Source: https://gatewaytradefunding1-my.sharepoint.com/:b:/g/personal/crudnick_gatewaytradefunding_com/EUosCOHGhEhAsK3iU7WhHwcBJD24rRwvDApMZEF12v0Z7A?e=5sAePV |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering |
Source: Yara match |
File source: 4.11.pages.csv, type: HTML |
Source: Yara match |
File source: 3.10.pages.csv, type: HTML |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://arcasdis.com/...' does not match the legitimate domain of Microsoft, which is typically hosted under domains like 'microsoft.com' or 'live.com'. The presence of a login form mimicking Microsoft's official sign-in page, combined with a suspicious and unrelated domain, strongly suggests a phishing attempt. |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
Matcher: Template: microsoft matched |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0# |
Matcher: Template: microsoft matched |
Source: Chrome DOM: 2.7 |
OCR Text: Verifying... CLOUDFLARE Microsoft |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: Number of links: 0 |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0kgbl/0x4AAAAAAAZkrkPbo8rL954s/auto/normal |
HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0kgbl/0x4AAAAAAAZkrkPbo8rL954s/auto/normal |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: Title: d353641ef49fd655861a37237910dcdd663a77c241375 does not match URL |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: Invalid link: get a new Microsoft account |
Source: Chrome DOM: 0.3 |
ML Model on OCR Text: Matched 99.9% probability on "View and print Online....$f 1/1 JANAS SharePoint You have received 2 documents from Barton F. Webb click the button below to gain access. "Click Here and print PDF Documents Online" Sien in 363 to n u View and print Online .$f " |
Source: Chrome DOM: 0.4 |
ML Model on OCR Text: Matched 99.1% probability on "View and print Online....$f Info 1/1 JANAS SharePoint You have received 2 documents trom Barton F. Webb click the button below to gain T.lick Here and Print PDF Documents Online" E Sign with " |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0kgbl/0x4AAAAAAAZkrkPbo8rL954s/auto/normal |
HTTP Parser: No favicon |
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0kgbl/0x4AAAAAAAZkrkPbo8rL954s/auto/normal |
HTTP Parser: No favicon |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: No favicon |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: No <meta name="author".. found |
Source: https://arcasdis.com/44d3ca3eda584b5611e1610a38471977663a77c24139fLOG44d3ca3eda584b5611e1610a38471977663a77c2413a0 |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49797 version: TLS 1.0 |
Source: unknown |
HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.5:49741 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.5:49755 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49786 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:50053 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49797 version: TLS 1.0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.196.184.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: global traffic |
HTTP traffic detected: GET /:b:/g/personal/crudnick_gatewaytradefunding_com/EUosCOHGhEhAsK3iU7WhHwcBJD24rRwvDApMZEF12v0Z7A?e=5sAePV HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /personal/crudnick_gatewaytradefunding_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments%2FView%20and%20print%20Online%20%2Epdf&parent=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments&ga=1 HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeGF0ajZlYUpVMDMxZlg4TUFSby84Z25YRVE0eHMyeDVyQTMxTEZKckxaVzFRRUhhT0xqdlhqK21vZElJempmOTJud2pvNm9FQlRqNDBhQkJSY3RQM3A5dz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeGF0ajZlYUpVMDMxZlg4TUFSby84Z25YRVE0eHMyeDVyQTMxTEZKckxaVzFRRUhhT0xqdlhqK21vZElJempmOTJud2pvNm9FQlRqNDBhQkJSY3RQM3A5dz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/spwebworkerproxy.ashx HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeGF0ajZlYUpVMDMxZlg4TUFSby84Z25YRVE0eHMyeDVyQTMxTEZKckxaVzFRRUhhT0xqdlhqK21vZElJempmOTJud2pvNm9FQlRqNDBhQkJSY3RQM3A5dz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /personal/crudnick_gatewaytradefunding_com/_api/v2.1/graphql HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeGF0ajZlYUpVMDMxZlg4TUFSby84Z25YRVE0eHMyeDVyQTMxTEZKckxaVzFRRUhhT0xqdlhqK21vZElJempmOTJud2pvNm9FQlRqNDBhQkJSY3RQM3A5dz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
Range: bytes=0-2147483646
User-Agent: Microsoft BITS/7.8
Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/images/odbfavicon.ico?rev=47 HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://gatewaytradefunding1-my.sharepoint.com/personal/crudnick_gatewaytradefunding_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments%2FView%20and%20print%20Online%20%2Epdf&parent=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments&ga=1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeGF0ajZlYUpVMDMxZlg4TUFSby84Z25YRVE0eHMyeDVyQTMxTEZKckxaVzFRRUhhT0xqdlhqK21vZElJempmOTJud2pvNm9FQlRqNDBhQkJSY3RQM3A5dz09PC9TUD4= |
Source: global traffic |
HTTP traffic detected: GET /_layouts/15/odspserviceworkerproxy.aspx?swManifestName=spserviceworker&debug=false&bypass=false&applications=%5B%7B%22id%22%3A%22STS%22%2C%22swPrefetchManifestName%22%3A%22stsserviceworkerprefetch%22%7D%2C%7B%22id%22%3A%22SPHome%22%7D%2C%7B%22id%22%3A%22SitePages%22%7D%2C%7B%22id%22%3A%22Embed%22%7D%2C%7B%22id%22%3A%22CreateGroup%22%7D%2C%7B%22id%22%3A%22SingleWebPart%22%7D%2C%7B%22id%22%3A%22VivaHome%22%7D%2C%7B%22id%22%3A%22BrokerLogon%22%7D%2C%7B%22id%22%3A%22Clipchamp%22%7D%2C%7B%22id%22%3A%22MeeBridge%22%7D%5D&defaultBrotli=true&authenticateFast=true&wwData=true&prefetchFilebrowserPageInTeams=true&FUIV9Flights=[-83099905,3]&spStartApplicationWebBundle=true&enableIntegrities=true HTTP/1.1
Host: gatewaytradefunding1-my.sharepoint.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: */*
Service-Worker: script
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: same-origin
Sec-Fetch-Dest: serviceworker
Referer: https://gatewaytradefunding1-my.sharepoint.com/personal/crudnick_gatewaytradefunding_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments%2FView%20and%20print%20Online%20%2Epdf&parent=%2Fpersonal%2Fcrudnick%5Fgatewaytradefunding%5Fcom%2FDocuments&ga=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uI2U5MmE1NThjYTQ5OGFmNDBhNDMzY2U2MDI0MjhkYTEyOWEyZTI0OTlkYWZiYTQ3NWYwNTI3ZjEyZWY3YWU2MjcsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jZTkyYTU1OGNhNDk4YWY0MGE0MzNjZTYwMjQyOGRhMTI5YTJlMjQ5OWRhZmJhNDc1ZjA1MjdmMTJlZjdhZTYyNywxMzM1OTU4MTYxMzAwMDAwMDAsMCwxMzM1OTY2NzcxNDAxNzcyNDEsMC4wLjAuMCwyNTgsZTZkOGQwMjUtNTc2MC00YmZkLWI1MjktOGU2MjRmYWNmY2Y5LCwsZmE2ODI2YTEtNTBiMy0wMDAwLTA3NTEtODI4NDE1Mjc2YWYzLGZhNjgyNmExLTUwYjMtMDAwMC0wNzUxLTgyODQxNTI3NmFmMyxCYllheWZhejVFV0huOVNNU3E0Y2lnLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwyMDEwNjksRGFEQWZqUVFtcHlPWHgyUnJLX1c1bHZvTFo0LDBJK01TYnJTYUNVQWIrM2pEcmhhcWhQa3NuZFo3c0xveVNMcEZObnRyZXA4ajFXNGFJbUpweXc2YW9sbVNhSmNCc1FBZDZpQzZkQTBBa3p0cVB5THdUNloyVnJTMTZ6L1dBaS81TGNGMGZTYUNFN2hvWkpCWE16SjkzdkR2NllUanBZanRycFA4YlVUQkdqQUJIb0JCOWdxOVJLREI4L0M3ZG00Q285YmhucGdpZGd6Z3JHTExYcEJ0cC8wckxlaTl4ZFYyWGlqMXpvSGNKWGtHU1BIK2lJaFQ5OEE1SVMvT1FkdzN5STd1a0NFSDBZY2VsNzlQOEc0VHY5blVPeG |