Play interactive tourEdit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t

Overview

General Information

Sample URL:	https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t
Analysis ID:	1433614
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish54

HTML page contains suspicious iframes

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML
Source: Yara match	File source: 4.7.pages.csv, type: HTML
Source: Yara match	File source: 4.12.pages.csv, type: HTML

HTML page contains suspicious iframes

Source: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.com

HTTP Parser: position:fixed;top:0;left:0;bottom:0;right:0;width:100%;height:100%;border:none;margin:0;padding:0;overflow:hidden;z-index:999999

Found iframes

Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normal

HTML page contains obfuscate script src

Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTML page is missing a favicon

Source: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.com	HTTP Parser: No favicon
Source: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.com	HTTP Parser: No favicon
Source: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normal	HTTP Parser: No favicon
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==	HTTP Parser: No favicon
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No favicon
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No favicon
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

META author tag missing

Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.184.145:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.184.145:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49778 version: TLS 1.2

Networking

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.184.145
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGKvZv7EGIjDEUx7WvBQBtcOHChEaeZZMHW6vEzsALtAwL3IWAbuzyGiWL9IJNO1uDffP1hi_uAwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-29-18; NID=513=OSVA7h6N18T1tiF2rkPuUdTk4mVwc6l_EFy1l2aXflVE0XrMhB0h3iN3IK-6uMtvBShrqQVxl7N2LNvah7BQOP27c0a6jmH59yNXi1v1dTWDRAuLCuMQ4jkhTew6HZYVgH-SNcLDD-mj59jyU1STuogZaww71vZ8rYF0OoBgqu8
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGKvZv7EGIjBsH4r0ySTrQDC_Sn-U9ugxQWEVNxDmP3T8C2FqWlAOCk17MjKcbIw_WrHh7DMnnk4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-29-18; NID=513=A5_AOG8-5s-Hg0QG2DVRY5tI2pziq0PWbZJ5rXSzf2eVFM95Sht62X2o2EFauxyHdcRKyW57TeBscjpokeF8FbS6tizDK1K-JsWDd4hV989JMY0ozcLGRoTn9a65XOHjg6PShS_n4pKU2QQBuTpnudhWrd-p8n16Z8IWJgDdzHM
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FplFg3tfDg9pafD&MD=nnOX81cX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t HTTP/1.1Host: m.exactag.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=joel.searle@zbeta.com HTTP/1.1Host: 40adf72b.1776196c55c66af1878f401b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://blessedbeyondproperties.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87c17f59fa022c90 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 40adf72b.1776196c55c66af1878f401b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 40adf72b.1776196c55c66af1878f401b.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1387587962:1714414561:VAAiJUfBIJaw5PJmymKGJOu5JPa2tUtxufiqZogknDE/87c17f59fa022c90/9c3ea40c67f937b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1387587962:1714414561:VAAiJUfBIJaw5PJmymKGJOu5JPa2tUtxufiqZogknDE/87c17f59fa022c90/9c3ea40c67f937b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/87c17f59fa022c90/1714416839949/25e5122030764ae821bd143e05e6b778934209c04a13ca4bb65fbc0aa29b51dd/dtVlIWtYC1Ugw-I HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87c17f59fa022c90/1714416839957/Jwzfnpu2UVDuzC7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87c17f59fa022c90/1714416839957/Jwzfnpu2UVDuzC7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1387587962:1714414561:VAAiJUfBIJaw5PJmymKGJOu5JPa2tUtxufiqZogknDE/87c17f59fa022c90/9c3ea40c67f937b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=FplFg3tfDg9pafD&MD=nnOX81cX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1387587962:1714414561:VAAiJUfBIJaw5PJmymKGJOu5JPa2tUtxufiqZogknDE/87c17f59fa022c90/9c3ea40c67f937b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dyYW1uYXRpb25saXRlLmNvbSIsImRvbWFpbiI6ImdyYW1uYXRpb25saXRlLmNvbSIsImtleSI6InQ1Y290TThpMWI4UyIsInFyYyI6ImpvZWwuc2VhcmxlQHpiZXRhLmNvbSIsImlhdCI6MTcxNDQxNjg2MCwiZXhwIjoxNzE0NDE2OTgwfQ.I-M_Ow3HC3ruLVArTLUrBNRcLQPbMIFxMuMsTDvr6dI HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=joel.searle%40zbeta.com HTTP/1.1Host: gramnationlite.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=joel.searle%40zbeta.com HTTP/1.1Host: gramnationlite.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o
Source: global traffic	HTTP traffic detected: GET /?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw== HTTP/1.1Host: gramnationlite.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; fpc=Aq4Rxgz5ctpFlRH2UtM6Mlc; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8M_npzJ3vQXYZVuEEWNFIdri9QROL8x6Y0UNnULDo28diaJKjQsSnRGi64a-8xWWnXlyztXNWiFXKE0hy0iNkPoNuAxr_caXsPcsWSGh7o04B1M3g6sdhL2bmHtR5WIuMR7ph_Xw4oNnwU2wgB3LVBZ_N6ZSThkNe-nvn8dQigL4gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 40adf72b.1776196c55c66af1878f401b.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://40adf72b.1776196c55c66af1878f401b.workers.dev/?qrc=joel.searle@zbeta.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=true HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOu
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 40adf72b.1776196c55c66af1878f401b.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://gramnationlite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pconfirmsend_964df482332b296c7a9c.js HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: gramnationlite.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gramnationlite.com/?pusdeoish=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1qb2VsLnNlYXJsZSU0MHpiZXRhLmNvbSZjbGllbnQtcmVxdWVzdC1pZD1jN2ZmZWQwOC01NmUwLTg4MzgtZTZjZC1mMmMzYTdkMDM3YTMmcHJvdGVjdGVkdG9rZW49dHJ1ZSZjbGFpbXM9JTdiJTIyaWRfdG9rZW4lMjIlM2ElN2IlMjJ4bXNfY2MlMjIlM2ElN2IlMjJ2YWx1ZXMlMjIlM2ElNWIlMjJDUDElMjIlNWQlN2QlN2QlN2Qmbm9uY2U9NjM4NTAwMTM2NjQ1MDI5NzcxLjZlZDUwNDRkLTA1ZmYtNDQzNy1iYjUyLTA5MWU5N2MyZjBhNCZzdGF0ZT1EY3RCRHNJZ0VFQlIwTE9ZdUlFT01BTmxZVHlLZ1hiUU5sZ1MyOFRFMDh2aV9kMlhRb2h6ZC1vazlJamczVWdBeG5tUEJEYUdZTFRubVFCeFZrQ2xLRVFYVk01a0ZVVERNVXkyUUVMWjMtdlF2bW00MV9aY3RzZHIyWTdiMnJqcW5kT244Z1hobF9sSWVtcnZQdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: gramnationlite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-tldm3qgolxmekn9ohbuot-gwta-pfxfawita1apkvj8/logintenantbranding/0/illustration?ts=637868585107067124 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gramnationlite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: gramnationlite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=t5cotM8i1b8S; qPdM.sig=DBnMKX4R3kdeZc8Os4hazJ8H__o; ClientId=F5CB676CB66D4B23A8D9490CDF1BEB36; OIDC=1; OpenIdConnect.nonce.v3.DrnXMqwmgkE9BVIHSuA48fVanSj5uPMupbAZ8Jj4g3E=638500136645029771.6ed5044d-05ff-4437-bb52-091e97c2f0a4; X-OWA-RedirectHistory=ArLym14Bi-_DyX1o3Ag; esctx-w3kvPcjArYE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8dE-FK7JAxcoogEz7lA2i0glisSyqwdiSvBUTc5g6sJ0NBnVoQx6KkvVe9KJKxnd2tOuPNkuW3E8FV3_wyvZl-LQ7rWwPVwriPgv3vTvK6EIpyYLcV5vh_dtbYzWsBghqXqzfqHlQYHfCJJKPFs5kvSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AQQAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8-MPJTa-VtWOgFdxZ47Yg3Suot1SQlO8AeSTgerLNw8CkKHCvJM1Z4lNcbx-tF0-4J8-HqjhFbBnmygyCMLultz17m6yjol6ofJFdE2QkM84gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Uv2-loOR3km5ltfT-0nr6wU6PzXczyXYdOR425o_9rpMhzud8U3cAIMsaWg03CYangNsJCYTy5u6SjkDtfZjdQn_4X2pPmPs8il2cOrTk2yH0h70eyebDmmL6jui6Q-ee4kapxl4EZScVp_rVyjmi7SoZI24pab7-AZRAJmmxLEgAA; esctx-Fdo6lBHw8W0=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Voem-RooMIKCGFDj8Z7F_UFEiRAiL0gdHzAsk64oP5tosW9iJdLRPyG2CDgXkh7F4mGEMeDGPIOt9KR16GglhgWH4B4zYFTn8OrlRuxjJZbOVHGFpggVk-MoG3ySQp9jkyMHRxqUuf0zapax-1L6JCAA; fpc=Aq4Rxgz5ctpFlRH2UtM6MleerOTJAQAAAOXjwd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-tldm3qgolxmekn9ohbuot-gwta-pfxfawita1apkvj8/logintenantbranding/0/bannerlogo?ts=637868585119567644 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gramnationlite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-tldm3qgolxmekn9ohbuot-gwta-pfxfawita1apkvj8/logintenantbranding/0/bannerlogo?ts=637868585119567644 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-tldm3qgolxmekn9ohbuot-gwta-pfxfawita1apkvj8/logintenantbranding/0/illustration?ts=637868585107067124 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /winner/71809//am9lbC5zZWFybGVAemJldGEuY29t HTTP/1.1Host: blessedbeyondproperties.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: blessedbeyondproperties.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://blessedbeyondproperties.com/winner/71809//am9lbC5zZWFybGVAemJldGEuY29tAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m.exactag.com
Source: global traffic	DNS traffic detected: DNS query: blessedbeyondproperties.com
Source: global traffic	DNS traffic detected: DNS query: 40adf72b.1776196c55c66af1878f401b.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: gramnationlite.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1387587962:1714414561:VAAiJUfBIJaw5PJmymKGJOu5JPa2tUtxufiqZogknDE/87c17f59fa022c90/9c3ea40c67f937b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2813sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 9c3ea40c67f937bsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jg61r/0x4AAAAAAAYuBAH8BKjI4zAU/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Apr 2024 18:53:49 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

URLs found in memory or binary data

Source: chromecache_92.3.dr	String found in binary or memory: http://feross.org
Source: chromecache_87.3.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_71.3.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_71.3.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_71.3.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_86.3.dr, chromecache_96.3.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_92.3.dr, chromecache_79.3.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_90.3.dr	String found in binary or memory: https://gramnationlite.com?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2dyYW1u
Source: chromecache_71.3.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_69.3.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_69.3.dr	String found in binary or memory: https://login.windows-ppe.net

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.184.145:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.184.145:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49778 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal60.phis.win@29/55@32/15

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1984,i,396476533936745484,9735013985595363813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1936,i,8015802674484518076,1934416102503109585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1984,i,396476533936745484,9735013985595363813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1936,i,8015802674484518076,1934416102503109585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected