Windows Analysis Report
https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh

Overview

General Information

Sample URL:	https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh
Analysis ID:	1447356
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

AI detected suspicious javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://www.atjehupdate.com/3tvdgh	Avira URL Cloud: Label: phishing
Source: https://www.atjehupdate.com/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://n65bzqybjc3.loginauth.online' is highly suspicious and does not match the legitimate domain for Microsoft Outlook, which is typically 'login.microsoftonline.com'. The site contains a login form, which is a common element in phishing sites. The domain name 'loginauth.online' is not associated with Microsoft and appears to be designed to deceive users. The presence of social usering techniques, such as mimicking the legitimate Outlook login page, further indicates that this is a phishing site. DOM: 3.9.pages.csv

Phishing site detected (based on favicon image match)

Source: https://loginauth.online	Matcher: Template: microsoft matched with high similarity
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.12.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML

AI detected suspicious javascript

LLM: Score: 9 Reasons: The JavaScript code contains URLs that point to a suspicious domain (loginauth.online) which is not a known legitimate domain for authentication services. This domain could potentially be used for phishing attacks by mimicking legitimate login pages to steal user credentials. DOM: 2.6.pages.csv

Phishing site detected (based on image similarity)

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3d	Matcher: Template: microsoft matched
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3d	Matcher: Template: microsoft matched

Found iframes

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: Number of links: 0
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

HTML page contains obfuscate script src

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49711 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.elliottscotthr.com to https://www.atjehupdate.com/3tvdgh
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: www.atjehupdate.com to https://documentsharehub.com/?cqpvjmep
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: documentsharehub.com to https://n65bzqybjc3.loginauth.online?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl242nwj6cxliammzlmxvz2luyxv0ac5vbmxpbmuilcjkb21haw4ioijunjvienf5ympjmy5sb2dpbmf1dggub25saw5liiwia2v5ijoitlriz1lqmtv0tmvliiwicxjjijpudwxslcjpyxqioje3mty1nzkxnjmsimv4cci6mtcxnju3oti4m30.euzrkcjavtgszoqpf3km3vgxm9h_dt250yjojq-ykac

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh HTTP/1.1Host: link.elliottscotthr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /3tvdgh HTTP/1.1Host: www.atjehupdate.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3tvdgh/ HTTP/1.1Host: www.atjehupdate.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=888fb5e42caa0f90 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.atjehupdate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.atjehupdate.com/3tvdgh/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/888fb5e42caa0f90/1716579137040/xVOq4fQjj_28n-K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/888fb5e42caa0f90/1716579137040/xVOq4fQjj_28n-K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/888fb5e42caa0f90/1716579137043/b4b12407ccfb9d73c6e71b54ffe89aa072e57633c052e776138e9954d0648415/YyLIi3SbiYs0TGW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cqpvjmep HTTP/1.1Host: documentsharehub.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL242NWJ6cXliamMzLmxvZ2luYXV0aC5vbmxpbmUiLCJkb21haW4iOiJuNjVienF5YmpjMy5sb2dpbmF1dGgub25saW5lIiwia2V5IjoiTlRiZ1lQMTV0TmVLIiwicXJjIjpudWxsLCJpYXQiOjE3MTY1NzkxNjMsImV4cCI6MTcxNjU3OTI4M30.EUzRKcjavTGSZoQPf3km3vGxM9h_dT250yJOjQ-ykac HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU
Source: global traffic	HTTP traffic detected: GET /?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02RqpPVUEOMd8pcMSYFL-QQ3vYWJ2wBQQBisXm7M8KIf-I8PcAj8LkA56Qb_izRu_mpINjwU29XujkfE_nL-9BJIlT0lDDCzrrWbjF1FHjNVqWD4IMDQOZ0QkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02Rqp
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02RqpPVUEOMd8pcMSYFL-QQ3vYWJ2wBQQBisXm7M8KIf-I8PcAj8LkA56Qb_izRu_mpINjwU29XujkfE_nL-9BJIlT0lDDCzrrWbjF1FHjNVqWD4IMDQOZ0QkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_9oft0ybq1qhuafkqh5wryq2.css HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_T2EBBtMmyv072RjbQwNpoQ2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://n65bzqybjc3.loginauth.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_2e62c59c862fb482c11d.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: link.elliottscotthr.com
Source: global traffic	DNS traffic detected: DNS query: www.atjehupdate.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: documentsharehub.com
Source: global traffic	DNS traffic detected: DNS query: n65bzqybjc3.loginauth.online
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2915sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 74c1337cf6b3855sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 24 May 2024 19:32:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:19 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: prO9nF5DAryc9pgrfrhnqg==$Td4UISOcMREzwRjwXq44wg==Server: cloudflareCF-RAY: 888fb6051e408c17-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /plTwTjpPfvrl4WOvWmRVw==$FIIEoEkjH3YmbqJSGFTTbw==Server: cloudflareCF-RAY: 888fb6197c971a0f-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:38 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: Pocq/qRS5bD5d6nZVIOTSw==$XtGrRAgZTPkx+B2hdwM9GQ==Server: cloudflareCF-RAY: 888fb67f5cb94388-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4c146b81-d816-428d-a494-156146354b00x-ms-ests-server: 2.1.18105.6 - WUS3 ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Fri, 24 May 2024 19:32:49 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_81.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_81.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_81.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_81.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_87.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@21/60@28/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2492806512525018564,2187908613118736078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2492806512525018564,2187908613118736078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.134.153.80	atjehupdate.com	Singapore	138608	CLOUDHOST-AS-APCloudHostPteLtdSG	false
13.107.246.45	part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
45.61.58.9	documentsharehub.com	United States	47869	NETROUTING-ASNL	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
77.72.7.206	link.elliottscotthr.com	United Kingdom	12488	KRYSTALGR	false
52.98.152.242	HHN-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
part-0017.t-0009.t-msedge.net	13.107.246.45	true
cs1100.wpc.omegacdn.net	152.199.23.37	true
documentsharehub.com	45.61.58.9	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.250.186.100	true
atjehupdate.com	103.134.153.80	true
n65bzqybjc3.loginauth.online	45.61.58.9	true
HHN-efz.ms-acdc.office.com	52.98.152.242	true
link.elliottscotthr.com	77.72.7.206	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
www.atjehupdate.com	unknown	unknown
r4.res.office365.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
outlook.office365.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.atjehupdate.com/3tvdgh/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855	false	Avira URL Cloud: safe	unknown
https://documentsharehub.com/?cqpvjmep	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/888fb5e42caa0f90/1716579137040/xVOq4fQjj_28n-K	false	Avira URL Cloud: safe	unknown
https://outlook.office365.com/owa/prefetch.aspx	false		unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://www.atjehupdate.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://n65bzqybjc3.loginauth.online/	false	Avira URL Cloud: safe	unknown
https://www.atjehupdate.com/3tvdgh	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/888fb5e42caa0f90/1716579137043/b4b12407ccfb9d73c6e71b54ffe89aa072e57633c052e776138e9954d0648415/YyLIi3SbiYs0TGW	false	Avira URL Cloud: safe	unknown
https://n65bzqybjc3.loginauth.online/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/695da7821231/api.js	false	Avira URL Cloud: safe	unknown
https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh	true		unknown
https://n65bzqybjc3.loginauth.online/owa/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=888fb5e42caa0f90	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 58	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 59	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 60	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 61	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 62	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 63	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 64	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 65	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 66	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
Chrome Cache Entry: 67	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 68	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 69	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 70	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 71	PNG image data, 81 x 68, 8-bit/color RGB, non-interlaced	47B0DA4C81C4A52C8E44E12384CFAA47	539C7BACDDFA6C40E7AB477F02E5CDEDA2D7B10D	A83D1CB158E9A3A51B77FFEA5DC7881F4FEC240DC310987AB75CA85EE4576A25
Chrome Cache Entry: 72	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 73	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379	847A4212B99B9076EE39328B24CD30AF	73F15078CF1D396485F644A79B6E25EF0637685D	29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
Chrome Cache Entry: 74	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 75	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 76	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 77	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 78	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 79	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 80	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 81	ASCII text	3E89AE909C6A8D8C56396830471F3373	2632F95A5BE7E4C589402BF76E800A8151CD036B	6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
Chrome Cache Entry: 82	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 83	ASCII text, with very long lines (42526)	C667700BE084108F8DEDED9026FFBBF9	31D633A11EF13A66787EC6504E38C11842664B7B	E158035A6F740B0245A027BF0D559C56782EBBEEC7CAB5A827083BD16AA47901
Chrome Cache Entry: 84	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 85	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113124	5E3D23B9011B082A8DC2A6EEEE6559D0	B1A5170A25FE5AC6521D676A22ED043208180DD0	AB1DEB7573547344F30492F9D9306B7037A69F8E3DB73C722C7E0B9F6FEC58FB
Chrome Cache Entry: 86	ASCII text	7605968E79D0CA095AB1231486D2B814	A007B420D19CEEFA840F0373E050E3B51A4AB480	493FDA53120050F85836032324409BE6C6484F90A0755AE0C6A673BA7626818B
Chrome Cache Entry: 87	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators	E86EF8B6111E5FB1D1665BCDC90888C9	994BF7651CB967CD9053056AF2D69ACB74DB7F29	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
Chrome Cache Entry: 88	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 89	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 90	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 91	PNG image data, 81 x 68, 8-bit/color RGB, non-interlaced	47B0DA4C81C4A52C8E44E12384CFAA47	539C7BACDDFA6C40E7AB477F02E5CDEDA2D7B10D	A83D1CB158E9A3A51B77FFEA5DC7881F4FEC240DC310987AB75CA85EE4576A25
Chrome Cache Entry: 92	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 93	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378	6F68E9881DF18F8E251AB57D5786239B	C0F7A01A288752833390FC330995F25488BCE8EC	B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://www.atjehupdate.com/3tvdgh	Avira URL Cloud: Label: phishing
Source: https://www.atjehupdate.com/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Phishing site detected (based on favicon image match)

Source: https://loginauth.online	Matcher: Template: microsoft matched with high similarity
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.12.pages.csv, type: HTML
Source: Yara match	File source: 3.9.pages.csv, type: HTML

AI detected suspicious javascript

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3d	Matcher: Template: microsoft matched
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3d	Matcher: Template: microsoft matched

Found iframes

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: Number of links: 0
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal

HTML page contains obfuscate script src

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJT	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://www.atjehupdate.com/3tvdgh/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49711 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.elliottscotthr.com to https://www.atjehupdate.com/3tvdgh
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: www.atjehupdate.com to https://documentsharehub.com/?cqpvjmep
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: documentsharehub.com to https://n65bzqybjc3.loginauth.online?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl242nwj6cxliammzlmxvz2luyxv0ac5vbmxpbmuilcjkb21haw4ioijunjvienf5ympjmy5sb2dpbmf1dggub25saw5liiwia2v5ijoitlriz1lqmtv0tmvliiwicxjjijpudwxslcjpyxqioje3mty1nzkxnjmsimv4cci6mtcxnju3oti4m30.euzrkcjavtgszoqpf3km3vgxm9h_dt250yjojq-ykac

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh HTTP/1.1Host: link.elliottscotthr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /3tvdgh HTTP/1.1Host: www.atjehupdate.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3tvdgh/ HTTP/1.1Host: www.atjehupdate.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=888fb5e42caa0f90 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.atjehupdate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.atjehupdate.com/3tvdgh/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/888fb5e42caa0f90/1716579137040/xVOq4fQjj_28n-K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/888fb5e42caa0f90/1716579137040/xVOq4fQjj_28n-K HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/888fb5e42caa0f90/1716579137043/b4b12407ccfb9d73c6e71b54ffe89aa072e57633c052e776138e9954d0648415/YyLIi3SbiYs0TGW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qoeoy/0x4AAAAAAAXYIizYYwtXwO6I/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1601930154:1716577982:ptjrSQ46cdxjVm5k4r4ancR-5FTXsCulSkuwh600DHI/888fb5e42caa0f90/74c1337cf6b3855 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?cqpvjmep HTTP/1.1Host: documentsharehub.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL242NWJ6cXliamMzLmxvZ2luYXV0aC5vbmxpbmUiLCJkb21haW4iOiJuNjVienF5YmpjMy5sb2dpbmF1dGgub25saW5lIiwia2V5IjoiTlRiZ1lQMTV0TmVLIiwicXJjIjpudWxsLCJpYXQiOjE3MTY1NzkxNjMsImV4cCI6MTcxNjU3OTI4M30.EUzRKcjavTGSZoQPf3km3vGxM9h_dT250yJOjQ-ykac HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU
Source: global traffic	HTTP traffic detected: GET /?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.atjehupdate.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_RY3pVDLvjU_KKLtTKxjDFA2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02RqpPVUEOMd8pcMSYFL-QQ3vYWJ2wBQQBisXm7M8KIf-I8PcAj8LkA56Qb_izRu_mpINjwU29XujkfE_nL-9BJIlT0lDDCzrrWbjF1FHjNVqWD4IMDQOZ0QkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=true HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02Rqp
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; fpc=AiljQYBVtjJImwgsVClEdJE; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8rgsiecIdYnyA97IKWcPsLn0WSFWh6JNkUPmO5Y_M_QuzfMpWe_02RqpPVUEOMd8pcMSYFL-QQ3vYWJ2wBQQBisXm7M8KIf-I8PcAj8LkA56Qb_izRu_mpINjwU29XujkfE_nL-9BJIlT0lDDCzrrWbjF1FHjNVqWD4IMDQOZ0QkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_9oft0ybq1qhuafkqh5wryq2.css HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_T2EBBtMmyv072RjbQwNpoQ2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://n65bzqybjc3.loginauth.online/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_2e62c59c862fb482c11d.js HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://n65bzqybjc3.loginauth.online/?fmovsnvax=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MGQ3OGMwMWEtNmFlMi03NjYwLTM3MzEtNTcwNDYyZTAwNWJiJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUyMTc1OTY2NzI4Nzk4Ny40NzBjZTJlOC1lNDAzLTRkYzAtYTNhZi00ODJiMzA5MTdkYWUmc3RhdGU9RGN0QkZvQWdDQUJSck5keFNFUVNQSTRwYlZ0Ml9WajgyVTBDZ0Qxc0lWRUV0Rlc3dU9qVlcxTTI3YWFuS0Uxbk4zU2hpckltNGFqalFURy1LX1dpYTNpSzk4anZOX0lQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg HTTP/1.1Host: n65bzqybjc3.loginauth.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=NTbgYP15tNeK; qPdM.sig=hojG4RD9SHqK1OZh9mdKRR3-WlU; ClientId=71BBDBF14BFC4546966391CE8065C975; OIDC=1; OpenIdConnect.nonce.v3.NHuZ77635yj_fa3W1wzZEDOHuTyil-LTLji-zOcqLjM=638521759667287987.470ce2e8-e403-4dc0-a3af-482b30917dae; X-OWA-RedirectHistory=ArLym14Bs3dTSih83Ag; esctx-HY029vIbI9w=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8M-xjYsaTXawGuu1phkPuxeAcuf_Fr58DdvmIp704pkULQLQGvWwbjdlISQ4P2nevJin01jGPnhj6smUe6U6i4XCy6erWWtXHinWh89FeNP2hYNl0myliMuarcDzgEFquEMuqqp77afcApD0yZqKUfyAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.ARcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8LHwtgZuYN8eN38zXbZzJbdHot0Fh5NsaEEkuomwKIVrPvOIQzgwh7Eaqo3qGtVj55_BSxAs_MOjeWhjTUkp6TjzbFRX92oIzYp_J8dSmjlwgAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8CKIavCaH9jmxztoBb5jbQlUMD4rosPxQbUD4syzEuLZvVz6KWRY_wa5gUd1v2N3q1PUNwH9aDtkzd5C2SbOtJlbYkW4u3M1Z7XRvYUIDruVRLlEQMpjLvS62rSRbtoKX6s6b1d14ABmtu0sMBx6aXbEyGnT93vkUqvGmAMpuP1cgAA; esctx-Hto4XWU5WE=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8mLftGV6C4UYDzphLyDNgJjVNj_VLuz9naf3tB01b5moA3x0k9rZLQ1q-TSq84kyyiXjW3tzskH0teOdIYERQI-S3ANcg5cNBY776oiXltv9ijl0znLWkr9iXRxbXvKE5cXL1uMuKpxOt_h776qhAJyAA; fpc=AiljQYBVtjJImwgsVClEdJGerOTJAQAAAGHi4t0OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: link.elliottscotthr.com
Source: global traffic	DNS traffic detected: DNS query: www.atjehupdate.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: documentsharehub.com
Source: global traffic	DNS traffic detected: DNS query: n65bzqybjc3.loginauth.online
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 24 May 2024 19:32:17 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:19 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: prO9nF5DAryc9pgrfrhnqg==$Td4UISOcMREzwRjwXq44wg==Server: cloudflareCF-RAY: 888fb6051e408c17-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /plTwTjpPfvrl4WOvWmRVw==$FIIEoEkjH3YmbqJSGFTTbw==Server: cloudflareCF-RAY: 888fb6197c971a0f-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 May 2024 19:32:38 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: Pocq/qRS5bD5d6nZVIOTSw==$XtGrRAgZTPkx+B2hdwM9GQ==Server: cloudflareCF-RAY: 888fb67f5cb94388-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4c146b81-d816-428d-a494-156146354b00x-ms-ests-server: 2.1.18105.6 - WUS3 ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Fri, 24 May 2024 19:32:49 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: chromecache_81.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_81.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_81.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_81.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_87.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_87.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@21/60@28/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2492806512525018564,2187908613118736078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2492806512525018564,2187908613118736078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1447356
Product:	CloudBasic
Start time:	21:31:09
Start date:	24.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://link.elliottscotthr.com/api/redirect.me?track=000000&url=https%3A%2F%2Fwww.atjehupdate.com/3tvdgh