Source: https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773 | LLM: Score: 7 brands: AppRiver Reasons: The URL is suspicious as it does not match the official domain of AppRiver, which is typically 'appriver.com'. The use of a long and complex URL with multiple subdomains and directories is a common tactic in phishing attacks. The page prompts for a sign-in, which is a common phishing technique to steal credentials. The domain 'assets-fra.mkt.dynamics.com' is not directly associated with AppRiver, raising further suspicion. DOM: 0.1.pages.csv |
Source: https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773 | LLM: Score: 7 brands: AppRiver Reasons: The URL is not associated with the official domain of AppRiver, which is typically 'appriver.com'. The URL structure appears complex and is hosted on a subdomain of 'dynamics.com', which is not directly related to AppRiver. The presence of a login form without a CAPTCHA and the use of social engineering techniques (e.g., urging users to sign in) further increase the suspicion that this is a phishing site. DOM: 0.4.pages.csv |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com | Matcher: Template: outlook matched with high similarity |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/ | Matcher: Template: outlook matched with high similarity |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/index | Matcher: Template: outlook matched with high similarity |
Source: Yara match | File source: 2.5.pages.csv, type: HTML |
Source: Yara match | File source: 1.2.pages.csv, type: HTML |
Source: Yara match | File source: 1.3.pages.csv, type: HTML |
Source: Yara match | File source: dropped/chromecache_174, type: DROPPED |
Source: Yara match | File source: dropped/chromecache_160, type: DROPPED |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/ | LLM: Score: 7 Reasons: The code attempts to use ActiveXObject, which is a known vector for security vulnerabilities and is generally considered unsafe. It also dynamically writes HTML content using document.write, which can be exploited for cross-site scripting (XSS) attacks. These practices are outdated and pose significant security risks. DOM: 1.2.pages.csv |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/ | LLM: Score: 9 Reasons: The JavaScript code is highly suspicious and likely malicious. It captures email and password inputs from a form and prevents the form from being submitted normally. Instead, it appears to send the captured data to an external URL (https://dataupload.top/bless/arsmtp/main.php), which is a strong indicator of phishing activity. This behavior is consistent with attempts to steal user credentials. DOM: 1.2.pages.csv |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/ | Matcher: Template: outlook matched |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/ | Matcher: Template: outlook matched |
Source: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/index | Matcher: Template: outlook matched |
Source: Yara match | File source: 1.2.pages.csv, type: HTML |
Source: Yara match | File source: 2.5.pages.csv, type: HTML |
Source: Yara match | File source: 1.3.pages.csv, type: HTML |
Source: Yara match | File source: dropped/chromecache_174, type: DROPPED |
Source: Yara match | File source: dropped/chromecache_160, type: DROPPED |
Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49728 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49735 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49736 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:49737 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:49737 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49738 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.126.37.161:443 -> 192.168.2.17:61304 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:61317 version: TLS 1.2 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.69 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.69 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.69 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: global traffic | HTTP traffic detected: GET /0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fra/FormLoader/FormLoader.bundle.js HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://assets-fra.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/forms/6e39a88b-9710-ef11-9f89-002248d9c773 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fra/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://assets-fra.mkt.dynamics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-fra.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fra/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/forms/6e39a88b-9710-ef11-9f89-002248d9c773 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/images/8c7c8a3d-9710-ef11-9f89-002248d9c773?ts=638511395356782131 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/images/8c7c8a3d-9710-ef11-9f89-002248d9c773?ts=638511395356782131 HTTP/1.1Host: assets-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /api/v1.0/orgs/0cc4a623-6510-ef11-9f83-002248da15fa/landingpageforms/forms/6e39a88b-9710-ef11-9f89-002248d9c773/visits HTTP/1.1Host: public-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /api/v1.0/orgs/0cc4a623-6510-ef11-9f83-002248da15fa/landingpageforms/forms/6e39a88b-9710-ef11-9f89-002248d9c773 HTTP/1.1Host: public-fra.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/download-logo.png HTTP/1.1Host: wafsd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/download.gif HTTP/1.1Host: wafsd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/download-logo.png HTTP/1.1Host: wafsd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/download.gif HTTP/1.1Host: wafsd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/favicon.ico HTTP/1.1Host: wafsd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://us-exg7-exghost-owa-auth-ty2u.onrender.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /new/arsm/media/favicon.ico HTTP/1.1Host: wafsd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gPbFxFEOZyTHTZU&MD=ezzeR7CU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic | HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br |
Source: global traffic | HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATHMKv4QFjka%2BKwPUomqggA512G/sx3AiY8VYYF6XQJIVvOyl2P5J3aPJKc5F66Y44VQPssN17zg7l%2BQKrPTWYRW26dHlO06pS6CDAyRoqdvENT6VCqUZNidTsF7nN4IrkqJb3io8s0h37KxGdRYK0FojMvQuHd0ZMEoK4smH0%2B4u5FTHQuRbnYIJwb3Rnd9anbeEB9%2BQhEoSQtP/2z941yt5qM%2BiwFGMEEJdvYCXuDeD8KCmIPQl2P0mZ8yIU8qDT%2B6F32Y/41eNlxznqCFxhR2uUTzUy0cYK/zIcrC0VRo63%2Bl4hhlYkoRwWZFqKAM9TJ4AOX3f9LxiUaoh2XL7boDZgAACETNfFvMWNUJqAH9DUcON/vijcoPKclaEtz3BjNdHcOwksY51n3mVta5sFK4kRDTKMyMWip4uXUMu0Meq0KPF%2B4Y/84pc5u7owCTD94POkmuFvcUS52Bp/IfG4fnrKCn%2BfRy%2BgPMkHibCENXYSZKuc3VfVfK28iFcOjjf9ItT6HP4dPaX9WhjocWK5LNbL6HqLyINFbZUozPSKB4eYilinTY8/yOtlH0rf37FPBz7FJPVFyjfmzRmSWG9/FNT8N/6u01kkuAcYCFpuMOka40Q%2BsiL%2BLasN5KTU1wg03TkBGwWaW6OPdlbIyqk2E7awbd%2BjHhQdiJ%2Bq4U3yICflMD6o5MYtk0mG4/vfTp9QI5rjM5k7nxoGMRuSEMhqgs8a1l/u/jMZNtBWNIGfC7I2eJiinzh7/D71uB0B8Cp1s5aYtdA4pLD7EkjJlanAJjfG%2BnAU/mSlt/y48talIfQs1eTedO/JUS/a2hK45vh6P6HWx8fANVf3HdO7gjdQgkJs7v/9F0uanLx/C0Pyxvxcb75zQOWi0HtElqmLOV2vnnjQcf2aD2yYUDxtBBaOZiB9KMTswP2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1716481635User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: DB68E98C31044C4B9CA314CF296AB262X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112 |