Play interactive tourEdit tour

Windows Analysis Report
https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-

Overview

General Information

Sample URL:	https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%2
Analysis ID:	1467258
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://lkallinskyaskergoworks.com

LLM: Score: 9 brands: Clearwater Paper Reasons: The URL 'https://lkallinskyaskergoworks.com' does not match the legitimate domain 'clearwaterpaper.com' associated with Clearwater Paper. The domain name is highly suspicious and unrelated to the brand. The page prominently displays a login form asking for a password, which is a common phishing tactic. Additionally, the presence of a suspicious link ('Forgot my password') and the use of social engineering techniques to trick users into entering their credentials further indicate that this is a phishing site. DOM: 4.8.pages.csv

Phishing site detected (based on favicon image match)

Source: https://lkallinskyaskergoworks.com

Matcher: Template: microsoft matched with high similarity

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=true

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 4.8.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=true

HTTP Parser: becky.barckley@clearwaterpaper.com

Found iframes

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...

HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...

HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...

HTTP Parser: Number of links: 0

Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normal

HTML page contains obfuscate script src

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJm	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTML body contains password input

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: https://scottgteamallegmach.com/?lhheyeap=88b17e27f071d67cb0a6b3932d6af4e785f293e1421615b6e203a80136e4ffa1d178a9fe226f4ce649ae917140d4c6ee5f6779a3b264f31e482e2cb6097f67eb&qrc=becky.barckley%40clearwaterpaper.com	HTTP Parser: No favicon
Source: https://scottgteamallegmach.com/?lhheyeap=88b17e27f071d67cb0a6b3932d6af4e785f293e1421615b6e203a80136e4ffa1d178a9fe226f4ce649ae917140d4c6ee5f6779a3b264f31e482e2cb6097f67eb&qrc=becky.barckley%40clearwaterpaper.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normal	HTTP Parser: No favicon
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==	HTTP Parser: No favicon
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...	HTTP Parser: No favicon
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon

META author tag missing

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa	HTTP Parser: No <meta name="author".. found
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...	HTTP Parser: No <meta name="copyright".. found
Source: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reloa...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flkallinskyaskergoworks.com%2fcommon%2freprocess%3fctx%3drQQIARAAjZE7bNNQFIbtODVtKSQqEmICZDEVHNuJ7cRBReTVJG1Ik5JHE4Qi--Y6TuPkOrYbJ6m6syBVLEgdGRgyAQuoqkRH1AF16FSWjlUHhBBDxYBIxMIG__DpX87R0fkWCM7Hhe-wf-KnJ6RZVeVoACftr5jzs9594vp992f1xJV_8OsmN_d2hN_SbNuwwgyDNm0doZYPqWoTQB9AbQY5MvMBx49w_AzHX7goBYLWwKfIJmjpcPAQ6FA2HdmGpiEb0JyMjFxBMRAShDG4AC8FWSEk8j5QF4AkSeObeFmheU4O0pIIFVoVQCjAskHgD4ITl2c1smlr_gmQ2RzC764ZFZntmoEse5fYxePAjsatdCORiK6xmVVeS6ed6JqSRIKmpTJFI5PnDLZX8Fs9rSeJxTxvd4PSSsFoxmNiLBvrD7v1RjotQLZvIaOcL0EwXCk7TnejOixFBw2x4mTqkVCHdvRILrUs6mpX5aRqr1yrJquCnu0o8fx6rl2DxeSSFaWDIGsPeFk2MylnRPyXgHcEOX5RG3UOCRIZsNOsH7nxUzd-7p5jifD09KwXu4Hdxi7c-KupsaufL4-veTzvl0Yfp_Z3tC_Y4RSTLCHLrA4ZPsUmlvVK198BA6dxN_coXmdLvVguXk1p_cfsSsWfWAyEuR0S3yHJPXJmmvBiFBHLcWck_o3En13C9mb-Jf7oMn4yx8-SQJebbWt-YYtq1ms2asEOFd6i-m2rBsCk9WR9E1pU-Ak13k893d7ePriCXVx9fnrw6fjH66-pc889f4nrRsWOxTARSQkFKkXL3CgmEsVCwVwvt9pdlA2AWCKuWDC0-MaLnXqx3w2&mkt=en-US&hosted=0&device_platform=Windows+10	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49745 version: TLS 1.2

Networking

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: 4smgswwi.r.us-west-2.awstrack.me to https://m.exactag.com/ai.aspx?tc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41primmacy.com%2fwinner%2f77663%2f%2fymvja3kuymfyy2tszxlay2xlyxj3yxrlcnbhcgvylmnvbq==

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: scottgteamallegmach.com to https://lkallinskyaskergoworks.com/?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl2xrywxsaw5za3lhc2tlcmdvd29ya3muy29tlyisimrvbwfpbii6imxrywxsaw5za3lhc2tlcmdvd29ya3muy29tiiwia2v5ijoibg1ssfa0nkpyrhfbiiwicxjjijoiymvja3kuymfyy2tszxlay2xlyxj3yxrlcnbhcgvylmnvbsisimlhdci6mtcymda0mtmzmiwizxhwijoxnziwmdqxnduyfq.b7lc10r3951dmzs2umce3t8z4715srfqqyqwarzhkuq

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.34
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382 HTTP/1.1Host: 4smgswwi.r.us-west-2.awstrack.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ai.aspx?tc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41primmacy.com%2Fwinner%2F77663%2F%2FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ== HTTP/1.1Host: m.exactag.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lhheyeap&qrc=becky.barckley@clearwaterpaper.com HTTP/1.1Host: scottgteamallegmach.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://primmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lhheyeap=88b17e27f071d67cb0a6b3932d6af4e785f293e1421615b6e203a80136e4ffa1d178a9fe226f4ce649ae917140d4c6ee5f6779a3b264f31e482e2cb6097f67eb&qrc=becky.barckley%40clearwaterpaper.com HTTP/1.1Host: scottgteamallegmach.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://primmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/d2a97f6b6ec9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d9e39b4c6a439c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: scottgteamallegmach.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://scottgteamallegmach.com/?lhheyeap=88b17e27f071d67cb0a6b3932d6af4e785f293e1421615b6e203a80136e4ffa1d178a9fe226f4ce649ae917140d4c6ee5f6779a3b264f31e482e2cb6097f67eb&qrc=becky.barckley%40clearwaterpaper.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1299850252:1720038271:FLQXB6TfjKKWTemLrqFLkm7QM7NIQIUzaojfQkTVozk/89d9e39b4c6a439c/dddee621c398e80 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d9e39b4c6a439c/1720041309222/HnYog-_gKEtQyoM HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d9e39b4c6a439c/1720041309222/HnYog-_gKEtQyoM HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/89d9e39b4c6a439c/1720041309225/6462f35eb6259c6d9e275f551e287de82e9c4e4c533436185cc277a704b5ad98/2sgfur4PYM85bMd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1299850252:1720038271:FLQXB6TfjKKWTemLrqFLkm7QM7NIQIUzaojfQkTVozk/89d9e39b4c6a439c/dddee621c398e80 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1299850252:1720038271:FLQXB6TfjKKWTemLrqFLkm7QM7NIQIUzaojfQkTVozk/89d9e39b4c6a439c/dddee621c398e80 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2xrYWxsaW5za3lhc2tlcmdvd29ya3MuY29tLyIsImRvbWFpbiI6ImxrYWxsaW5za3lhc2tlcmdvd29ya3MuY29tIiwia2V5IjoibG1SSFA0NkpyRHFBIiwicXJjIjoiYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbSIsImlhdCI6MTcyMDA0MTMzMiwiZXhwIjoxNzIwMDQxNDUyfQ.B7Lc10R3951DMzS2umCE3T8z4715srfQqYqwARzHKuQ HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=becky.barckley%40clearwaterpaper.com HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=becky.barckley%40clearwaterpaper.com HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4
Source: global traffic	HTTP traffic detected: GET /?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw== HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://scottgteamallegmach.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; fpc=ApCRDscTPfpFmg7oKc7v_-0; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYBVdOeZzjQrQ99sGQE5eDSgRRm4HieIye2019VeUOek6Al8AulFLkpCUNahYTl2IJjnn6jPizzfg83epWmEJHTQ9i9QPqp_4sIr2SPvHoIKV_apbtsXOBRA2aVbtrYPo7yLOU0DT4rh-hsXRP6LcUcZLGqeUMBunhmLx-buq3SMUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=true HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; fpc=ApCRDscTPfpFmg7oKc7v_-0; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYBVdOeZzjQrQ99sGQE5eDSgRRm4HieIye2019VeUOek6Al8AulFLkpCUNahYTl2IJjnn6jPizzfg83epWmEJHTQ9i9QPqp_4sIr2SPvHoIKV_apbtsXOBRA2aVbtrYPo7yLOU0DT4rh-hsXRP6LcUcZLGqeUMBunhmLx-buq3SMUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_Kjlmc42uL0ATl_21eYcwVg2.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_fo8rkc18qnhjh4wnzabsdg2.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://lkallinskyaskergoworks.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /clearwaterpaper.com/winauth/ssoprobe?client-request-id=3b1603bc-ce04-da66-0251-3efe1e310cb1&_=1720041340377 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lkallinskyaskergoworks.com/?p53xad2ll=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1iZWNreS5iYXJja2xleSU0MGNsZWFyd2F0ZXJwYXBlci5jb20mY2xpZW50LXJlcXVlc3QtaWQ9M2IxNjAzYmMtY2UwNC1kYTY2LTAyNTEtM2VmZTFlMzEwY2IxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjM4MTM0OTcwNTg2NC5jZDVjOTk5MS1jNGFiLTQxYTctOTZlYi1mNWM4MzAwN2MyN2Mmc3RhdGU9RGN0QkRzSWdFRUJSMExPNGhJSXdCUmJHbzVoaEhMVXBMUTFwMHZUMnN2aHY5NlVRNHRxNzlLVHBpREM2Q05DeHpxZGdJSTVlMHhzb3BXUVZlY3pLV3d3cWpaelZCeWc2WXdMZEE4bi13bEFQSEo2bGZxZjE5WnZXX1pHWjVsTm5iRFFYUG1fZVVHRnNCLTdjTnR5NGFhckxIdw==&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: lkallinskyaskergoworks.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=lmRHP46JrDqA; qPdM.sig=7II43PFenfjzhRec-70cFYvrBg4; ClientId=45580A3B42FE43429C6F8707EF6E1B6A; OIDC=1; OpenIdConnect.nonce.v3.geyTdRK5i8OP4nPYzWKfjua6_iwkdrDueAJwTNrb2ZA=638556381349705864.cd5c9991-c4ab-41a7-96eb-f5c83007c27c; X-OWA-RedirectHistory=ArLym14BiHhoR6Wb3Ag; esctx-hZpAMLk4arg=AQABCQEAAAApTwJmzXqdR4BN2miheQMYMhScmu3QI5bNa3eChlZlwf2R8-Ei_Bpig_wzVEaZWQWUEDOGMpXb6Gs4wvTz5ZESTknLRuflFA1zyMjIozCoQ0jcEQW7ejdjrK63BLj3KtqnmcM0nMe_3kDa45JT37gvKZPbxeupMMQ8k-KthFdqkiAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=0.AXgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMY96i34TeI8uI--ocghWhaaLsQFL3hXxiRuJKfq-iejcbHUzZk017Fqbz8432VSX7sALYg7pvhzBqpQN2tHIFsx9S9wTj5iW5GOwfwnfoovOEgAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYIXeWUYYR5ya4jgPwxATTm5LxsAHtxc25K5yvLDnt02SpKEtj9dqk4BNW3hP6ybUMbU5cuIxpJQC0BrObgl7heKc1vapO-8Fq34ZwxOv0kyQ4c8oDWmLyXa0JZbhwLKhzQRGuD8GcmeZKoRRxvp_WVViO0B0YwgvfnAiLTfaw_5sgAA; esctx-QiX4yDtd4=AQABCQEAAAApTwJmzXqdR4BN2miheQMYGTDTIcoUoFDaWh3V3IT38mtmRroOj94oCnENMx_QR3WnH-Rw-ssgk01xaeeT70pebnNBCpFaCxoQO0zbk103rCutLEUX97F3zNu3S0Zq9Xam_V76YUDDpY0D9hrfG7KdX-_CzBua4WnaxILoV21iDiAA; fpc=ApCRDscTPfpFmg7oKc7v_-2erOTJAQAAAHi2F94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-e46et3mviuj5hnab0uyh3msgiqsksgiurb-rx0lfuwi/logintenantbranding/0/bannerlogo?ts=636530090129429631 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lkallinskyaskergoworks.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-e46et3mviuj5hnab0uyh3msgiqsksgiurb-rx0lfuwi/logintenantbranding/0/bannerlogo?ts=636530090129429631 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /winner/77663//YmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ== HTTP/1.1Host: primmacy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: primmacy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://primmacy.com/winner/77663//YmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: 4smgswwi.r.us-west-2.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: m.exactag.com
Source: global traffic	DNS traffic detected: DNS query: primmacy.com
Source: global traffic	DNS traffic detected: DNS query: scottgteamallegmach.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: lkallinskyaskergoworks.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global traffic	DNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1299850252:1720038271:FLQXB6TfjKKWTemLrqFLkm7QM7NIQIUzaojfQkTVozk/89d9e39b4c6a439c/dddee621c398e80 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2881sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: dddee621c398e80sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/zfx5f/0x4AAAAAAAc9T98XMh-R8FRu/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 21:15:11 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: ZPr/TshPJADLy9g93LrqwQ==$M9FYcKTh6RPXiBMHvtBDWQ==Server: cloudflareCF-RAY: 89d9e3b4387b42c9-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 21:15:14 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: ah2OUs8ouMXf+w5gWX8poA==$nCvL1WNJQgD7MPLzddE6ug==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89d9e3c86eb53342-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 21:15:32 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: ahy1XH12lymIt9OQj1xV9w==$fvhOnJPSOaBXeg/3L3raAw==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89d9e4390aee4372-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: aec811d1-8a20-496f-a49a-2c20f104d900x-ms-ests-server: 2.1.18399.9 - EUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Wed, 03 Jul 2024 21:15:37 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 21:15:03 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

URLs found in memory or binary data

Source: chromecache_84.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_111.2.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_125.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_125.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_125.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_110.2.dr	String found in binary or memory: https://account.live.com/resetpassword.aspx
Source: chromecache_108.2.dr, chromecache_84.2.dr, chromecache_142.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_125.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_120.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_120.2.dr	String found in binary or memory: https://login.windows-ppe.net

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49745 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal76.phis.win@23/119@38/14

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2564,i,477667822564562811,16000836356616911954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2564,i,477667822564562811,16000836356616911954,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382"			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected