Play interactive tourEdit tour

Windows Analysis Report
https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F66812%2F%2Fc3RheWxvckBqZWZmcGFyaXNoLm5ldA==

Overview

General Information

Sample URL:	https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F66812%2F%2Fc3RheWxvckBqZWZmcGFyaX
Analysis ID:	1444432
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected suspicious javascript

HTML page contains suspicious iframes

Detected hidden input values containing email addresses (often used in phishing pages)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cm

LLM: Score: 9 brands: Microsoft Reasons: The URL is highly suspicious and does not match the legitimate domain name associated with Microsoft. The domain 'bplsharew.com' is not related to Microsoft. The URL is also very long and contains a lot of encoded information, which is a common technique used in phishing attacks to obscure the true destination. The login form resembles a legitimate Microsoft login page, which is a social engineering technique to trick users into entering their credentials. DOM: 4.11.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 3.8.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML

AI detected suspicious javascript

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc

LLM: Score: 9 Reasons: The JavaScript code contains URLs that point to 'bplsharew.com', which is not a recognized or legitimate domain associated with Microsoft services. This suggests that the code may be part of a phishing attempt to capture user credentials by mimicking Microsoft's login pages. Additionally, the presence of URLs for logout and sign-up actions further indicates potential malicious intent to deceive users. DOM: 4.9.pages.csv

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc

LLM: Score: 7 Reasons: The JavaScript code contains elements that are commonly associated with malicious behavior. It manipulates the URL and redirects the top-level frame, which can be used for phishing attacks or to bypass security restrictions. Additionally, the use of 'iframe-request-id' and session manipulation suggests potential misuse for tracking or session hijacking. DOM: 4.9.pages.csv

HTML page contains suspicious iframes

Source: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.net

HTTP Parser: position:fixed;top:0;left:0;bottom:0;right:0;width:100%;height:100%;border:none;margin:0;padding:0;overflow:hidden;z-index:999999

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: staylor@jeffparish.net

Found iframes

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal

HTML page contains obfuscate script src

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTML body contains password input

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.net	HTTP Parser: No favicon
Source: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.net	HTTP Parser: No favicon
Source: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.net	HTTP Parser: No favicon
Source: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.net	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal	HTTP Parser: No favicon
Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==	HTTP Parser: No favicon
Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true	HTTP Parser: No favicon
Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

META author tag missing

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: No <meta name="author".. found

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: No <meta name="copyright".. found

Source: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true

HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.126.37.130:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49736 version: TLS 1.2

Networking

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F66812%2F%2Fc3RheWxvckBqZWZmcGFyaXNoLm5ldA== HTTP/1.1Host: weblaunch.blifax.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?email=staylor@jeffparish.net HTTP/1.1Host: cf36c3da.0b971f141e46d0ba49215359.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://eyesontheguys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=886db6f9cea4420b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cf36c3da.0b971f141e46d0ba49215359.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.netAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cf36c3da.0b971f141e46d0ba49215359.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1057925893:1716221772:sKAQspXOQKT7vMdEl4YkZ3tPx3MI1aGbnr12k9Ms6TA/886db6f9cea4420b/41edfdabedb2860 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/886db6f9cea4420b/1716222664768/gfyRIPhsatD5j1h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/886db6f9cea4420b/1716222664768/gfyRIPhsatD5j1h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/886db6f9cea4420b/1716222664772/16963485c3277f4dd1c1ef9c301d97053c151239d8314a2456e4c5fc59182a31/OLAaGIJyN05ckor HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CVcVWudEww386DK&MD=lZGagBG2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1057925893:1716221772:sKAQspXOQKT7vMdEl4YkZ3tPx3MI1aGbnr12k9Ms6TA/886db6f9cea4420b/41edfdabedb2860 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAY5uAbeRP4cqaQpvEbNITuaEjdicrgM2pOSoGWihAKSAJOgAoNta1vwBmGR4ZSTN/OTZjtT1/F7WIZ/fJq%2B%2BLAcheODXtgbFUtBc1Nw6STn%2Bz%2BS79zESMzZ5MaEa5uZdrP6R6iJly8yk6I0SGjmzOAUXFFkf0y22y/n5pevepbdK7hFM%2BOhm%2BzhJZXffS2gp0KZZgRzw88Tp1WQZDbU%2BHOH87iop7LnfAqJdKH8LrMH/gBYSXU3Fbd5zceZc/ZPSUwh2YYbQgNfbY6b4tDmqCDE0ROaamrkUig70mLV5cMGHSfxXIYSzblzt%2BffwqMaa5KS3hmHHZ4gzEcIzSbDUM4EDZgAACE7ZezoqXnC9qAF5EbL0XTapNDY0/lTeJc3nyqG3KVvfz%2B9100RoA9boB8RVD/zqIyDJHSeVokFmhiNsot0KAcV7XrJzEWsbT5Mu463ec6NwNDQdBHCkfAb%2B6Ww6NFmW5w19QSD1Rr%2BDr2gJblwHilvvdCC/FH6MWiao9UnsWURqqz/1p7%2BHw3sV82B/WSgZ4CbhEU82D/FFEes/02OrVoOfqU5tpRLQyTJVs79JWQ9McleFdbfWpMQA2pZmUasGKRNE/AVC1%2B5R%2B9onMZ7/V9HjRpGKL7U%2Bc2hgB3BcHLWtB70MZ3D5avDn0/iA9t6ABl54Pyp2p8usKwm0LsdvsIf%2B7V5s3/GN%2BwMhswwZWrwGctM/nxhtxbQ6ablyAp6nMuvqFISzTA/TFEsxoxfe/9bxND1oj4cwg57B2XAJ7FK1XfcXh99QWm6w9QM0cH4dv2vu1ryj%2BssVNeeOmr9JNdgFzIOYLGZXdJKsH4VQzDVpAMJk1g0mkBjDiNo/5h7OL4%2Bl7pBKPR1GD4U%2BTLDCCCl3K6Yhxlcf1qOfHFWU5E/qEPmWjjIlrog31wCosB%2Bu1KU92AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1716222680User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: CE70FB3A8EDE49FC8D1A98D54D8510B5X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CVcVWudEww386DK&MD=lZGagBG2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1057925893:1716221772:sKAQspXOQKT7vMdEl4YkZ3tPx3MI1aGbnr12k9Ms6TA/886db6f9cea4420b/41edfdabedb2860 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JwbHNoYXJldy5jb20iLCJkb21haW4iOiJicGxzaGFyZXcuY29tIiwia2V5Ijoid1h2WEpzUVRiSEhkIiwicXJjIjoic3RheWxvckBqZWZmcGFyaXNoLm5ldCIsImlhdCI6MTcxNjIyMjcwOSwiZXhwIjoxNzE2MjIyODI5fQ.DEvDOVtmYtPVvqD84s75ZRKnFV0HQeL2-BBfIGG2nPg HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=staylor%40jeffparish.net HTTP/1.1Host: bplsharew.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=staylor%40jeffparish.net HTTP/1.1Host: bplsharew.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y
Source: global traffic	HTTP traffic detected: GET /?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg== HTTP/1.1Host: bplsharew.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; fpc=AnXINeATnftMg9HUXSYxgxg; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8oKdKvhGrdQKm7eg4ydemRjdF4q_lcbgMZ-tvypeuiF5RExyK_XZmFlx6iBwTjixjmKND-9pJQWn570HkapTLJvpUtYCNvAjbNsLCfjCFpLcTBOG4sP1NXEPRtO93MtHRQefYuJzdsp7giORkARcOYQPs0w4x33WrXioMXyxbbd0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cf36c3da.0b971f141e46d0ba49215359.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cf36c3da.0b971f141e46d0ba49215359.workers.dev/?email=staylor@jeffparish.netAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cf36c3da.0b971f141e46d0ba49215359.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=true HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjy
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_9oft0ybq1qhuafkqh5wryq2.css HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_T2EBBtMmyv072RjbQwNpoQ2.js HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: login.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://bplsharew.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://bplsharew.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: bplsharew.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bplsharew.com/?s5eebivke=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1zdGF5bG9yJTQwamVmZnBhcmlzaC5uZXQmY2xpZW50LXJlcXVlc3QtaWQ9YjdhMzcwZDMtZTFmZi1hZDc1LTEwMDUtOTE3NDUzNWYyOTg3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxODE5NTEyNDI4MTc3OS4yMGUyMDkzMC0yZDNkLTQ0YmItYjI4Ny03YmM4OGMzOTNiMTUmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGNFSExEQ0REd25nVXc3VFVZaG93TFlueDlySjRmX2VsRU9MY25UcXBlNFNfR1hKQUVCeWdSUUx2dzRBNm9RNUdLNXpOckt4bFZvemtsZWVKYURMQk1EalozLXRZdjNGOGJQV1Z5M1BOcGQyUEZuOWIzUzlXdjlPeWZPS2VqM1VvcWYwQg==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: bplsharew.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=wXvXJsQTbHHd; qPdM.sig=a00zAhp9E0eJ7o4SuK5FLU6Wt7Y; ClientId=0661789722844DAB8321D8EE1CFA4A76; OIDC=1; OpenIdConnect.nonce.v3.Y1yIe2Y-YSz5awjnuj17fyr1u7RwVWkYZuJ3y1hHht8=638518195124281779.20e20930-2d3d-44bb-b287-7bc88c393b15; X-OWA-RedirectHistory=ArLym14Bs6EBW-p43Ag; esctx-hlxhDkoq2A=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8E335WPcq_3aScDRsjDLHuYY9Jgu8OwTCG1pnkMgwJt4s3Od4HLVPDOJPPdBOZrlAhcqCjyem_cY-P7ObKdsXdF-If0VcrVhsPb2hXK7mvE3taxzmvMGOAgEHGVmO7NI32amRHsIDD-zm0RrtI3IL_CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.ASwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd86fgvsdMGSej5zvrAsJF_k0V5nnE50SZ_T3hiYOFpoHg1e_z7nY4Xf_fk5WQcMWwBM26JoE47lWhPu6J6ldSFuVvy-o5cnFwUCBcYJE7HEaAgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8MAdKlBDA6kOp-Aqs30K7c9Kh3T2pJUrQEvRFHeQ2K7y5-PBHbUMzjrBK6yrMg8o1oFVrTzyyllloYaJBMVOAmV16f8eb-StdiFGOTn6a3pew21AU4Ajlurpm3O9ESNb8Ep1B9RUucdUmfo4d6HAAE9MLX4nGCW3e_R0n1WhmR8MgAA; esctx-R99RXC4kHIc=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8SDDAikTfPauGAuZ4CmOpNOXrpFJA8OIUyoQ7Z9_sTe_8C7_pv0h-lCZubd9hHQSzeXsYDnVkoRXGMnl1uW8zLwJahwlCkkYcwZC_RaKApnBaXYXMTOfvBA4YmItyjec34CB2zDpq0wD2Vcc-2ULnkCAA; fpc=AnXINeATnftMg9HUXSYxgxierOTJAQAAAPtx3d0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /winner/66812//c3RheWxvckBqZWZmcGFyaXNoLm5ldA== HTTP/1.1Host: eyesontheguys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: eyesontheguys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://eyesontheguys.com/winner/66812//c3RheWxvckBqZWZmcGFyaXNoLm5ldA==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: weblaunch.blifax.com
Source: global traffic	DNS traffic detected: DNS query: eyesontheguys.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cf36c3da.0b971f141e46d0ba49215359.workers.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: bplsharew.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1057925893:1716221772:sKAQspXOQKT7vMdEl4YkZ3tPx3MI1aGbnr12k9Ms6TA/886db6f9cea4420b/41edfdabedb2860 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2882sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 41edfdabedb2860sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4dgje/0x4AAAAAAAaniHVxSUkv6GXd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 16:31:05 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: Yn7OypesGaZrTx123pFEsQ==$5feJ5HXgU/Bn1ZICLWzdVQ==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 886db70d5d907c93-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 16:31:08 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: zm7AYE9ZJ8P5QVjxmW1Ebg==$/A+TI+acwOLQnYVm0sYabw==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 886db72058798c72-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 16:31:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: f3bCC6aKGTGPANriJKqZyA==$/2HV17YRoHXBI5QQ9A1JAQ==Server: cloudflareCF-RAY: 886db81a3a3a198e-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 16:30:58 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

URLs found in memory or binary data

Source: chromecache_91.1.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_102.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_102.1.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_102.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_105.1.dr	String found in binary or memory: https://bplsharew.com?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JwbHNoYXJld
Source: chromecache_89.1.dr, chromecache_85.1.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_102.1.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_92.1.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_92.1.dr	String found in binary or memory: https://login.windows-ppe.net

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.126.37.130:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49736 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal64.phis.win@20/61@28/15

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F66812%2F%2Fc3RheWxvckBqZWZmcGFyaXNoLm5ldA==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1992,i,3206860007016770827,9937223303150751706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1992,i,3206860007016770827,9937223303150751706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Windows shortcut file (LNK) contains relative path

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior