJbWFyZ2luOiAxZW0gNDBweA0KfQ0KaHIgew0KCWJveC1zaXppbmc6IGNvbnRlbnQtYm94Ow0KCWhlaWdodDogMDsNCglvdmVyZmxvdzogdmlzaWJsZQ0KfQ0KcHJlIHsNCglmb250LWZhbWlseTogbW9ub3NwYWNlLCBtb25vc3BhY2U7DQoJZm9udC1zaXplOiAxZW0NCn0NCmEgew0KCWJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50Ow0KCS13ZWJraXQtdGV4dC1kZWNvcmF0aW9uLXNraXA6IG9iamVjdHMNCn0NCmFiYnJbdGl0bGVdIHsNCglib3JkZXItYm90dG9tOiBub25lOw0KCXRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOw0KCXRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lIGRvdHRlZA0KfQ0KYiwgc3Ryb25nIHsNCglmb250LXdlaWdodDogaW5oZXJpdA0KfQ0KYiwgc3Ryb25nIHsNCglmb250LXdlaWdodDogYm9sZGVyDQp9DQpjb2RlLCBrYmQsIHNhbXAgew0KCWZvbnQtZmFtaWx5OiBtb25vc3BhY2UsIG1vbm9zcGFjZTsNCglmb250LXNpemU6IDFlbQ0KfQ0KZGZuIHsNCglmb250LXN0eWxlOiBpdGFsaWMNCn0NCm1hcmsgew0KCWJhY2tncm91bmQtY29sb3I6ICNmZjA7DQoJY29sb3I6ICMwMDANCn0NCnNtYWxsIHsNCglmb250LXNpemU6IDgwJQ0KfQ0Kc3ViLCBzdXAgew0KCWZvbnQtc2l6ZTogNzUlOw0KCWxpbmUtaGVpZ2h0OiAwOw0KCXBvc2l0aW9uOiByZWxhdGl2ZTsNCgl2ZXJ0aWNhbC1hbGlnbjogYmFzZWxpbmUNCn0NCnN1YiB7DQoJYm90dG9tOiAtLjI1ZW0NCn0NCnN1cCB7DQoJdG9wOiAtLjVlbQ0KfQ0KYXVkaW8sIHZpZGVvIHsNCglkaXNwbGF5OiBpbmxpbmUtYmxvY2sNCn0NCmF1ZGlvOm5vdChbY29udHJvbHNdKSB7DQoJZGlzcGxheTogbm9uZTsNCgloZWlnaHQ6IDANCn0NCmltZyB7DQoJYm9yZGVyLXN0eWxlOiBub25lDQp9DQpzdmc6bm90KDpyb290KSB7DQoJb3ZlcmZsb3c6IGhpZGRlbg0KfQ0KYnV0dG9uLCBpbnB1dCwgb3B0Z3JvdXAsIHNlbGVjdCwgdGV4dGFyZWEgew0KCWZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOw0KCWZvbnQtc2l6ZTogMTAwJTsNCglsaW5lLWhlaWdodDogMS4xNTsNCgltYXJnaW46IDANCn0NCmJ1dHRvbiwgaW5wdXQgew0KCW92ZXJmbG93OiB2aXNpYmxlDQp9DQpidXR0b24sIHNlbGVjdCB7DQoJdGV4dC10cmFuc2Zvcm06IG5vbmUNCn0NClt0eXBlPXJlc2V0XSwgW3R5cGU9c3VibWl0XSwgYnV0dG9uLCBodG1sIFt0eXBlPWJ1dHRvbl0gew0KCS13ZWJraXQtYXBwZWFyYW5jZTogYnV0dG9uDQp9DQpbdHlwZT1idXR0b25dOjotbW96LWZvY3VzLWlubmVyLCBbdHlwZT1yZXNldF06Oi1tb3otZm9jdXMtaW5uZXIsIFt0eXBlPXN1Ym1pdF06Oi1tb3otZm9jdXMtaW5uZXIsIGJ1dHRvbjo6LW1vei1mb2N1cy1pbm5lciB7DQpib3JkZXItc3R5bGU6bm9uZTsNCnBhZGRpbmc6MA0KfQ0KW3R5cGU9YnV0dG9uXTotbW96LWZvY3VzcmluZywgW3R5cGU9cmVzZXRdOi1tb3otZm9jdXNyaW5nLCBbdHlwZT1zdWJtaXRdOi1tb3otZm9jdXNyaW5nLCBidXR0b246LW1vei1mb2N1c3Jpbmcgew0Kb3V0bGluZToxcHggZG90dGVkIEJ1dHRvblRleHQNCn0NCmZpZWxkc2V0IHsNCglwYWRkaW5nOiAuMzVlbSAuNzVlbSAuNjI1ZW0NCn0NCmxlZ2VuZCB7DQoJYm94LXNpemluZzogYm9yZGVyLWJveDsNCgljb2xvcjogaW5oZXJpdDsNCglkaXNwbGF5OiB0YWJsZTsNCgltYXgtd2lkdGg6IDEwMCU7DQoJcGFkZGluZzogMDsNCgl3aGl0ZS1zcGFjZTogbm9ybWFsDQp9DQpwcm9ncmVzcyB7DQoJZGlzcGxheTogaW5saW5lLWJsb2NrOw0KCXZlcnRpY2FsLWFsaWduOiBiYXNlbGluZQ0KfQ0KdGV4dGFyZWEgew0KCW92ZXJmbG93OiBhdXRvDQp9DQpbdHlwZT1jaGVja2JveF0sIFt0eXBlPXJhZGlvXSB7DQoJYm94LXNpemluZzogYm9yZGVyLWJveDsNCglwYWRkaW5nOiAwDQp9DQpbdHlwZT1udW1iZXJdOjotd2Via2l0LWlubmVyLXNwaW4tYnV0dG9uLCBbdHlwZT1udW1iZXJdOjotd2Via2l0LW91dGVyLXNwaW4tYnV0dG9uIHsNCmhlaWdodDphdXRvDQp9DQpbdHlwZT1zZWFyY2hdIHsNCgktd2Via2l0LWFwcGVhcmFuY2U6IHRleHRmaWVsZDsNCglvdXRsaW5lLW9mZnNldDogLTJweA0KfQ0KW3R5cGU9c2VhcmNoXTo6LXdlYmtpdC1zZWFyY2gtY2FuY2VsLWJ1dHRvbiwgW3R5cGU9c2VhcmNoXTo6LXdlYmtpdC1zZWFyY2gtZGVjb3JhdGlvbiB7DQotd2Via2l0LWFwcGVhcmFuY2U6bm9uZQ0KfQ0KOjotd2Via2l0LWZpbGUtdXBsb2FkLWJ1dHRvbiB7DQotd2Via2l0LWFwcGVhcmFuY2U6YnV0dG9uOw0KZm9udDppbmhlcml0DQp9DQpkZXRhaWxzLCBtZW51IHsNCglkaXNwbGF5OiBibG9jaw0KfQ0Kc3VtbWFyeSB7DQoJZGlzcGxheTogbGlzdC1pdGVtDQp9DQpjYW52YXMgew0KCWRpc3BsYXk6IGlubGluZS1ibG9jaw0KfQ0KdGVtcGxhdGUgew0KCWRpc3BsYXk6IG5vbmUNCn0NCltoaWRkZW5dIHsNCglkaXNwbGF5OiBub25lDQp9DQoubXMtRmFicmljIHsNCgktbW96LW9zeC1mb250LXNtb290aGluZzogZ3JheXNjYWxlOw0KCS13ZWJraXQtZm9udC1zbW9vdGhpbmc6IGFudGlhbGlhc2VkOw0KCWNvbG9yOiAjMzMzOw0KCWZvbnQtZmFtaWx5OiAnU2Vnb2UgVUkgV2ViIChXZXN0IEV1cm9wZWFuKScsICdTZWdvZSBVSScsIC1hcHBsZS1zeXN0ZW0sIEJsaW5rTWFjU3lzdGVtRm9udCwgUm9ib3RvLCAnSGVsdmV0aWNhIE5ldWUnLCBzYW5zLXNlcmlmOw0KCWZvbnQtc2l6ZTogMTRweA0KfQ0KLm1zLUZhYnJpYyBidXR0b24sIC5tcy1GYWJyaWMgaW5wdXQgew0KCWZvbnQtZmFtaWx5OiBpbmhlcml0DQp9DQoNCkBtZWRpYSAobWF4LXdpZHRoOjQ3OXB4KSB7DQoubXMtaGlkZGVuTGdEb3duLCAubXMtaGlkZGVuTWREb3duLCAubXMtaGlkZGVuU20sIC5tcy1oaWRkZW5YbERvd24sIC5tcy1oaWRkZW5YeGxEb3duIHsNCglkaXNwbGF5OiBub25lIWltcG9ydGFudA0KfQ0KfQ0KDQpAbWVkaWEgKG1pbi13aWR0aDo0ODBweCkgYW5kIChtYXgtd2lkdGg6NjM5cHgpIHsNCi5tcy1oaWRkZW5MZ0Rvd24sIC5tcy1oaWRkZW5NZCwgLm1zLWhpZGRlbk1kRG93biwgLm1zLWhpZGRlbk1kVXAsIC5tcy1oaWRkZW5YbERvd24sIC5tcy1oaWRkZW5YeGxEb3duIHsNCglkaXNwbGF5OiBub25lIWltcG9ydGFudA0KfQ0KfQ0KDQpAbWVkaWEgKG1pbi13aWR0aDo2NDBweCkgYW5kIChtYXgtd2lkdGg6MTAyM3B4KSB7DQoubXMtaGlkZGVuTGcsIC5tcy1oaWRkZW5MZ0Rvd24sIC5tcy1oaWRkZW5MZ1VwLCAubXMtaGlkZGVuTWRVcCwgLm1zLWhpZGRlblhsRG93biwgLm1zLWhpZGRlblh4bERvd24gew0KCWRpc3BsYXk6IG5vbmUhaW1wb3J0YW50DQp9DQp9DQoNCkBtZWRpYSAobWluLXdpZHRoOjEwMjRweCkgYW5kIChtYXgtd2lkdGg6MTM2NXB4KSB7DQoubXMtaGlkZGVuTGdVcCwgLm1zLWhpZGRlbk1kVXAsIC5tcy1oaWRkZW5YbCwgLm1zLWhpZGRlblhsRG93biwgLm1zLWhpZGRlblhsVXAsIC5tcy1oaWRkZW5YeGxEb3duIHsNCglkaXNwbGF5OiBub25lIWltcG9ydGFudA0KfQ0KfQ0KDQpAbWVkaWEgKG1pbi13aWR0aDoxMzY2cHgpIGFuZCAobWF4LXdpZHRoOjE5MTlweCkgew0KLm1zLWhpZGRlbkxnVXAsIC5tcy1oaWRkZW5NZFVwLCAubXMtaGlkZGVuWGxVcCwgLm1zLWhpZGRlblh4bCwgLm1zLWhpZGRlblh4bERvd24sIC5tcy1oaWRkZW5YeGxVcCB7DQoJZGlzcGxheTogbm9uZSFpbXBvcnRhbnQNCn0NCn0NCg0KQG1lZGlhIChtaW4td2lkdGg6MTkyMHB4KSB7DQoubXMtaGlkZGVuTGdVcCwgLm1zLWhpZGRlbk1kVXAsIC5tcy1oaWRkZW5YbFVwLCAubXMtaGlkZGVuWHhsVXAsIC5tcy1oaWRkZW5YeHhsIHsNCglkaXNwbGF5OiBub25lIWltcG9ydGFudA0KfQ0KfQ0KQGZvbnQtZmFjZSB7DQoJZm9udC1mYW1pbHk6ICdGYWJyaWNNREwySWNvbnMnOw0KCXNyYzogdXJsKCdkYXRhOmFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTtiYXNlNjQsZDA5R1JnQUJBQUFBQUFua0FBNEFBQUFBRXJRQUFtRklBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUJQVXk4eUFBQUJSQUFBQUVnQUFBQmdNVmR3K21OdFlYQUFBQUdNQUFBQVNRQUFBV0xRcGJ4dlkzWjBJQUFBQWRnQUFBQWdBQUFBS2duWkNhOW1jR2R0QUFBQitBQUFBUEFBQUFGWi9KN21qbWRoYzNBQUFBTG9BQUFBREFBQUFBd0FDQUFiWjJ4NVpnQUFBdlFBQUFIS0FBQUM1T0Mramxkb1pXRmtBQUFFd0FBQUFESUFBQUEyL0hSS0MyaG9aV0VBQUFUMEFBQUFGUUFBQUNRUUFRZ0RhRzEwZUFBQUJRd0FBQUFRQUFBQUVBMzlBWmxzYjJOaEFBQUZIQUFBQUE0QUFBQU9BbGdCYUcxaGVIQUFBQVVzQUFBQUhnQUFBQ0FBZVFHZWJtRnRaUUFBQlV3QUFBUDJBQUFKK295YjhFMXdiM04wQUFBSlJBQUFBQlFBQUFBZy8xRUFmWEJ5WlhBQUFBbFlBQUFBaVFBQUFOTjR2ZklPZUp4allHRnZaNXpBd01yQXdEcUwxWmlCZ1ZFYVFqTmZaRWhqRXVKZ1plVmlaR0lFQXdZZ0VHQkFBTjlnQlFVR2grZUNyeXc1d0h3SXlRQld4d0xoS1RBd0FBRE9Rd2Z1ZUp4allHQmdab0JnR1FaR0JoQ0lBZklZd1h3V0JnY2d6Y1BBd2NERXdQSmM4TG5kUzRPWGJxOHMvLzluWUVEbVNYeVFPQ0oyV1d5ZjZCbW9DWERBeU1ZdzRnRUEyTmdVbEFBQUFIaWNZOUJpQ0dVb1lHaGdXTVhJd05qQTdNQjRnTUVCaXdnUUFBQ3FIQWVWZUp4ZGo3OU93MEFNeG5Na3RJUW5RRG9oblhVcVE1V0luZW1HU3lUVUpTVU01NldBMUVxazc0Q1VoY1VEeitKdUdmTmlDTXdSL2k2MnY4LzZmTDl6cC9uSmZIYWNwVWNxS1ZhY04rR2cxQXNPNnUyWi9ma2hUKzgyWldGTTFYbFc5MlhCYWdtaWEwNFg5VTJ3YU1qUTlaWk1iUjRmdHB3dFlwZkZqdkRTY05LR1R1cHRBSGFvdjhjZDRsVThrc1VqaEJMZlQvRjlqRXY2dFN4V2h0T0xKcXdEOTE2ejg2Z0JUTVZqRTNqMEdoQi95S1EvZFdjVDQydzVaZHZBVG5PQ1JKL0tBdmRFbW9UN1M0OS85YUNTLzRiN2JjaS9xMEgxVGR6MEZ2U0hZY0dDc0tHWFo5dFFDUnBnK1E2RS9HVEdBQUVBQWdBSUFBci8vd0FQZUp5TlVyOUxBekVZL2I0azEvTVFDMmN0RGtLaFZuSHFEVzJsZzFvRnUxU3dmMEJjZE5kRjBjVUtOMWdIb1M0NnVDbjRZeE9oZ2lCZDNMcDcxVkVRV3pjbkVhU2FZSzVldGRvT0poRGVGOTU3ZVR3Q0JFNEIyS2EyQmhSMGdLUVpOb2ZEWnZpVTNuOWNra3N4QTlwYWZYdVBaVUV0aEJkNDBYdjBIdWdHTUZBM2NNVEFwSUg5Ykk0VXVaZ1ZzNXdVUlphVEMzTEJHZndhUlZaUkdoNE9udWhSWHhRMDVVR1VXbysrTzhMaDZGQkhjOTV2aU1XbFJXL2M5Nmg3ZEttdHVHR1lVT0orOVI0R1lpeEVlb045eEU5WVpIRElJbVEwMFpzaVE0RllpbzBtTEhYblo4RytFTk1jTGdKeWwyUGd1b0MrYWltZnllUkxWVmt2RkdTOU9hRzJzMTRySDY5T1RhMGVsMnZyUDdpcW5TazFMbkg1eko0NjZqelBON3RCejdYYkFGUHhiZDFXK1FjZ0NXTXdDVEE4YUttTUtSYVBoVlJHUDZOZTFyaVhuY2JOaUJrUFJ1aDEvdlh1ZkNPZDNqaS9lODIzNHBYSzFmN2krUGppL2xWbFpmbTJpVytMdHJ2YTZWOVlod1pwK1VmUUZBdGIyTlMyVzdwMnMwNnJydi9ac2tHKy93RUQxY2xqYVN1VDJTbzlmdlhWbk5CWHlOWEtSMjVCUitWYXJnV1RwRHpFZVM0UDVBSEhlWG5JY1FFWHVxQ2poV2Z2VnY3SHhjUHM0YmNQZDcwL0FhSEZFc0lBQUhpY1kyQmtZR0JnU3ZSNDI3cHJVVHkvelZjR2JnNEdFTmovOTJBRGlMNGFkc3NWUkhNd2dNVTVHWmhBRkFCbkV3cVBBQUI0bkdOZ1pHRGdZQUFCT01uSWdBcVlBQUxLQUIwQUFBQUZLZ0NtQ0FBQTh3RFRBQUFBQUFBQUFBQUFGZ0E0QUU0QXJnRUVBWElBQUhpY1kyQmtZR0JnWTNCaFlHRUFBVVl3eVFYRUtZeVJJQ1lBRE44QkdRQUFlSnkxVkQrTEhEY1VmM3U3OWwxd2ZJUkF3S1dLRU03SE1tdXZYVGgyZGRoeDVXdk81c0JOUUR2U3pnalBqb1NrOFREQmhVc1grUmhwRFBrVUlZR1VxZk1KVXFkS21mZmVhSGJ2dkJ0ekNXU0gxZnowOVA3KzN0TUF3SzNSVnpDQy9uY1AvejBld2VlNDYvRWU3TU0zQ1k5Ui9pemhDZUp2RTc0R240SkwrRHA4Qm04UzNvZXY0ZnVFRCtBTCtDWGhHM0FNdnlkOGMvVHphSkx3SVJ6di9ZcFJScE5QY0tmMi9reDRCRitPenhQZWc4UHhkd21QVWY0dTRRbmlIeE8rQnJmR3Z5VjhIY1Q0ajRUM3dVOE9FajZBNDhuZzV3YThtUHlROE0zeHU4bGZDUi9DaTRPM1A3MFg4enQzNzR0VGszc2I3REtLeDlZNzYyVTB0czdFU1ZXSk0xT1VNWWd6SGJSL3JWWDJWQzY4eWNYcGsyZHpjUktDanVGTUYwMGwvZmJCdHVSYys0Q2V4VHk3OTZBL3BjUCs3TGt1ckJZbUNDbWlsMHF2cEg4bDdGTEVVbC9Jci9DMmNTVE83Y3JKMnVpUTdVeStqTkU5bk0zYXRzMVd3M21HTnJQWU9WdDQ2Y3B1dHJSMURMT05lV2ljcTR4V2dnNHk4ZEkyWWlVNzBRU05TV0JpSkJiUml0eHJHZlZVS0JOY0pidXBrTFVTemhzOHpWRkY0MXNHNGJSZm1SalIzYUxqSWlxVDY1cDg0VUVRMWc5Z1NSR20yNlU2YjFXVHg2a2c1dEYyU2paREFGT0x0alI1ZVNHekZvT2FPcThhaFcxYVoyL3JxaE5INXJiUXF3WG1zbEZIRHgvTGx0V1ZxUXZoZFlqWUtXSjFFNERNMTc0ZU1RTkhCcU5FdmFJV2VJTlJsVzNyeWtwMW1UM1pVNlU5bFdNeEZLNU5kRTBVU2xPWnBGUHF5bDFtRklleDdwSTZOUVFkSWorbFdSak1PYnQ2dCtFOUNKakRIYmdMOXhHZGdvRWNQRmdJK0Y5Q1JObGpSQjd2UEswU0pRWlJEUm1lbkVDRmo0QXpsQlZRNGxuZ25jYTNSdTNYdUNyVWZJcDJDOXlUYjRyeEJMOHNjN1lQckVsMlpGVkFnLzRrYWw3RjRpbzY1NXhIU0RsVHBSbCs3UjVjc2gwc0w5bzk1MndzcmdKMXFDcUovOGdNS0pTdU9NdFhLQ09XNktSazNWMzhGYnh2a01GQk84ZjNDdmNTY3pMTVZ2WXZtQ2VlSTBvZndneWZscDhNL1gxb242VTRNOFFkZXluWWowTVBIVXFYN0kycW5lMk1IamhuaHgweDNFZXh0cURlditTYUJEUFI0YnRoN25vbWVzWUdiWkpacnRxakJ0V2hZWXA3eFhxT085NnhoUGlnT0k0NzA5dm15WXRPZThtK0hmZVZhbzU4UmxZTHptUG9STVVWa2RXUVYyOFJ1QXQrUzdKYzF6QzlVbGNkN3hYYTVMaWZNbC85elBkeHArczRIMVpnZUJKYjVpbkhkVGRuYmFxVXRIT3NwdUc1VXp1NUo1dUswUkhxMzhZM1RlZ2k4YkxMZTUvRGYrVjI0MTJ4cHdKbG51YzRwanMxek9xdUNvYm8yM2s5dWpBRFZFbGZTK1I0d3kwZy8zMnRDaVV0VjI3NVZuNXM5dVNscWRMY0Y1dld2cW9lTjN5ekdyYWtiSWR1RG41SXMrS2IvTTh6Mm44WjY5U1pqZmZoaHBqRU1zMFA1YnRncHZ2ZS9nOTMrMjh5NnppT0FBQjRuR05nWmdDRC8zNE01UXlZZ0EwQUtUQUJ6bmljMjhDZ3piQ0prWk5KbTNFVEY0amN6dFdhRzJxcnlzQ2h2WjA3TmRoQlR3YkU0b253c05DUUJMRjRuYzIxNVlWQkxENGRGUmtSSGhDTFgwNUNtSThEeEJMZzQrRmtad0d4Qk1FQXhCTGFNS0Vnd0FESVl0ak9DRGVhQ1c0ME05eG9GcmpSckhDajJlUWtvVWF6dzQzbWdCdk5DVGQ2a3pBanUvWUdCZ1hYMmt3SkZ3REVBU2dhQUFBQScpIGZvcm1hdCgndHJ1ZXR5cGUnKTsNCn0NCi5tcy1JY29uIHsNCgktbW96LW9zeC1mb250LXNtb290aGluZzogZ3JheXNjYWxlOw0KCS13ZWJraXQtZm9udC1zbW9vdGhpbmc6IGFudGlhbGlhc2VkOw0KCWRpc3BsYXk6IGlubGluZS1ibG9jazsNCglmb250LWZhbWlseTogJ0ZhYnJpY01ETDJJY29ucyc7DQoJZm9udC1zdHlsZTogbm9ybWFsOw0KCWZvbnQtd2VpZ2h0OiBub3JtYWw7DQoJc3BlYWs6IG5vbmU7DQp9DQoubXMtSWNvbi0tQ2FuY2VsOmJlZm9yZSB7DQoJY29udGVudDogIlxFNzExIjsNCn0NCi5tcy1JY29uLS1DaGVja01hcms6YmVmb3JlIHsNCgljb250ZW50OiAiXEU3M0UiOw0KfQ0KLm1zLUljb24tLUNvbXBsZXRlZDpiZWZvcmUgew0KCWNvbnRlbnQ6ICJcRTkzMCI7DQp9DQoubXMtSWNvbi0tSW5mbzpiZWZvcmUgew0KCWNvbnRlbnQ6ICJcRTk0NiI7DQp9DQoubXMtSWNvbi0tRXJyb3JCYWRnZTpiZWZvcmUgew0KCWNvbnRlbnQ6ICJcRUEzOSI7DQp9DQpib2R5LCBodG1sIHsNCgloZWlnaHQ6IDEwMCU7DQoJYmFja2dyb3VuZDogI2Y0ZjRmNA0KfQ0KLmNoZWNrYm94LCAubm90aWZpY2F0aW9uIC5kaXNtaXNzOmZvY3VzIHsNCglvdXRsaW5lOiAwDQp9DQouZXh0ZXJuYWwtc2hhcmluZy1jb250ZW50IHsNCgloZWlnaHQ6IDEwMCUNCn0NCi5leHRlcm5hbC1zaGFyaW5nLWNvbnRlbnQgYS5kaXNhYmxlZCB7DQoJcG9pbnRlci1ldmVudHM6IG5vbmU7DQoJY3Vyc29yOiBkZWZhdWx0DQp9DQoqLCA6YWZ0ZXIsIDpiZWZvcmUgew0KCWJveC1zaXppbmc6IGluaGVyaXQNCn0NCi5zcGlubmVyLCBodG1sIHsNCglib3gtc2l6aW5nOiBib3JkZXItYm94DQp9DQoubWFpbi1jb250ZW50IHsNCglmbGV4LWRpcmVjdGlvbjogY29sdW1uOw0KCWRpc3BsYXk6IGZsZXg7DQoJYWxpZ24taXRlbXM6IGNlbnRlcjsNCglwYWRkaW5nOiAwIDEycHgNCn0NCi50b3AtYmFubmVyIHsNCglmbGV4LWRpcmVjdGlvbjogY29sdW1uOw0KCWRpc3BsYXk6IGZsZXg7DQoJaGVpZ2h0OiA0MHB4Ow0KCXBhZGRpbmc6IDAgMjBweDsNCglqdXN0aWZ5LWNvbnRlbnQ6IGNlbnRlcjsNCgliYWNrZ3JvdW5kOiAjMDA3OGQ3DQp9DQoudG9wLWJhbm5lciAuYnJhbmQtbmFtZSB7DQoJY29sb3I6ICNmZmY7DQoJZm9udC1zaXplOiAyMXB4DQp9DQouY2hlY2tib3ggew0KCWN1cnNvcjogcG9pbnRlcjsNCglwYWRkaW5nOiAwOw0KCWJvcmRlcjogbm9uZTsNCgliYWNrZ3JvdW5kOiAwIDA7DQoJbWFyZ2luOiAwOw0KCWRpc3BsYXk6IGJsb2NrDQp9DQouY2hlY2tib3ggLmNoZWNrYm94LWNoZWNrYm94IHsNCgloZWlnaHQ6IDIwcHg7DQoJd2lkdGg6IDIwcHg7DQoJYm94LXNpemluZzogYm9yZGVyLWJveDsNCglkaXNwbGF5OiBmbGV4Ow0KCWFsaWduLWl0ZW1zOiBjZW50ZXI7DQoJanVzdGlmeS1jb250ZW50OiBjZW50ZXI7DQoJYm9yZGVyLXdpZHRoOiAxcHg7DQoJYm9yZGVyLXN0eWxlOiBzb2xpZDsNCglib3JkZXItY29sb3I6ICNhNmE2YTY7DQoJbWFyZ2luLXJpZ2h0OiA4cHg7DQoJdHJhbnNpdGlvbi1wcm9wZXJ0eTogJ2JhY2tncm91bmQsIGJvcmRlciwgYm9yZGVyLWNvbG9yJzsNCgl0cmFuc2l0aW9uLWR1cmF0aW9uOiAuMnM7DQoJdHJhbnNpdGlvbi10aW1pbmctZnVuY3Rpb246IC4yczsNCglvdmVyZmxvdzogaGlkZGVuDQp9DQouY2hlY2tib3ggLmNoZWNrYm94LWNoZWNrYm94IC5tcy1JY29uIHsNCgl2aXNpYmlsaXR5OiBoaWRkZW4NCn0NCi5jaGVja2JveC5jaGVja2VkIC5jaGVja2JveC1jaGVja2JveCAubXMtSWNvbiwgLmZvY3VzLWFyZWEgLm1zLUljb246YWN0aXZlKy5jYWxsb3V0LCAuZm9jdXMtYXJlYSAubXMtSWNvbjpmb2N1cysuY2FsbG91dCwgLmZvY3VzLWFyZWEgLm1zLUljb246aG92ZXIrLmNhbGxvdXQgew0KCXZpc2liaWxpdHk6IHZpc2libGUNCn0NCi5jaGVja2JveCBpbnB1dFt0eXBlPWNoZWNrYm94XSB7DQoJZGlzcGxheTogbm9uZQ0KfQ0KLmNoZWNrYm94IC5jaGVja2JveC1sYWJlbCB7DQoJZGlzcGxheTogaW5saW5lLWZsZXg7DQoJYWxpZ24taXRlbXM6IGNlbnRlcjsNCgljdXJzb3I6IHBvaW50ZXI7DQoJcG9zaXRpb246IHJlbGF0aXZlOw0KCXVzZXItc2VsZWN0OiBub25lDQp9DQouY2hlY2tib3guZGlzYWJsZWQgLmNoZWNrYm94LWNoZWNrYm94IHsNCgliYWNrZ3JvdW5kOiAjZWFlYWVhOw0KCWJvcmRlci1jb2xvcjogI2VhZWFlYTsNCgljb2xvcjogI2ZmZg0KfQ0KLmNoZWNrYm94LmRpc2FibGVkIC5jaGVja2JveC1sYWJlbCB7DQoJY3Vyc29yOiBkZWZhdWx0DQp9DQouY2hlY2tib3ggLmNoZWNrYm94LXRleHQgew0KCW1hcmdpbi1yaWdodDogOHB4Ow0KCWZvbnQtc2l6ZTogMTRweA0KfQ0KLmNoZWNrYm94LmNoZWNrZWQgLmNoZWNrYm94LWNoZWNrYm94IHsNCglib3JkZXItY29sb3I6ICMwMDc4ZDc7DQoJYmFja2dyb3VuZDogIzAwNzhkNzsNCgljb2xvcjogI2ZmZg0KfQ0KLm5vdGlmaWNhdGlvbiB7DQoJaGVpZ2h0OiAzMnB4Ow0KCWRpc3BsYXk6IGZsZXg7DQoJanVzdGlmeS1jb250ZW50OiBjZW50ZXI7DQoJYWxpZ24taXRlbXM6IGNlbnRlcjsNCgl6LWluZGV4OiAxOw0KCXBvc2l0aW9uOiBhYnNvbHV0ZTsNCgl0b3A6IC0zMnB4Ow0KCWxlZnQ6IDA7DQoJd2lkdGg6IDEwMCU7DQoJdHJhbnNpdGlvbjogdG9wIC41cyBlYXNlLWluLW91dA0KfQ0KLm5vdGlmaWNhdGlvbiAuZGlzbWlzcyB7DQoJYm9yZGVyOiAwOw0KCXBhZGRpbmc6IDA7DQoJYmFja2dyb3VuZDogMCAwOw0KCWhlaWdodDogMTVweDsNCgl3aWR0aDogMTVweDsNCgltYXJnaW46IDAgOHB4DQp9DQoubm90aWZpY2F0aW9uIC5kaXNtaXNzOmhvdmVyIHsNCgljdXJzb3I6IHBvaW50ZXINCn0NCi5ub3RpZmljYXRpb24gLmRpc21pc3MgLm1zLUljb24gew0KCW1hcmdpbjogMA0KfQ0KLm5vdGlmaWNhdGlvbi52aXNpYmxlIHsNCgl0b3A6IDANCn0NCi5ub3RpZmljYXRpb24uc3VjY2VzcyB7DQoJYmFja2dyb3VuZDogI2RmZjZkZA0KfQ0KLm5vdGlmaWNhdGlvbi5lcnJvciB7DQoJYmFja2dyb3VuZDogI2ZkZTdlOQ0KfQ0KLm5vdGlmaWNhdGlvbiAubXMtSWNvbiB7DQoJbWFyZ2luOiAwIDhweA0KfQ0KLm5vdGlmaWNhdGlvbiBzcGFuIHsNCglmbGV4OiAxIDEgMTAwJQ0KfQ0KaW5wdXQ6Oi13ZWJraXQtaW5uZXItc3Bpbi1idXR0b24sIGlucHV0Ojotd2Via2l0LW91dGVyLXNwaW4tYnV0dG9uIHsNCm1hcmdpbjowOw0KLXdlYmtpdC1hcHBlYXJhbmNlOm5vbmUNCn0NCmlucHV0W3R5cGU9bnVtYmVyXSB7DQoJLW1vei1hcHBlYXJhbmNlOiB0ZXh0ZmllbGQNCn0NCmlucHV0W3R5cGU9bnVtYmVyXTo6LW1zLWNsZWFyIHsNCmRpc3BsYXk6bm9uZQ0KfQ0KLmRlc2t0b3AtbG9nbyB7DQoJbWFyZ2luOiA1N3B4IDAgMjBweA0KfQ0KLm1vYmlsZS1sb2dvIHsNCgltYXJnaW4tdG9wOiAyNHB4DQp9DQoubWljcm9zb2Z0LWxvZ28gew0KCWhlaWdodDogMjRweDsNCgl3aWR0aDogMTEzcHgNCn0NCi5mb3JtLWlucHV0LWNvbnRhaW5lciB7DQoJcG9zaXRpb246IHJlbGF0aXZlOw0KCWZvbnQtc2l6ZTogMTdweA0KfQ0KLmZvcm0taW5wdXQtY29udGFpbmVyIC5mb2N1cy1hcmVhIHsNCglwb3NpdGlvbjogYWJzb2x1dGU7DQoJdG9wOiAxMi41cHg7DQoJcmlnaHQ6IDEyLjVweA0KfQ0KLnNoYXJpbmctZm9ybSB7DQoJYm9yZGVyLXJhZGl1czogNnB4Ow0KCWJveC1zaGFkb3c6IDAgMCAxMHB4IDAgcmdiYSgwLDAsMCwuMTcpOw0KCW1heC13aWR0aDogMzYwcHg7DQoJZGlzcGxheTogZmxleDsNCglmbGV4LWRpcmVjdGlvbjogY29sdW1uOw0KCW1hcmdpbjogMTNweCAwIDE2cHgNCn0NCi5zaGFyaW5nLWZvcm0gLmhlYWRlciB7DQoJYm9yZGVyLXRvcC1sZWZ0LXJhZGl1czogNnB4Ow0KCWJvcmRlci10b3AtcmlnaHQtcmFkaXVzOiA2cHg7DQoJcGFkZGluZy10b3A6IDIxcHg7DQoJaGVpZ2h0OiA3MnB4Ow0KCWJvcmRlci1ib3R0b20td2lkdGg6IDFweDsNCglib3JkZXItYm90dG9tLXN0eWxlOiBzb2xpZDsNCglib3JkZXItY29sb3I6ICNjOGM4Yzg7DQoJZm9udC1zaXplOiAyMXB4Ow0KCXRleHQtYWxpZ246IGNlbnRlcjsNCgliYWNrZ3JvdW5kLWNvbG9yOiAjZjhmOGY4Ow0KCXotaW5kZXg6IDI7DQoJcG9zaXRpb246IHJlbGF0aXZlDQp9DQouZm9ybS1jb250ZW50IHsNCglib3JkZXItYm90dG9tLXJpZ2h0LXJhZGl1czogNnB4Ow0KCWJvcmRlci1ib3R0b20tbGVmdC1yYWRpdXM6IDZweDsNCglwYWRkaW5nOiAyOHB4IDMycHggMzJweDsNCgliYWNrZ3JvdW5kOiAjZmZmOw0KCXBvc2l0aW9uOiByZWxhdGl2ZQ0KfQ0KLmZvcm0tY29udGVudCAucGxhY2Vob2xkZXItdGV4dCwgLmZvcm0tY29udGVudCBpbnB1dCB7DQoJaGVpZ2h0OiA0NHB4Ow0KCXdpZHRoOiAxMDAlDQp9DQouZm9ybS1jb250ZW50IC5mb3JtLXN1Ym1pdCB7DQoJYmFja2dyb3VuZC1jb2xvcjogIzAwNzhkNzsNCgljb2xvcjogI2ZmZjsNCglib3JkZXI6IDANCn0NCi5mb3JtLWNvbnRlbnQgLmZvcm0tc3VibWl0LmRpc2FibGVkIHsNCgliYWNrZ3JvdW5kOiAjZjRmNGY0Ow0KCWNvbG9yOiAjYTZhNmE2DQp9DQouZm9ybS1jb250ZW50IC5mb3JtLXN1Ym1pdC5kaXNhYmxlZCsuc3VibWl0dGVkLXRleHQgew0KCWRpc3BsYXk6IGZsZXg7DQoJcG9zaXRpb246IGFic29sdXRlOw0KCXRvcDogMDsNCglsZWZ0OiAwOw0KCXdpZHRoOiAxMDAlOw0KCWhlaWdodDogMTAwJTsNCglqdXN0aWZ5LWNvbnRlbnQ6IGNlbnRlcjsNCglhbGlnbi1pdGVtczogY2VudGVyDQp9DQouZm9ybS1jb250ZW50IC5mb3JtLXN1Ym1pdC5kaXNhYmxlZCsuc3VibWl0dGVkLXRleHQgLnNwaW5uZXIgew0KCW1hcmdpbi1yaWdodDogMTRweA0KfQ0KLmZvcm0tY29udGVudCAuZm9ybS1zdWJtaXQrLnN1Ym1pdHRlZC10ZXh0IHsNCgljb2xvcjogI2E2YTZhNjsNCgliYWNrZ3JvdW5kLWNvbG9yOiAjZjRmNGY0Ow0KCWRpc3BsYXk6IG5vbmUNCn0NCi5maWxlLWRlc2NyaXB0aW9uIC5maWxlLWRlc2NyaXB0aW9uLXRpdGxlIHsNCgljb2xvcjogIzY2NjsNCglmb250LXNpemU6IDE0cHg7DQoJbWFyZ2luLWJvdHRvbTogMjRweA0KfQ0KLmZpbGUtZGVzY3JpcHRpb24gLmZpbGUtaW5mbyB7DQoJZGlzcGxheTogZmxleDsNCglhbGlnbi1pdGVtczogY2VudGVyDQp9DQouZmlsZS1kZXNjcmlwdGlvbiAuZmlsZS1pbmZvIGltZyB7DQoJaGVpZ2h0OiAzMnB4Ow0KCXdpZHRoOiAzMnB4Ow0KCW1hcmdpbi1yaWdodDogMTVweA0KfQ0KLmZpbGUtZGVzY3JpcHRpb24gLmZpbGUtaW5mbyAuZmlsZS1uYW1lIHsNCglmb250LXNpemU6IDE3cHg7DQoJY29sb3I6ICMzMzMNCn0NCi5mb3JtLW1lc3NhZ2Ugew0KCWZvbnQtc2l6ZTogMTRweDsNCglmb250LXdlaWdodDogNDAwOw0KCWNvbG9yOiAjNjY2Ow0KCWxpbmUtaGVpZ2h0OiAxN3B4Ow0KCW1hcmdpbjogMjJweCAwIDI0cHgNCn0NCi5mb3JtLW1lc3NhZ2UgLmVtYWlsIHsNCgljb2xvcjogIzMzMw0KfQ0KLmZvcm0tbWVzc2FnZSBhIHsNCgljb2xvcjogIzY2Ng0KfQ0KLmludGVycnVwdC1tZXNzYWdlIHsNCgl0ZXh0LWFsaWduOiBjZW50ZXINCn0NCi5pbnRlcnJ1cHQtbWVzc2FnZSBpbWcgew0KCXdpZHRoOiA3OXB4Ow0KCWhlaWdodDogODJweDsNCgltYXJnaW4tYm90dG9tOiAyMHB4DQp9DQouaW50ZXJydXB0LW1lc3NhZ2UgLmludGVycnVwdC1tZXNzYWdlLXRleHQgew0KCWZvbnQtc2l6ZTogMTdweA0KfQ0KLmZvcm0tdGV4dC1pbnB1dCB7DQoJYm9yZGVyLXdpZHRoOiAxcHg7DQoJYm9yZGVyLXN0eWxlOiBzb2xpZDsNCglwYWRkaW5nOiAxMXB4Ow0KCW1hcmdpbi1ib3R0b206IDIwcHg7DQoJY29sb3I6ICM2NjY7DQoJYm9yZGVyLWNvbG9yOiAjYTZhNmE2DQp9DQouZm9ybS10ZXh0LWlucHV0LmRpc2FibGVkIHsNCgliYWNrZ3JvdW5kOiAjZjRmNGY0Ow0KCWNvbG9yOiAjYTZhNmE2Ow0KCWJvcmRlcjogI2Y0ZjRmNA0KfQ0KLmZvcm0tdGV4dC1pbnB1dC5kaXNhYmxlZDo6cGxhY2Vob2xkZXIgew0KY29sb3I6I2E2YTZhNg0KfQ0KLmZvcm0tdGV4dC1pbnB1dC5pcy1lbXB0eSsucGxhY2Vob2xkZXItdGV4dCB7DQoJZGlzcGxheTogYmxvY2sNCn0NCi5mb3JtLXRleHQtaW5wdXQuaGFzLWVycm9yIHsNCglib3JkZXItY29sb3I6ICNBODAwMDA7DQoJbWFyZ2luLWJvdHRvbTogMTRweA0KfQ0KLmZvcm0tdGV4dC1pbnB1dCsucGxhY2Vob2xkZXItdGV4dCB7DQoJcG9zaXRpb246IGFic29sdXRlOw0KCWNvbG9yOiAjNjY2Ow0KCXRvcDogMDsNCglsZWZ0OiAwOw0KCWxpbmUtaGVpZ2h0OiA0NHB4Ow0KCXBhZGRpbmc6IDAgMTFweDsNCglkaXNwbGF5OiBub25lOw0KCXBvaW50ZXItZXZlbnRzOiBub25lDQp9DQouZm9jdXMtYXJlYSwgLmZvY3VzLWFyZWEgLm1zLUljb24gew0KCXBvc2l0aW9uOiByZWxhdGl2ZTsNCglkaXNwbGF5OiBpbmxpbmUtYmxvY2sNCn0NCi5mb3JtLXRleHQtaW5wdXQ6OnBsYWNlaG9sZGVyIHsNCmNvbG9yOiM2NjYNCn0NCi5mb3JtLWVycm9yLWNvbnRhaW5lciB7DQoJY29sb3I6ICNBODAwMDA7DQoJZm9udC1zaXplOiAxMnB4Ow0KCW1hcmdpbi1ib3R0b206IDhweA0KfQ0KLmZvY3VzLWFyZWEgew0KCXZlcnRpY2FsLWFsaWduOiBtaWRkbGUNCn0NCi5jYWxsb3V0IHsNCglib3R0b206IDIwMCU7DQoJd2lkdGg6IDI3NnB4Ow0KCWxlZnQ6IDUwJTsNCglmb250LXNpemU6IDEycHg7DQoJbGluZS1oZWlnaHQ6IDE2cHg7DQoJdmlzaWJpbGl0eTogaGlkZGVuOw0KCWJhY2tncm91bmQtY29sb3I6ICNmZmY7DQoJY29sb3I6ICMzMzM7DQoJcGFkZGluZzogOXB4IDEycHg7DQoJYm9yZGVyLXJhZGl1czogNnB4Ow0KCW1hcmdpbi1sZWZ0OiBjYWxjKC0yNzZweC8yKTsNCgl0ZXh0LWFsaWduOiBsZWZ0Ow0KCWJveC1zaGFkb3c6IDJweCAycHggMTBweCAwIHJnYmEoMCwwLDAsLjMpOw0KCXBvc2l0aW9uOiBhYnNvbHV0ZTsNCgl6LWluZGV4OiAzDQp9DQouY2FsbG91dCAuY2FsbG91dC10aXRsZSB7DQoJZm9udC1zaXplOiAxN3B4Ow0KCW1hcmdpbi1ib3R0b206IDExcHg7DQoJbGluZS1oZWlnaHQ6IDIwcHgNCn0NCi5jYWxsb3V0OmFmdGVyIHsNCgljb250ZW50OiAiICI7DQoJcG9zaXRpb246IGFic29sdXRlOw0KCWJveC1zaGFkb3c6IHJnYmEoMCwwLDAsLjMpIDJweCAycHggMnB4Ow0KCXRyYW5zZm9ybTogcm90YXRlKDQ1ZGVnKTsNCglib3R0b206IC05cHg7DQoJYm9yZGVyLXdpZHRoOiAxMHB4Ow0KCWJvcmRlci1zdHlsZTogc29saWQ7DQoJYm9yZGVyLWNvbG9yOiB0cmFuc3BhcmVudCAjZmZmICNmZmYgdHJhbnNwYXJlbnQ7DQoJbGVmdDogMTI3cHgNCn0NCg0KQG1lZGlhIChtYXgtd2lkdGg6NDc5cHgpIHsNCi5jYWxsb3V0IHsNCglsZWZ0OiAtOTVweA0KfQ0KLmNhbGxvdXQ6YWZ0ZXIgew0KCXJpZ2h0OiAyNHB4Ow0KCWxlZnQ6IGluaXRpYWwNCn0NCn0NCi5sZWdhbCB7DQoJZm9udC1zaXplOiAxMnB4Ow0KCWZvbnQtd2VpZ2h0OiA0MDA7DQoJZGlzcGxheTogZmxleDsNCglqdXN0aWZ5LWNvbnRlbnQ6IHNwYWNlLWJldHdlZW4NCn0NCi5sZWdhbD4qIHsNCgltYXJnaW4tcmlnaHQ6IDEycHgNCn0NCi5sZWdhbD46bGFzdC1jaGlsZCB7DQoJbWFyZ2luLXJpZ2h0OiAwDQp9DQoubGVnYWwgYSB7DQoJY29sb3I6ICMzMzM7DQoJdGV4dC1kZWNvcmF0aW9uOiBub25lDQp9DQouc3Bpbm5lciB7DQoJaGVpZ2h0OiAyMHB4Ow0KCXdpZHRoOiAyMHB4Ow0KCWJvcmRlci1yYWRpdXM6IDUwJTsNCglib3JkZXI6IDEuNXB4IHNvbGlkICNjN2UwZjQ7DQoJYm9yZGVyLXRvcC1jb2xvcjogIzAwNzhkNzsNCglhbmltYXRpb246IHNwaW5BbmltYXRpb24gMS4zcyBpbmZpbml0ZSBjdWJpYy1iZXppZXIoLjUzLCAuMjEsIC4yOSwgLjY3KQ0KfQ0KQGtleWZyYW1lcyBzcGluQW5pbWF0aW9uIHsNCjAlIHsNCnRyYW5zZm9ybTpyb3RhdGUoMCkNCn0NCjEwMCUgew0KdHJhbnNmb3JtOnJvdGF0ZSgzNjBkZWcpDQp9DQp9DQouZm9ybS1jaGVja2JveC1jb250YWluZXIgew0KCW1hcmdpbi10b3A6IDI0cHg7DQoJZm9udC1zaXplOiAxNHB4Ow0KCWZvbnQtd2VpZ2h0OiA0MDANCn0NCg0KYm9keXsNCg0KYmFja2dyb3VuZC1pbWFnZTp1cmwoMDIwLnBuZyk7DQoNCn0=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.188.25 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
192-185-188-25.unifiedlayer.com
Software
Apache /
Resource Hash
cdff0a47d3bb27e0015ed5332bb2614a5cc8ff8879b9469b531f18fb9dbc9822

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
last-modified
Thu, 19 Jan 2023 14:36:26 GMT
server
Apache
accept-ranges
bytes
content-length
452896
content-type
image/png
truncated
/
20 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
7 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
81395b9930830562d8eaec2a371fadc1cacbbee43bfb606af904e215a2f2cbe8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
2 KB
2 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5

Request headers

Referer
Origin
https://handlehalo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/octet-stream
jquery-3.2.1.slim.min.js
code.jquery.com/
68 KB
24 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer
https://handlehalo.com/
Origin
https://handlehalo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
content-encoding
gzip
x-sp-metadata
HS256.CJCUrZ4GEpMBCiRkOTljYWNlYi02YWY0LTQ0NTAtYWZjZC05ZGQ5NTAyNzkyZjIQ+OiCoKvU+wIaBgiA+KyeBiIYMmEwMDpjOTg6MjAzMDphMDA0OjE6OjE0KPSyAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkOTI4MDkzNjItMGEyYi00NDA3LTk1OGMtMmQ3ZTg0YTcxMjUxGLC6ASIYCAISFGNkczI1Ny5mcjguaHdjZG4ubmV0./DSe33QgAICK/PFORCIBJOYJdJzZtDHtaKzWArJ+vMM=
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-10fdd"
vary
Accept-Encoding
x-hw
1674263552.dop107.fr8.t,1674263552.cds140.fr8.hn,1674263552.cds257.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/
19 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://handlehalo.com/
Origin
https://handlehalo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
98648
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6157
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=njk5RRbfo8%2BEtvxijkr2O5FVQ8jhzjkT%2B9q5we2Ggu6gLipv5UaMgSyhqvEnOgHuWFezhwegc%2BwXRj5oiRgI7xeiRwTFkyOgb5pUKqFsZ5%2F0Wk5eIra%2F%2Br8PUxlP%2BGMEdCwk6nRlp%2B2iIQxyrAHf2Xyb"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
78cc2ea5390b2c27-FRA
expires
Thu, 11 Jan 2024 01:12:32 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/
48 KB
13 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://handlehalo.com/
Origin
https://handlehalo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
845
cdn-cachedat
11/29/2022 01:43:49
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
0b70c4bd7e9166a99d30e5591ca8ceaa
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
78cc2ea51dec2c16-FRA
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://handlehalo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Thu, 19 Jan 2023 14:24:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
125255
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Jan 2024 14:24:57 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/
50 KB
15 KB
Script
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: handlehalo.com
URL: https://handlehalo.com/cgi-bin2/New%20onedrive/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://handlehalo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 01:12:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
674, 718, 718
age
422718
cdn-cachedat
2021-06-08 05:11:08
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d57b249fbc897a386cb949167a1340aa
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
78cc2ea55e7892b1-FRA
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online) Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| _0x4770 function| _0x5056 function| _0x4f96fb function| _0xdf62 function| _0x403e function| _0x5008f3 function| _0x16bf96 function| _0x1ef0 function| _0x7f3c function| _0x2252 function| _0x2bb2 function| _0x42e75f function| $ function| jQuery function| Popper object| bootstrap string| g object| _0x12aa

0 Cookies